Project 12 – Agriculture Canada – Cloud Centre of Expertise

Agriculture Canada

Cloud Centre of Expertise

Role: AWS Cloud DevOps Architect         

January 2021 – To Present

 

Project 12.1 Description – Cloud Centre of Expertise

The AAFC Cloud Centre of Expertise (CCoE) are focused on providing a secure and scalable managed public cloud environment to internal business users.  The AWS Cloud environment is implemented using standard AWS Landing Zone foundations with layers of Infrastructure as Code governance resources deployed to meet both Operational and Security requirements, as well as achieve full ATO status for production workloads.

 

Tasks Performed:

  • Needs analysis, define requirements, and strategize architecture with AWS team
  • Architectural design and Proof of Concept (PoC) implementation for design review sessions
  • Infrastructure as Code (IaC) Coding
    • AWS CLI, AWS SDK/API
    • AWS CloudFormation
    • Terraform
  • CI/CD CodePipeline, Azure DevOps Repos, Azure Pipelines/AWS CodeBuild, CodeDeploy
  • Implementation of IT Security Program to meet ITSG-22, ITSG-33 and ITSG-38 and TBS driven cloud guardrails and achieve iATO
  • Secure, implement and support SSO Federation to Azure Active Directory
  • Develop and implement Access Control Program and Posture to manage integration of AWS Cloud Identity components, with validated and acceptable RBAC permission scopes based on Actors, Users and System Role requirements
  • Facilitated requirements gathering with technical team, architecture team, and security team to ensure all process and components are clearly captured and defined. Documentation of outcomes and design are shared with leadership and management.
  • Client Deployment of AWS Native resources to provide governance and generate iATO evidence packages
  • Source Code Management within Azure DevOps Repos
  • DevOps integration with DevOps tooling, methodology, and processes
  • Documentation, Knowledge transfer and cross-training with team, new staff and onboarded clients.

 

 

Technical Environment:

  • Public Cloud: Amazon AWS Cloud, AWS VPC, AWS CloudFront, AWS CloudWatch, AWS CloudTrail, AWS IAM, AWS EC2, AWS ECS, AWS SES, AWS S3, AWS RDS, AWS CloudFormation, AWS Service Catalog, AWS Route 53, AWS Systems Manager, AWS Trusted Advisor, AWS VPN, AWS ELB (Load Balancer), AWS ALB (Load Balancer), AWS Transit Gateway, AWS Transit Peering, AWS GuardDuty, AWS WAF & Shield, AWS Inspector, AWS Certificate Manager, AWS Auto-Scaling, AWS EBS Storage, AWS Managed SSO, AWS CodeBuild, AWS CodePipeline, AWS Organizations, AWS Config, AWS Systems Manager
  • Public Cloud: Azure DevOps, Azure Active Directory
  • Applications: Microsoft Active Directory, Bash, GitLab, GitHub, CloudFormation
  • Servers: Microsoft Windows 2019, AWS Linux, RedHat Enterprise Linux

 

 

Project 11 – SSC CSD R&D

Shared Services Canada

Cloud Services Directorate, Cloud Platform Engineering

Role: AWS Cloud Infrastructure as Code DevOps Engineer & Architect

September 2019 – July 2021

 

Project 11.1 Description – Cloud Services Directorate, Cloud Platform Engineering Project

The CSD R&D Project group are focused on generating a set of deployable Infrastructure as Code (IaC) for re-use within SSC and partners.  Infrastructure as Code (IaC) supports automation of “CSD Landing Zone” integrating AWS Landing Zone customisation, SAA Security Guard Rails, and generic multi-purpose tools.

Developed and drove success and security achievements to ATO with AWS Secure Environment Accelerator.

