Demonstrated strong analytical skills and ability to solve complex problems. Engaged in research and development on diverse topics.
Proficient in security strategies, methodologies, and technologies, including secure global network design, cloud and on-premises server infrastructure, remote computing, desktop and server protection, vulnerability and penetration testing, and security monitoring.
Skilled in managing and coordinating projects and operations as a team leader, with the ability to work independently and collaboratively. Effectively managed tasks, time, and resources to achieve project goals.
Adapted quickly to new systems and tools, handled unscheduled high-priority tasks under pressure, and acknowledged and learned from mistakes for continuous improvement.
Hands-On Experience: Experienced in Cloud, Virtualization, and both Linux and Windows environments, including Windows Servers, Ubuntu, CentOS, Rocky Linux, RHEL (3/4/5/6/7/8/9), Amazon Linux, KVM, OpenStack, VMware, Azure, AWS, Docker, Office 365, and Google Workspace. Guided teams in managing and optimizing these technologies for operational excellence.
Process Improvement: Proactively enhanced methods, tools, and techniques to establish best practices, improve process efficiencies, and surpass service level agreements (SLAs).
Strategic Design and Architecture: Provided strategic design and architectural mentorship, including assessments, performance improvements, and proof-of-concepts (POCs). Offered comprehensive support throughout the network and application lifecycle and consulting engagement process, collaborating with cross-functional teams to deliver effective solutions.
Cloud Platform Management: Managed major cloud platforms (AWS, Azure, GCP, OCP, Digital Ocean), ensuring consistency and performance across platforms. Led the design, planning, and implementation of robust architectures for both on-premises and cloud environments, with a strong focus on AWS. Oversaw an integrated AWS environment, including AWS Organizations, IAM, Identity Center, VPC, CI/CD services, CloudFront, EC2, Lambda, S3, VPN, Route 53, EKS, Elastic Beanstalk, RDS, DMS, CloudWatch, CloudTrail, and Lightsail.
Project Management and Collaboration: Utilized Agile methodologies and Asana for managing technical projects, ensuring effective task management and team collaboration. Managed Jira tickets for operations, coordinating weekly and monthly releases for timely delivery and continuous improvement.
DevOps and Automation: Spearheaded the installation and maintenance of DevOps tools, automating deployments across QA, UAT, and production environments. Managed servers in Gibraltar, the United Kingdom, India, and the AWS cloud.
Virtual Traffic Management: Implemented, configured, and maintained virtual traffic management solutions, including Pulse Secure, pfSense, and AWS Load Balancers, to enhance network performance and reliability.
Process and Quality Improvement: Drove process and quality improvements through task automation using Bash, AWS CLI, Chef, Ansible, and Terraform. Demonstrated strong knowledge of web services, application integration, logging, and monitoring tools, supporting the operational excellence, reliability, and performance efficiency pillars of the AWS Well-Architected Framework.
Security Initiatives: Led security initiatives by tracking vulnerabilities, performing penetration testing, acting as a whistleblower, creating security reports, and ensuring compliance with security advisories. Maintained system updates to protect against vulnerabilities, adopting a proactive approach to risk management.
Compliance and Business Continuity: Provided technical support for ISO audits to ensure compliance with industry standards and best practices. Planned and implemented Business Continuity Planning (BCP) strategies to ensure operational resilience and minimize downtime.
Website Management: Oversaw and maintained websites hosted on Azure, Digital Ocean, AWS, GoDaddy, and SiteGround, ensuring a secure and reliable web presence. Implemented and managed SSL certificates to uphold the highest standards of security and performance.
Highlighted Projects
B2B Elite2 OpenStack Infrastructure Setup - Installed, configured, and maintained the new B2B Elite2 environment on OpenStack. This included setting up the virtual network and infrastructure, and integrating key components such as pfSense Firewall, HAProxy Load Balancer, and a comprehensive monitoring system. Configured essential management systems including DNS, NTP, backup solutions, and Graylog with OpenSearch for centralized logging and analysis. Also set up and configured the OpenStack CLI for effective command-line management of the OpenStack environment.
B2C PAM Platform Migration - Migrated the PAM environment from Sapphire Colocation Servers to the OpenStack Cloud environment, specifically using OpenStack Yoga 22.0. This involved installing, configuring, and maintaining the B2C environment, including migrating the Percona XtraDB Cluster, implementing log and backup management, and setting up management servers. Transitioned the Virtual Traffic Manager from Plusesecure to pfSense and HAProxy, established CI/CD pipelines, and deployed a comprehensive monitoring system. Utilized a Big-Bang/Cut-Over Deployment strategy for the player database sync, ensuring minimal downtime during the migration day.
