Summary
Overview
Work History
Education
Skills
Additional Information - Security Clearances
References
Timeline
Generic

WILL WEGENER

Fremont,CA

Summary

Dynamic Principal Linux Systems & Security Engineer with a proven track record at Alphatek Inc., excelling in risk assessments and security protocol development. Expert in AWS services and passionate about cross-team collaboration, achieving over $320K in annual cost savings while enhancing organizational security and compliance with industry standards.

Overview

22
22
years of professional experience

Work History

Principal Linux Systems & Security Engineer

Alphatek inc
Newark, California
01.2024 - Current
  • Conducted risk assessments to identify infrastructure vulnerabilities.
  • Implemented firewalls and intrusion detection systems to enhance security.
  • Developed security protocols to protect sensitive data and systems.
  • Provided training sessions for staff on security best practices.
  • Evaluated new security technologies to improve organizational safety.
  • Designed automated deployment pipelines using Jenkins and Docker.
  • Implemented monitoring solutions with Prometheus and Grafana for system health.
  • Collaborated with IT teams to ensure compliance with security policies.

Development Operations Security Engineer II

Lark Technologies
09.2020 - 02.2024
  • Application Monitoring: Implemented AWS OpenTelemetry for application monitoring across Kubernetes clusters (KOPS/Rancher and EKS) using Helm charts and AWS CDK (TypeScript). Contributed to refactoring the codebase to Reactjs, aligning with customer roadmaps.
  • Logging Solutions: Led migration from self-hosted Graylog to Managed Elasticsearch on AWS and Datadog, optimizing log management.
  • Security & Vulnerability Management: Deployed and managed security scanning tools (Qualys, OpenVAS, NMAP, Prowler). To enhance security posture, evaluated security solutions, including Rapid7, Alert Logic, Aqua Security, Tenable Nessus, and Burp Suite.
  • SIEM Implementation: Implemented Wazuh with Security Onion on AWS EKS to advance SIEM capabilities and strengthen intrusion detection and response strategies.
  • Network Security: Designed and executed a robust firewall architecture using AWS WAF, Shield, CloudFront, GuardDuty, Inspector, and custom ingress gateway solutions deployed via Terraform and Ansible.
  • Access Management: Deployed AWS SSO with Cognito, integrating with Google Workspace Directory services via LDAP for streamlined access management.
  • Email Security: Directed a company-wide email security overhaul, implementing SPF, DMARC, and DKIM standards.
  • Data Processing & Warehousing: Managed migration of critical data processing services to AWS EKS and transitioned data warehousing from Snowflake to Databricks, achieving enhanced scalability and cost efficiency.
  • Internal Access Security: Evaluated and deployed edge certificate authentication solutions (Pritunl-Zero, Cloudflare ZTNA, Teleport, JumpCloud ZTNA, OpenZiti). Transitioned to NetBird mesh overlay VPN for secure and efficient mesh endpoints without exposing internal networks.
  • Version Control & Repositories: Migrated code repositories to GitHub.com and established a synchronized backup on a self-hosted GitLab instance, ensuring continuity and support for development operations.
  • Project Management: Temporarily assumed the role of Technical Project Manager, leading sprint planning to establish achievable project goals and timelines, maintaining project alignment and team productivity.
  • Cost Optimization: Achieved over $320K in annual AWS cost savings through strategic use of nOps.io on-demand pricing. Managed AWS Organization and billing across 12 AWS accounts.
  • Cloud Infrastructure Ownership: Assumed full ownership of the AWS account, leading a strategic redesign of the cloud infrastructure to optimize performance, security, and cost-efficiency.
  • Compliance & Security: Ensured compliance with SOC2, HIPAA, PCI/DSS, GDPR, High Trust, NIST, and DISA standards using tools like Drata, Vanta, nOps, Qualys, AWS, Expel vSOC, Kandji, Jamf, and JumpCloud.

Senior Site Reliability Engineer

Avast Software s.r.o.
04.2019 - 09.2020
  • Disaster Recovery Planning: Collaboratively engineered a multi-part disaster recovery plan for global Carrier Operations, facilitating seamless migrations between data centers using OpenStack.
  • Monitoring & Accountability: Led projects enhancing monitoring and user accountability across environments using Wazuh for OSSEC, SIEM, vulnerability detection, and security analytics.
  • Access Controls: Implemented stringent access controls, limiting operational access to US-based personnel to comply with security requirements.
  • Network Security Enhancements: Deployed HIDS/IDS/IPS solutions to fortify internal and external network security, exploring machine learning integration for improved vulnerability detection.
  • IAM Policies: Oversaw AWS IAM policies, implementing federated access controls and conducting thorough security reviews.
  • Kubernetes Security: Developed and implemented a secure imaging system for Kubernetes host nodes.
  • Hadoop Cluster Support: Provided critical support for the Machine Learning group's self-hosted Hadoop Cluster in Avasts Data Center.
  • Compliance Advocacy: Acted as a key compliance advocate, ensuring all infrastructure and data handling practices adhered to contractual obligations and industry standards.