 

Tasks Performed:

  • Needs analysis, define requirements, and strategize architecture with AWS team
  • Architectural design and Proof of Concept (PoC) implementation for design review sessions
  • Infrastructure as Code (IaC) Coding
    • AWS CLI, AWS SDK/API
    • AWS CloudFormation
    • Terraform
  • CI/CD CodePipeline, CodeCommit, CodeBuild, CodeDeploy
  • GitLab, GitHub
  • Implementation of IT Security Program to meet ITSG-22, ITSG-33 and ITSG-38 and TBS driven cloud guardrails and achieve iATO
  • Design, secure and implementation of SSO Federation with Azure Active Directory
  • Develop and implement Access Control Program and Posture to manage integration of AWS Cloud Identity components, with validated and acceptable RBAC permission scopes based on Actors, Users and System Role requirements
  • Facilitated requirements gathering with technical team, architecture team, and security team to ensure all process and components are clearly captured and defined. Documentation of outcomes and design are shared with leadership and management.
  • Client Deployment of AWS Native resources to provide governance and generate iATO evidence packages
  • Source Code Management within GitLab
  • DevOps integration with DevOps tooling, methodology, and processes
  • Documentation, Knowledge transfer and cross-training with team, new staff and onboarded clients.
  • Achieve ATO status for AWS Cloud
  • Supporting onboarding of workloads (SCED, DX, Vocalls, Email)

 

Technical Environment:

  • Public Cloud: Amazon AWS Cloud, AWS VPC, AWS CloudFront, AWS CloudWatch, AWS CloudTrail, AWS IAM, AWS EC2, AWS ECS, AWS SES, AWS S3, AWS RDS, AWS CloudFormation, AWS Service Catalog, AWS Route 53, AWS Systems Manager, AWS Trusted Advisor, AWS VPN, AWS ELB (Load Balancer), AWS ALB (Load Balancer), AWS Transit Gateway, AWS Transit Peering, AWS GuardDuty, AWS WAF & Shield, AWS Inspector, AWS Certificate Manager, AWS Auto-Scaling, AWS EBS Storage, AWS Managed SSO, AWS CodeBuild, AWS CodePipeline, AWS Organizations, AWS Config, AWS Systems Manager
  • Applications: Microsoft Active Directory, Bash, GitLab, GitHub, CloudFormation
  • Servers: Microsoft Windows 2019, AWS Linux

 

Project 10 – DND DPDCS SMMS Replacement Project

Department of National Defence

SMMS Replacement Project, DPDCS

Role: Cloud Architect – Resilient Systems

February 2019 – December 2020

 

Project 10.1 Description – SMMS Search and Rescue Replacement Project

This project will replace the current SARMASTER software and hardware while providing reliable backup Site capability. It will provide interface capability to accept “live data” and the Geographic Information System (GIS). Lastly, the software will include long term support to ensure continued SAR operational readiness.

Tasks Performed:

  • Project Management using Agile methodologies, and hybrid reporting
  • Needs analysis, define requirements, and strategize high level Cloud Architecture
  • Architectural design and PoC implementation with modernization of infrastructure
    • Docker – ECS Containers & externalisation of data strategy
    • AutoScaling – Scale of containers & scale of EC2 instances
    • Monitoring – CloudWatch and EventBridge based Event Driven Architecture and response to events
    • Application – Java, Tomcat/Apache, PostgreSQL applications
  • Security Coordination and architectural alignment to required Guidelines (ITSG-33, DND & TSB Cloud Compliance)
  • Implementation if IT Security to meet ITSG controls and achieve iATO
  • Develop and implement Access Control Program and Posture to manage integration of AWS Cloud Identity components, with validated and acceptable RBAC permission scopes based on Actors, Users and System Role requirements.
  • Facilitated requirements gathering with technical and systems team, business team and project management, external stakeholders (user base,) and security teams. Worked with CONOPS and ISS (In-Service-Support) teams to ensure all business process components are captured and clearly documented.
  • Review and realign infrastructure as required from continuous development cycles
  • Staged implementation testing of services with inline remediation
  • Internal feedback to development and operations for change coordination
  • Integration to CI/CD pipeline, automation, and management systems
    • CI/CD – Git, Jenkins, CodePipeline, CodeCommit, CodeBuild, CodeDeploy
  • Infrastructure as Code (IaC) deliverables in CloudFormation, deployed as Service Catalog Products for end user ‘self-serve’ deployment options
  • Provide final architecture and documentation
  • Pre-migratory testing and security reporting, and failure/high-availability testing
  • Migration and cut-over processes
  • Documentation, knowledge transfer and cross-training with Operations staff, Development staff, and Management