AWS Cost Optimization (ACO) - Implemented AWS Cost Optimization strategies by collaborating with cross-functional teams to establish proper tagging for B2B and B2C cost separation. Configured a Grafana dashboard to monitor cost usage across multiple AWS accounts, optimized S3 storage classes, and utilized Cost Explorer for detailed bucket cost analysis. Automated the shutdown of on-demand instances when not in use, resulting in approximately 40% monthly cost savings through the adoption of Reserved Instances (Standard & Convertible Classes). Utilized AWS Trusted Advisor, AWS Cost Explorer, AWS Budgets (to prevent unexpected cost overruns), AWS Compute Optimizer, and AWS Resource Groups & Tagging for comprehensive cost management.
IaC Automation : Developed and implemented Infrastructure as Code (IaC) automation using Terraform for managing AWS resources. Designed and maintained Terraform configurations to provision and manage various AWS infrastructure components, including VPCs, EC2 instances, RDS databases, and IAM roles. Utilized Terraform modules and state management to ensure scalable and efficient infrastructure deployment, enhancing consistency and reliability across environments.
Comprehensive Security Management and Vulnerability Assessment - Led the implementation of a comprehensive security management and vulnerability assessment for AWS-hosted applications. Initially, AWS Systems Manager was employed to efficiently manage and configure AWS EC2 nodes and on-premise hosts. AWS Inspector was utilized for automated security assessments, while AWS GuardDuty was deployed for real-time threat detection. The project later transitioned to Tenable Nessus for in-depth vulnerability assessments, where several vulnerabilities were remediated or mitigated, significantly enhancing the overall security posture. Additionally, front-end websites underwent internal penetration testing and annual external assessments by Bulletproof, UK, ensuring ongoing GDPR compliance and meeting regulatory requirements.
Configuration Management & Automation - Initially managed configuration with Chef and transitioned to Ansible 2.x in 2022. Designed and implemented a modular Ansible automation framework for managing configurations across DEV, QA, UAT, and PROD environments. Developed centralized roles tailored to business platforms, with environment-specific tasks controlled by Ansible defaults and customized facts. Coordinated node groups using resource files and employed symbolic links for global variables, templates, handlers, and files to ensure consistency. Utilized Ansible Vault for secure credential management, enhancing maintainability. Managed code through AWS CodeCommit with AWS SSO credentials.
CIS Benchmark-Based OS Hardening - Initially installed all servers for business (B2B & B2C) operations using CentOS 7/8/9 and configured a Spacewalk server for comprehensive package and vulnerability management. After the CentOS Project distribution was discontinued, migrated to Amazon Linux 2 and Rocky Linux. Developed an Ansible role for system hardening based on the Center for Internet Security (CIS) Benchmarks. This role was designed to secure systems by disabling unnecessary services, enforcing strong authentication measures, applying appropriate file permissions, and configuring secure network settings, ensuring compliance with regulatory requirements and reducing the attack surface.
24/7 On-Call Support Infrastructure Setup - Designed and implemented a comprehensive monitoring and incident management infrastructure for round-the-clock production support. Established a robust system using Nagios, Pingdom (later replaced by Site24X7), PagerDuty (later replaced by Opsgenie), and Grafana Dashboards. Integrated CallHippo for virtual phone system capabilities. Formed and managed a dedicated 24/7 on-call team of four members, coordinating shifts and incident management with Opsgenie to ensure continuous and effective production support.
Grafana Dashboard & KPI Metrics - Developed a Grafana dashboard integrated with Nagios and PNP4Nagios for monitoring system and business KPI metrics. Created separate dashboards for B2C and B2B platforms, with data segmented by datacenter for improved visibility and performance tracking.
Client Portal Setup - Installed and configured AWS Elastic Beanstalk for the client portal application, a reporting tool for partners to analyze casino performance and user data. Coordinated with the development team to integrate Vue for the frontend and Node for the backend. Managed the deployment environment, including setting up EC2 Auto Scaling and AWS Cognito for user authentication. Configured Strapi as a headless CMS with flexible APIs for content management and delivery. The Power BI integration for embedded reporting was handled by the data team. Coordinated with the data team to support the setup of a data lake for staging, with data saved from backend systems (Evolve, Elite). Configured a secure tunnel to connect to the Data Warehouse (AWS Replica for B2B and MySQL slave for B2C). Assisted with AWS-related issues for querying the data lake using Athena and monitoring jobs through Glue.