Director of DevOps & Security

hiQ Labs, Inc.
09.2015 - 08.2018
  • Security Implementation: Spearheaded the implementation of DISA STIGs across the development environment, establishing a robust security foundation for ISO 27001 certification.
  • Technology Roadmap: Participated in strategic planning and budgeting, developing a long-term technology and security roadmap aligned with corporate goals.
  • Infrastructure Deployment: Deployed JumpCloud for Mac and Windows users, WPA2 Enterprise wireless, VoIP, and site-to-site VPN to AWS VPC.
  • Development Environment Revamp: Created a self-service portal for Docker instance management using Rancher. Revamped build and deployment processes using Docker provisioning. Converted Jenkins batch processing to ZooKeeper Kafka continuous ingestion for the Data Science department's machine learning pipeline.
  • Office & HR Collaboration: Contributed to HR by overseeing office location strategies and ensuring optimal working environments. Part of a two person fire team that had to write a new handbook for the company.
  • Endpoint Protection: Implemented comprehensive endpoint protection across the organization.
  • Cloud Migration: Orchestrated migration of all production and development environments into an AWS VPC, securing all environments in a public/private setup using Barracuda NGFW, including VPN access rollout for a distributed workforce.
  • Big Data & Machine Learning: Built a proof-of-concept Databricks Spark environment for advanced machine learning and data analysis.
  • Mentorship & Innovation: Mentored a DevOps intern in building a custom firewall solution using pfSense, combining multiple(4x) internet connections into a single high-capacity network.
  • AWS Account Management: Assumed complete ownership of the AWS account, directing a strategic cloud infrastructure redesign.
  • Security Monitoring: Transitioned from OSSEC to Wazuh for HIDS, paired with AlienVault SIEM for robust security monitoring and incident response.

Senior DevOps System Administrator

GuideWire Inc.
01.2014 - 09.2015
  • CI/CD Integration: Spearheaded integration of TeamCity CI/CD pipeline on OpenStack, using Puppet for automated provisioning of Linux/Windows VMs and Docker containers.
  • Backup Solutions: Developed a horizontally scalable backup solution for the development environment.
  • Virtualization & Migration: Led migration from Citrix Xen to VMware vSphere and implemented OpenStack on VMware and bare metal, facilitating self-service VM provisioning for global development teams.
  • Infrastructure Redesign: Oversaw redesign and expansion of virtual infrastructure across three global locations.
  • Database Environment: Orchestrated implementation and integration on Bear Metal a new Oracle RAC environment for continuous integration.
  • Technology Evaluation: Conducted an extensive evaluation of OpenStack distributions and CI technologies, leading to the adoption of Mirantis OpenStack and TeamCity.
  • PXE Environment Enhancement: Initiated and led a project to evaluate Puppet and SaltStack for enhancing the PXE environment while taking ownership of the current CI/CD PXE environment.
  • Strategic Planning: Contributed to strategic planning for the development of the cloud's future, advocating for the deployment of CloudFoundry atop Mirantis OpenStack.

Lead Unix Admin | Tasking Manager, System Architecture Integration Engineer (DevOps)

General Dynamics AIS
10.2011 - 12.2013
  • On-site Consultations: Led on-site consultations at multiple Department of Defense locations, focusing on product integration and delivery.
  • Hardware & Network Integration: Managed procurement and assembly of critical network and server hardware, including Cisco Nexus switches and custom FPGA chassis.
  • Identity Management: Implemented cross-agency LDAP identity management system utilizing SSL and PKI infrastructure.
  • SCIF Security Compliance: Provided technical support and documentation for SCIF security, ensuring DoD regulation compliance.
  • Lab Management: Managed a dynamic network lab environment with Unix/Linux and Sun workstations/servers, Cisco routers/switches, Oracle databases, and EMC SAN/NAS storage.
  • Support & V&V Processes: Provided on-call support for software development, integration, and verification and validation (V&V) processes.
  • Security Implementations: Deployed McAfee ePolicy Orchestrator and enforced security measures using DISA STIGs.
  • Backup Solutions: Developed a custom Virtual Tape Loader (VTL) solution with Symantec engineers.
  • Prototyping: Designed and built a prototyping demonstration laptop using VMware, leading to the development of the microMOC Demo system and the creation of an entire Unclassified lab setup for Engineering.
  • Subsystem Integration: Supervised integration of various subsystems and hardware platforms at multiple development and customer sites.
  • System Architecture Redesign: Led strategic redesign of system architecture for a scaled-down production system at a customer testing site.