 

Technical Environment:

  • Public Cloud: Amazon AWS Cloud, AWS VPC, AWS CloudFront, AWS CloudWatch, AWS CloudTrail, AWS IAM, AWS EC2, AWS ECS, AWS ECR, AWS SES, AWS S3, AWS EFS, AWS RDS, AWS CloudFormation, AWS Service Catalog, AWS Route 53, AWS Systems Manager, AWS Trusted Advisor, AWS VPN, AWS ELB (Load Balancer), AWS ALB (Load Balancer), AWS Transit Gateway, AWS Transit Peering, AWS GuardDuty, AWS WAF & Shield, AWS Inspector, AWS Certificate Manager, AWS Auto-Scaling, AWS EBS Storage, AWS Service Discovery, AWS Transfer Service (SFTP,) AWS Parameter Store, AWS Secrets Store
  • Applications: PostgreSQL, Docker Containers, Bash, Terraform 0.12.7, Java 8.x, Tomcat 8.x, Atlassian JIRA, Atlassian Confluence, WSO2, Kafka, PHP, GIT, OpenLDAP, SOGO, ManageEngine Desktop Central, CloudFormation
  • Servers: Microsoft Windows 2016, AWS Linux, CentOS 7.x

 

Project 9 – IDS Data Systems (New Democratic Party)

IDS Data Systems

Cloud Architect

Role: Cloud Architect

November 2018 – January 2019

 

This project supplemented the organizations workforce to complete two key cloud migration projects.

 

Project 9.1 Description – Office 365 Skype Migration – New Democratic Party of Canada

The client was migrating from a traditional distributed on-premise phone system to a fully virtualized Office 365 tenanted system.

 

Tasks Performed:

  • Internal directory configuration reviews
  • Migration planning and aligning to tool requirements
    • Active Directory Design and Management
    • Active Directory Federation Services
    • Exchange Online + Litigation/Auditing Features
    • Exchange Online Security Configuration and access policies
    • Microsoft Office Software and deployment strategies
    • Microsoft Skype for Business deployment
  • Deployment of Office365 specific features to support Skype for Business
  • Manage migration settings and deprecation of Cisco CUCM
  • Implementation of IT Security and Cyber Protection to meet required Security Controls for Voice and Unified Communication Systems
  • Facilitated requirements gathering with client technical and support teams, governance and security teams, key user stakeholders, and management to capture business process components, and drive documentation and design.
  • Office 365 user configurations
  • Office 365, Skype for Business, and Microsoft Teams Security and Policy writing
  • PowerShell scripting and automation
  • Migration Review and end user documentation
  • Knowledge transfer and cross-training with internal teams and onboarded client

 

 

Technical Environment:

  • Public Cloud: Microsoft Office 365, Microsoft Skype for Business, Microsoft Office 365 Compliance, Azure PowerShell

 

Project 9.2 – Server Workload Cloud Migration – New Democratic Party of Canada

The client was migrating a bespoke server workload, comprised of local database, compute functions, and public accessibility into the public cloud from traditional on-premise VMWare 6 infrastructure.  The cloud transformation platform selected was Microsoft Azure.

 

Tasks Performed:

  • Project Management using Agile methodologies, and hybrid reporting
  • Needs analysis, define requirements, and strategize high level Cloud Architecture
  • Architectural design and PoC implementation with modernization of infrastructure
    • Azure ARM, Resource Groups
    • Virtual Machine, Scale Sets, Availability Sets, Machine Images
    • Azure VNET, Load Balancers, Network Security Groups, Application Gateway
    • Azure Storage Accounts, Blob Storage, Block Storage
    • Azure PostgreSQL Database
    • CI/CD Jenkins automation deployment
    • Java, Sprint and PostgreSQL application
    • ELK and ElasticSearch Application
    • Azure CLI, PowerShell and Terraform
  • Staged implementation testing of services with inline remediation
  • Internal feedback to development vendor and client IT operations for change coordination
  • Implementation of IT Security and Cyber Protection to meet required Security Controls for data system maintaining voting citizen information, equivalent to Protected B data.
  • PowerShell and Azure CLI based deployment automation, change management, and smoke tests
  • Provide final architecture and documentation for production “blue-green” deployment
  • Pre-migratory testing and security reporting, and failure/high-availability testing
  • Knowledge transfer and cross-training with internal teams and support vendor