Transition to Secure Centralized Password Management (CPS) - Configured and maintained a SaaS-based LastPass solution for centralized password management across the company. Following LastPass's significant security breaches in 2022, I spearheaded the migration to an internal password management system with Passbolt. Implemented Passbolt with enhanced security measures, including multi-factor authentication (MFA), to ensure centralized password management, secure credential sharing, and improved team collaboration.
B2B Database Migration to AWS RDS - Developed a proof of concept (POC) for migrating the on-premises MySQL 5.x database to AWS RDS, initially setting up a master and read-replica configuration with minimal downtime. Later managed the upgrade to MySQL 8.x, ensuring continued minimal downtime. Focused on configuring the RDS environment, ensuring secure data transfer, and optimizing performance. Utilized AWS Database Migration Service (DMS) for a seamless transition and collaborated with the database team for successful data export and import. Managed the decommissioning of the legacy on-premises database post-migration and created a Grafana dashboard for real-time monitoring of AWS RDS to proactively track and address issues.
B2B Elite AWS Cloud Infrastructure Setup - Configured a comprehensive AWS virtual private cloud (VPC) environment for the B2B Elite platform, ensuring high availability and reliability. This setup included the implementation of both private and public subnets, Network Access Control Lists (NACLs), Security Groups, NAT Gateway, Peering Connections, Site-to-Site VPN, and Client VPN. Additionally, configured EC2 instances, Elastic Load Balancers (ELBs), and Amazon RDS. The infrastructure was designed to align with AWS Well-Architected Framework pillars, focusing on operational excellence, security, reliability, performance efficiency, and cost optimization.
Tech 24x7 Monitoring Platform - Formed and led a dedicated 24x7 tech monitoring team, overseeing the recruitment and selection process. Designed and implemented a comprehensive 24x7 monitoring platform, integrating tools such as Nagios, Site24x7, Grafana, Opsgenie, and CallHippo. Led and trained the team, establishing a rotating on-call schedule using Opsgenie for incident management and ensuring continuous system monitoring and rapid issue resolution
Global SSL Management - Implemented a SSL Management Server with ACME Client to interact with Let's Encrypt ACME server which uses the ACME protocol to automate the issuance and management of SSL/TLS certificates. Maintaining a SAN certificate for multiple B2C partners domains and subdomains with a single certificate for the Platform & Region (UK/INTL) and configured the CloudFront distribution with Alternate domain names and Lambda functions.
Comprehensive Web and Infrastructure Monitoring Solution - Implemented Pingdom for website synthetic and real-user monitoring, including uptime tracking, page speed analysis, transaction monitoring, and Real User Monitoring (RUM). Replaced Pingdom with Site24x7 in 2021 to provide a comprehensive monitoring solution encompassing website, server, network, application, and cloud infrastructure. Integrated Site24x7 with Opsgenie for enhanced mobile call incident reporting and management.
Incident Management System Enhancement - Initially implemented an incident management and alerting platform with PagerDuty, followed by a transition to Opsgenie in 2016. This system was developed to help IT teams manage and respond to critical incidents efficiently, encompassing Incident Management, Alerting and Notifications, On-Call Management, Escalation Policies, and Reporting and Analytics for 24x7 on-call
Chef Configuration Management - Initiated and set up a Community Chef Server to streamline configuration management across various platforms and environments. This implementation standardizes and automates the deployment and management of configurations, enhancing efficiency and consistency.
B2C Frontend Migration to Cloud - Migrated the B2C frontend from a native Node.js server to a cloud-based architecture using AWS Lambda, S3, and CloudFront. This transition enabled automatic scaling, improved performance, and reduced operational costs through serverless computing. Implemented CI/CD pipelines for seamless deployments and enhanced security with IAM and WAF. Leveraged CloudFront for global content delivery, resulting in faster load times and better user experience. Additionally, integrated monitoring, logging, and disaster recovery solutions to ensure reliability and compliance.
Splunk to In-House ELK Stack - Successfully migrated log management and real-time monitoring from Splunk to the ELK Stack (Elasticsearch, Logstash, Kibana). This migration covered comprehensive log management, real-time monitoring, and enhanced search and analysis capabilities. Implemented robust alerting and reporting features for improved operational insights.