Senior Unix System Administrator (DevOps)

BAE Systems
05.2011 - 08.2011
  • FISMA Compliance: Participated in Federal Information Security Management Act (FISMA) compliance audit as part of the InfoSec team.
  • Environment Management: Managed a mixed development environment (Unix/Linux, SGI IRIX) supporting engineering efforts.
  • Virtualization: Set up and maintained virtual environments, including VMware, Xen, and RedHat KVM.
  • Backup Maintenance: Maintained cross-platform backup solutions.
  • System Support: Provided daily support to Unix/Linux and SGI IRIX systems, including initial builds, configurations, and documentation.
  • Security & Patching: Tested and applied patches, firmware upgrades, and OS updates. Ran security scripts and addressed hardening issues.
  • Collaboration: Worked closely with vendors, staff, and customers to resolve issues.

Senior Security IT Engineer (DevOps)

Qualcomm QGOV
11.2008 - 05.2011
  • Development Environment Rollout: Led rollout of QGOV's first mixed development environment on Windows and Linux with cross-authentication for embedded hardware development using Active Directory paired with Centrify for cross platform authentication.
  • Lab Deployment: Engineered and deployed multiple Linux labs for embedded development, utilizing RHEL/Ubuntu and ClearCase Vob/View servers and Git repos.
  • Backup Solutions: Developed and maintained network backup solutions for multiple labs.
  • Android Development Environment: Created the department's first Android development environment and Git repository. On a two-member fire team, we ported Android onto the company's test environment and installed it onto specialized prototyping FFA phones.
  • Hardware/Software Upgrades: Designed and executed hardware/software upgrades for a specialized Linux/Windows development lab, incorporating ESX servers.
  • Security Compliance: Ensured security audits and certifications for classified labs were consistently up to date.
  • Project Development: Contributed to project development, coding in C, C++, Assembly, and Python for firmware development and embedded Linux devices.

Information Systems Technician Second Class Petty Officer

United States Navy
07.2003 - 07.2007
  • Network Management: Oversaw operation and maintenance of computer workstations and the ship's network aboard USS NASSAU (LHA 4).
  • Communications: Managed communications over radio and satellite microwave transmissions.
  • Equipment Responsibility: Assumed comprehensive responsibility for all equipment related to communications and data management.
  • Cross-Functional Training: Engaged in training for ballast tank operations, damage control systems, fire control, and machine shop maintenance.
  • Emergency Repairs: Conducted emergency repairs on various shipboard equipment.
  • Roles Included: Computer Network Defense - Intrusion Detection System Administrator, Command Network Security Officer, Global Command Control System - Maritime (GCCS-M) System Administrator (HP-UX / Solaris), Theater Battle Management Core System (TBMCS) System Administrator (HP-UX), Command Webmaster (internal and external websites), Watch Floor Supervisor for ADP helpdesk, Windows Server 2000/2003 Domain Administrator, Microsoft SharePoint System Administrator, Navy Cash System Installation and Administration.

Education

Radioman A School - Expeditionary Signal Warfare & Information Se

United States Navy
Great Lakes, IL
07.2007

Skills

  • AWS services: RDS, EC2, S3, EKS
  • Identity and access management
  • Container orchestration: Kubernetes, Docker
  • Infrastructure as code: Terraform, CloudFormation
  • Continuous integration and delivery: Jenkins, GitLab, TeamCity
  • Scripting languages: Python, Shell scripting, TypeScript
  • Security frameworks: ISO 27001, SOC2, HIPAA
  • Database management: MySQL, PostgreSQL, Oracle RAC
  • Monitoring tools: OpenTelemetry, Wazuh, Qualys
  • Network security: VPN, IDS/IPS
  • Virtualization technologies: VMware vSphere, OpenStack
  • Vulnerability management and assessment
  • SIEM integration and security information management
  • Cloud security and compliance advocacy
  • Infrastructure design and performance optimization
  • Project management and cross-team collaboration
  • Cost reduction strategies and risk evaluation

Additional Information - Security Clearances

Held Department of Defense (DoD) Security Clearance during tenure at respective positions.

References

References available upon request.

Timeline

Principal Linux Systems & Security Engineer

Alphatek inc
01.2024 - Current

Development Operations Security Engineer II

Lark Technologies
09.2020 - 02.2024

Senior Site Reliability Engineer

Avast Software s.r.o.
04.2019 - 09.2020

Director of DevOps & Security

hiQ Labs, Inc.
09.2015 - 08.2018

Senior DevOps System Administrator

GuideWire Inc.
01.2014 - 09.2015

Lead Unix Admin | Tasking Manager, System Architecture Integration Engineer (DevOps)

General Dynamics AIS
10.2011 - 12.2013

Senior Unix System Administrator (DevOps)

BAE Systems
05.2011 - 08.2011

Senior Security IT Engineer (DevOps)

Qualcomm QGOV
11.2008 - 05.2011

Information Systems Technician Second Class Petty Officer

United States Navy
07.2003 - 07.2007

Radioman A School - Expeditionary Signal Warfare & Information Se

United States Navy

Similar Profiles

CREATE PROFILE
WILL WEGENER