 

Technical Environment:

  • Public Cloud: Microsoft Azure, Azure Resource Manager (ARM,) Azure Resource Groups, Azure Virtual Machines, Azure Virtual Machine Scale Sets, Azure Availability Sets, Azure Images, Azure Virtual Networks, Azure Load Balancers, Azure Network Security Groups, Azure Application Gateways, Azure Storage Accounts, Azure PostgreSQL Database, Cloudflare DNS, CloudFlare CDN
  • Applications: Java, Tomcat, Apache, Elasticsearch, PowerShell, Azure PowerShell, Azure CLI
  • Servers: CentOS 6/7, Windows 2012 R2, VMWare 6
  • Security: WatchGuard (next-gen firewall,) Cloudflare WAF

 

 

Project 8 – SSC CITS SMG & CTMS

Shared Services Canada

CITS – Infrastructure Security

Role: Senior Business / Technical Architect

January 2018 – February 2019

 

Mr. Turner worked as a Senior Business and Technical Architect on several projects within the Cyber and Information Technology Security (CITS) Branch at Shared Services Canada. The CITS branch’s focus is to protect the Government of Canada’s (GC) systems and networks, as well as Canadians’ information from cyber threats. SSC also supports Canada’s foreign service, military and law enforcement personnel and contributes to national security by defending government systems and delivering information technology (IT) security services.

 

SSC’s role in strengthening cyber and IT security:

  • protects Canadians’ privacy and information
  • protects Canada’s networks, systems, and sensitive data
  • modernizes the GC’s cyber and IT security infrastructure
  • achieves broader GC IT security outcomes
  • preserves Canada’s competitive advantage, economic prosperity, and national security

 

Project 8.1 Description – SharePoint 2016 Design – July 2018 – February 2019

The client was implementing a SharePoint solution for managing and tracking tasks performed by a number of Security Management and Governance teams.  Existing processes relied heavily on Microsoft Excel spreadsheets for reporting, with a non-standardized content.

Tasks Performed:

  • Review the ‘as-is’ implementation and align it with the work methodologies and requirements for all SM&G teams.
  • Using a simplified business process mapping and gap analysis strategy, created and refined key workflows to track the process from Business Intake, through Security Assessment (SA) process, and completion with milestone tracking and funding recovery tracking.
  • Helped to design the system to standardize meta-data types and vernacular, enforcing data integrity and data value to create reports with meaningful statistics and actionable metrics.
  • Implementation of consolidated data project management and reporting system for Security Assessment and Audit of projects across all GC departments, by SMG team.
  • Facilitated requirements gathering with management and Director level to understand scope and high-level business process. Engaged with practitioner and assessor teams to provide gap analysis of business process and capture all components. Design and document and align with support team and management.
  • Provided knowledge transfer and training to internal FTE staff

 

Project 8.2 Description – Atlassian JIRA Implementation – January 2018 – May 2018

The client was implementing JIRA for managing and tracking tasks performed by a number of Cyber Security teams.  In addition to the JIRA implementation there were complimentary integrated implementations of Confluence and HipChat.

Tasks Performed:

  • Reviewed the ‘as-is’ implementation and align it with the work methodologies and requirements for three teams.
  • Created and used a simplified business process mapping and gap analysis strategy and refined key workflows and status types to enable workload management and timely reporting.
  • Implementation of consolidated data project management and reporting system for Cyber Threat Management within CITS.
  • Develop and implement Access Control Program and Posture to manage integration of CTMS Jira Users, with validated and acceptable RBAC permission scopes based on Actors, Users and System Role requirements for project access, and issue access.
  • Facilitated requirements gathering with management level to understand scope and high-level business process. Engaged with business onboarding team, implementation team, and threat assessment hunt teams to map all areas of business process and capture all components. Design and document and align with support team and management.
  • Implemented Backlog concepts, daily stand-up meetings, and Kanban for visualization.
  • Standardized concepts and practices:
    • The utilization ‘Definition of Ready’ concepts defined dependencies to be completed before work can commence,
    • ‘Acceptance Criteria’ concepts defined core task output requirements,
    • ‘Definition of Done’ standardized the concept of describing a task as ‘done’ within the team.
    • All concepts were backed by JIRA customization to facilitate checklists to provide visualization and reporting metrics.
  • Created and deployed an HA infrastructure into a VMWare ESXI 6 environment.
  • Infrastructure was architected using NGINX as a Proxy/Load Balancer with JIRA, Confluence and HipChat instances running behind, backed by a PostgreSQL database on CentOS 7.
  • All data volumes were LUKS encrypted, and traffic encrypted with SSL and properly signed certificates.
  • Backups were performed daily via Bash Scripts capturing application, data, and database to a remote backup server.
  • Provided knowledge transfer and training to internal FTE staff

 

 

Technical Environment:

  • Applications: SharePoint 2016, JIRA, HipChat, Confluence, NGINX, Bash
  • Servers: VMWare ESXI 6, CentOS 7, PostgreSQL, Windows 2012, GCDOCS, VMWare

 

 

Project 7 – Brookfield Renewable Energy Cloud Delivery

Brookfield Renewable Energy

Role: Office 365 & Cloud Delivery Manager

September 2017 – December 2017

 

Project 7.1 Description – Office 365 and Microsoft Azure Cloud Service Delivery Manager

The client was performing extensive internal change, due to growth via Mergers & Acquisition, requiring a change in support vendor.  A consolidation of multiple Managed Service Providers was in flight to reduce to a more manageable number and create efficient internal workflows. The primary objective was to provide guidance and governance to the cloud services (Azure and Office365) support vendor, SoftChoice.

 

Tasks Performed:

  • Provide guidance and governance to the cloud services (Azure and Office365)
  • Provide management and oversight of vendor cloud architecture
  • Oversight and governance for implementation of IT Security to meet NIST controls (eq. ITSG) for both publicly traded organizations and USA Utilities.
  • Provided guidance and governance to Access Control Program and Posture to manage integration of Microsoft Office 365/Azure AD components, with validated and acceptable RBAC permission scopes based on Actors, Users and System Role requirements.
    • Office 365
    • Azure Active Directory
    • Microsoft InTune MDM (Mobile Device Management)
    • Azure VNET, VMs, ExpressRoute, LoadBalancing
  • Provided guidance and governance to Mobile Security Program and Posture to manage roll-out of Microsoft Azure InTune (mobile compliance) system, with validated and acceptable RBAC permission scopes to published applications based on role and responsibility.
  • Facilitated requirements gathering with tiger-team created from all business departments to represent key-users, included technical teams for support and implementation. Map additional processes defined by migration vendor and maintain regular meetings to ensure continuous alignment. Design and document and align with support team and management.
  • Oversaw workload and workflow migration to Office365, and Azure Cloud
  • Responsible for performance monitoring via standardized KPI’s was required
  • Provided knowledge transfer and training to internal FTE staff
  • Additionally, responsible for day-to-day management of internal requests and tickets. This required management of in-house systems, Active Directory, on-premise E-mail and spam solutions, and Cisco CUCM.

 

Technical Environment:

  • Cloud: Microsoft Office 365, Microsoft Skype for Business, Microsoft Azure Cloud, Azure ExpressRoute, Azure InTune Mobile Device Management, Microsoft PowerShell
  • Servers: Windows 2008R2, Active Directory

 

Project 6 – Lowe Martin DevOps

Lowe Martin Group

Role: DevOps

March 2017 – September 2017

 

Project 6.1 Description – Dev Ops
Role: DevOps & Architecture

The client was performing extensive internal change, which required the re-organization of the Software Development team from an unstructured and chaotic team into a fluid Agile and Scrum based team.