Continent8 VMware vCloud Implementation - Installed, configured, and maintained a VMware vCloud environment for B2B API applications and gaming platforms in the Taipei region. This project involved setting up a robust and scalable infrastructure to support high-performance applications and ensure reliable service delivery for the B2B Asia API and Gaming Platform
Baccarat Casino Game Development - Installed & Configured a gaming platform for Baccarat casino games using a technology stack that includes Node.js, MongoDB, Lerna, Yarn, Redis, Git, TypeScript, and ts-node. This project involved building a scalable and efficient backend system, integrating game logic with a responsive interface, and managing dependencies and versions for optimal performance.
B2C Player KYC Compliance Implementation - Implemented a secure KYC validation system for whitelabel sites catering to players in the gaming industry. The project involved setting up and configuring CI/CD with Node.js, Nginx, Secure SFTP, and Secure S3 Buckets, all integrated with the backend application. This system ensures that personal and financial information collected during the KYC process is securely stored and handled in compliance with data protection regulations (GDPR - Europe). The solution supports regulatory adherence, fraud prevention, and reinforces the security and integrity of the gaming platform.
Gaming Server 7 (GS7) Platform Setup - Installed and configured the new GS7 gaming platform environment, including an in-house games system. Set up and integrated a developer-customized Java application Hermes & Governance (back-office application). Managed the deployment and configuration of MongoDB, CI/CD pipelines, and load balancers to ensure efficient operations and scalability.
B2C Database Cluster Implementation and Monitoring - Installed, configured, and maintained a Percona XtraDB Cluster environment, starting with version 5.x and later migrating to 8.x. The setup included a 3-node cluster with 2 read replicas, optimized for high availability and scalability. Managed this environment for the PAM B2C platform, ensuring continuous operation and data consistency. Implemented comprehensive monitoring setup to track and address issues proactively.
Database Master/Slave Setup and Monitoring for B2B - Installed, configured, and maintained separate MySQL Master/Slave replication environments for the B2B Europe and Asia platforms, initially starting with version 5.x and later migrating to 8.x. This setup ensured data redundancy, high availability, and read scalability. Managed the performance and data consistency of the environments and implemented a comprehensive monitoring setup to proactively track and address issues.
B2C Database Cluster Implementation and Monitoring - Installed, configured, and maintained a Percona XtraDB Cluster environment, starting with version 5.x and later migrating to 8.x. The setup included a 3-node cluster with 2 read replicas, optimized for high availability and scalability. Managed this environment for the PAM B2C platform, ensuring continuous operation and data consistency. Implemented comprehensive monitoring setup to track and address issues proactively.
CI/CD Pipeline Implementation - Implemented and configured Bamboo CI/CD pipelines, overseeing more than 100 build jobs for backend applications using Maven and Grails across development for Dev, QA, UAT, and Production environments. Migrated frontend Lobby jobs from Jenkins to Bamboo, using node, and Yarn to create a cohesive and efficient CI/CD process. Currently maintaining these pipelines, applying Gitflow and Release Branching strategies to optimize code management and deployment workflows, thereby enhancing the efficiency and reliability of both backend and frontend software delivery.
B2C PAM On-premises (PROD) Datacenter Setup - Designed & Installed the Linux KVM environment with Dell NSA 6600 firewall, Virtual Traffic Manager - Riverbed/Brocade/Plusesecure, Dell L2 Switches, Dell power Edge 610 Servers for the java-based application & NodeJS web frontend, later migrated to Dell power Edge 820 Servers
User Acceptance Testing (UAT) Migration to Cloud - Initially, the UAT environment was installed in the 4DB Datacenter in London, featuring a robust setup with Dell Sonicwall NSA 6500 Firewalls, Cisco Switches, Dell SAN MD 3200 Storage, Dell PowerEdge 815 Servers, Plusesecure Load Balancer and later to AWS loadbalancer. This on-premises infrastructure supported critical testing and validation activities. Later, the entire UAT environment was successfully migrated to the AWS Cloud, leveraging services like EC2, RDS, S3, Lambda, and CloudFront, enhancing scalability, flexibility, and cost-efficiency.
Quality Assurance Datacenter Setup - Designed and implemented a QA Datacenter, setting up a VMware environment for QA and development servers. Installed VMware ESXi on Dell PowerEdge 620 & 820 servers, deploying CentOS and Ubuntu for various testing environments. Configured network infrastructure with Dell NSA 6600 firewall, Virtual Traffic Manager (Riverbed/Brocade/PulseSecure), and Dell L2 switches. Integrated Bamboo CI/CD for seamless deployment and testing of Java-based applications and Node.js web frontend, ensuring a robust and scalable QA environment.