 

Tasks Performed:

  • Project Management using Agile & Scrum techniques
  • Project Management of IBM WebSphere, Java, and UIX projects
    • IBM WebSphere
    • DB2 Database
    • Java, and .Net application
    • CI/CD Pipeline – Jenkins
  • Project Management of WebSphere Individual Customer Web “Store” for each customer, including templatization of projects, tasks, and standards
  • Configuration and management of Atlassian JIRA and Confluence project and space environments
  • Facilitated requirements gathering with tiger-teams created from customer service teams, sales teams, direct client user representatives and senior management to map business process required for Agile workflow. Engaged with secondary team to drive new-scope requirement of ServiceDesk support, as discovered from Business Process documentation and Mapping. Design and document and align with support team and management.
  • Implementation of consolidated data project management and reporting system for GC Client Departments. IT Security and Cyber Protection policies implemented to match ITSG, to meet client requirements.
  • Provided guidance and governance for Access Control Program and Posture to manage integration of Atlassian JIRA components, with validated and acceptable RBAC permission scopes based on Actors, Users and System Role requirements. Roles and users access included division of access to internal staff access, and external client access. Specific security planning considerations were made to restrict access and visibility to ticket contents, metadata, and data where applicable.
  • Project Planning, Architecture, and Deployment of ITIL based ServiceDesk for integration into manufacturing and Smart-Factory environments
  • Provided knowledge transfer and training to internal FTE staff
  • Project Planning, Architecture and Upgrade Deployment of Xerox XMPie Suite
    • Implementation and integration of AWS Cloud components
    • Needs analysis, planning and design
    • Architecture and Service creation
    • Integration with internal systems and automation
  • AWS Cloud Solution for Imagery Hosting
    • EC2, AutoScaling, Elastic Load Balancing
    • S3 Storage, IAM Policies
    • CloudWatch and Event Driven Architecture Design

 

 

Project 6.2 Description – Office 365 Migration from Exchange & Domino Environments
Role: Infrastructure Architect

The client was performing a planned migration from an on-premise mixed environment of Microsoft Exchange 2010 and Lotus Domino 9 to a completely hosted Office 365 environment.  The quantity of mail objects was 2000+, including user mailboxes, shared mailboxes, group mailboxes, shared calendars, and resources.

Tasks Performed:

  • Internal directory configuration reviews
  • Migration planning and aligning to tool requirements
  • Deployment of Office365 specific features
  • Lotus Domino Migration to Exchange & Manual Migration processes

 

 

  • Active Directory Design and Management
  • Active Directory Federation Services
  • Exchange Online + Litigation/Auditing Features
  • Exchange Online Security Configuration and access policies
  • Microsoft Office Software and deployment strategies
  • Microsoft Skype for Business deployment
  • Exchange Mailbox and Resource migration processes
  • Implementation of IT Security and Cyber Protection Controls to secure and protect public facing mail systems, with relevant log (SIEM) integration. Map to ISO Security Controls.
  • Provide guidance and governance whilst reviewing and implement Access Control Program to manage access to Microsoft Exchange Mail System, with integrated Active Directory Access components, with validated and acceptable RBAC permission scopes based on Actors, Users and System Role requirements for Exchange resource provisioning and access, mailbox access rights, and litigation hold access.
  • PowerShell scripting and automation
  • Migration Review and end user documentation with cross-training and knowledge transfer

 

Technical Environment:

  • Public Cloud: Microsoft Office 365, Microsoft Skype for Business, Microsoft Office 365 Compliance, Amazon AWS Cloud, AWS VPC, AWS CloudFront, AWS CloudWatch, AWS CloudTrail, AWS IAM, AWS EC2, AWS SES, AWS S3,
  • Applications: Xerox XMPie, Microsoft SQL Server 2014, Microsoft PowerShell, Selenium, Bash, Java 8.3, Tomcat 8.0, MySQL, DB2, Atlassian JIRA, Atlassian Confluence, Atlassian HipChat, BitTitan MigrationWiz, Exchange 2013, Lotus Domino 9
  • Servers: Microsoft Windows 2008R2, Microsoft Windows 2012, RHEL 6.5

 

 

Project 5 – HighRoads US Cloud Migration

HighRoads (US – Boston, MA)

Role: Cloud Transformation & Cloud Architect

January 2017 – April 2017

 

Project 5.1 Description – Exchange Email Cloud Migration

January 2017 – April 2017

The client was undergoing extensive internal restructuring, right-sizing staffing and migrating services to the cloud to reduce costs and mitigate risks.  The Office 365 was selected as the premium marketplace leader, with rich functionality that could be scaled with simplicity.  A fully cloud based environment was supportive to restructuring and streamlining of the internal IT department and facilitating outsourced and offshore support.

 

Tasks Performed:

  • Internal directory configuration reviews
  • Migration planning and aligning to tool requirements
  • Active Directory upgrades & reconfiguration
  • Office365 Tenant Creation and Domain planning
  • Deployment of Office365 specific features
    • Active Directory Design and Management
    • Active Directory Federation Services
    • Exchange Online + Litigation/Auditing Features
    • Exchange Online Security Configuration and access policies
    • Microsoft Office Software and deployment strategies
    • Microsoft Skype for Business deployment
  • Exchange Mailbox & Resource Migration & Cutover Process
  • Facilitated requirements gathering with client teams created from multiple sites, with discrete Mail servers and Mail domains from M&A. Align user requirements and processes, including client/user access tools and delegated access types. Gather requirements from executive team for Office365 strategies, permitted apps, and integration into the process. Document complete process, and outcomes to facilitate hand-over to 3rd party support vendor.
  • Implementation of IT Security and Cyber Protection Controls to secure and protect public facing mail systems, with relevant log (SIEM) integration. Map to multiple Security Controls – ISO:27001, NIST, and HIPAA.
  • Provide guidance and governance whilst reviewing and implement Access Control Program to manage access to Microsoft Exchange Mail System, with integrated Active Directory Access components, with validated and acceptable RBAC permission scopes based on Actors, Users and System Role requirements for Exchange resource provisioning and access, mailbox access rights, and litigation hold access. Additional scope for non-integrated access to MimeCast cyber security services.
  • PowerShell scripting and automation
  • Migration Review and end user documentation
  • Decommission of Exchange Server Services
  • Provide documentation, knowledge transfer, and cross-training

 

 

Project 5.2 Description – Atlassian Project Management Cloud Migration

March 2017 – April 2017

Client was migrating all on premise services into cloud/SaaS versions to support a change in internal IT Strategy, and re-org reducing IT head count.  The Atlassian JIRA and Confluence product was to be maintained, although utilizing the “on demand” cloud version.  Primary objective was to migrate new projects into the cloud version, whilst maintaining legacy/historical projects in the on-premise version as read-only.  As the project progressed, we strategized that migrating the historical projects into the cloud was a best fit, as the on-premise version could be fully deprecated, and no additional costs would be incurred with the cloud platform.

Tasks Performed:

  • Project Management using Waterfall methodologies
  • Migration planning and needs analysis
  • Production application upgrade path process
  • Test driven change management to remediate cloud feature-function manual configurations
  • Migration process and cut over
  • Bash & SQL Scripting and automation
  • Facilitated requirements gathering with tiger-teams created from the organization as a whole, as a global solution. Facilitate meetings and discovery sessions with development teams, QA teams, professional services teams, internal IT Support, Sales teams, business stake holders (TAM’s and Product Owners) and external support vendors. Create business process maps and flows to capture end-to-end process and review with end-users to confirm. Perform gap analysis, and document as defined Workflows for implementation
  • Implementation of IT Security and Cyber Protection Controls to secure and protect project management and development integration system, with relevant log (SIEM) integration. Map to multiple Security Controls – ISO:27001, NIST, and HIPAA. Additional controls required to secure with use of offshore sub-contractors.
  • Develop and implement Access Control Program and Posture to manage integration of CTMS Jira Users, with validated and acceptable RBAC permission scopes based on Actors, Users and System Role requirements for project access, and issue access. Integration of JIRA Directory with Active Directory and assumption of Multi-Factor Authentication
  • Migration Review and end user documentation
  • End-User enablement for self-serve operations
  • Migration of on-premise servers into AWS cloud
  • On-premise servers decommission
  • AWS Cloud automation for archiving and “auto-build & start” process for legacy system lookups
  • Provide documentation, knowledge transfer, and cross-training

 

Technical Environment:

  • Public Cloud: Microsoft Office 365, Microsoft Office 365 Compliance, Microsoft Skype for Business, Microsoft Office 365 Compliance, Microsoft SharePoint Online, Amazon AWS Cloud, AWS EC2, AWS RDS, AWS SES, AWS S3, AWS CloudWatch, AWS CloudFormation, AWS CloudTrail, AWS IAM, AWS Certificate Manager, AWS WAF
  • Applications: MySQL, Exchange 2013, Active Directory, PowerShell, Bash, Atlassian JIRA, Atlassian Confluence
  • Servers: Microsoft Windows 2008R2, Microsoft Windows 2012, VMWare 5.5, VMWare 6, RedHat 6.5, CentOS 6, CentOS 7
  • Security: Fortinet FortiGate, Fortinet FortiGuard, Check Point FW, F5 Big-IP LTM, Syslog-NG, ME EventLog Analyzer

 

 

Project 4 – HighRoads Canada Inc. Infrastructure Operations Manager

HighRoads Canada Inc. (Ottawa, ON)

Role: DevOps, Operations and Cloud Architect; Project Management

June 2015 – December 2016

 

Project 4.1 Description – AWS Cloud Migration (In-house custom SaaS platform)

December 2015 – December 2016

Architected and managed the migration and implementation of on-premise systems into the AWS cloud platform. This involved right-sizing systems, provisioning micro-service based architecture and leveraging cloud-based security principles.  We realized a significant increase in simplicity to manage, time-to-implement and were able to leverage intelligent AWS native solutions for backup and DR.

Tasks Performed:

  • Project Management using Agile methodologies, and hybrid reporting
  • Needs analysis, define requirements, and plan migration route
  • Architectural design and PoC implementation
    • AWS Cloud, IAM, SQS, SNS, SES
    • AWS EC2; Elastic Load Balancing, Auto-Scaling Groups, Lambda
    • S3 Storage, Elastic Block Store, Elastic File System
    • AWS RDS, EC2 Oracle (BYOD)
    • VPC, CloudFront, Routee53
    • CloudWatch (Events & Metrics,) CloudTrail, Config, SystemsManager, Trusted Advisor
    • AWS CloudFormation, TerraForm v0.7, SALT, bespoke scripting, GIT, Bamboo, Jenkins
    • Docker – Java/Tomcat Container Applications
  • Market compliance under HIPAA & NIST guidelines
  • Facilitated requirements gathering with tiger-teams created from the organization as a whole, as a primary product solution. Facilitate meetings and discovery sessions with development teams, QA teams, professional services teams, internal IT Support, Sales teams, business stake holders (TAM’s and Product Owners,) external support vendors, and customer representatives. Create business process maps to capture discrete processes for client onboarding, client data and solution maintenance, client special projects, and internal process including IT Support, industry audit processes, financial related processes and people related processes. Document and capture flows as required.
  • Implementation of IT Security and Cyber Protection Controls to secure and protect customer facing SaaS solution, with relevant log (SIEM) integration. Map to multiple Security Controls – ISO:27001, NIST, and HIPAA.
  • Develop and implement Access Control Program and Posture to manage integration of External Client directories with application-based permission system, with validated and acceptable RBAC permission scopes based on Actors, Users and System Role requirements for project access, and issue access. Additional integration of IT Systems Administration staff with restricted permission sets to non-client data areas, and de-identified data-based shadow and sandbox systems.
  • Review and realign infrastructure with cloud offerings
  • Staged migratory testing of services with inline remediation
  • Internal feedback to development and operations for change coordination
  • Provide final architecture and documentation
  • Provide documentation, knowledge transfer, and cross-training
  • Migration and cut-over processes

 

Project 4.2 Description – SaaS System: DevOps Infrastructure

June 2015 – September 2016

A traditional hosted customer facing CMS system was in production that was originally designed for an alternate market, with simple web GUI drive access and a cumbersome offline client.  Highroads was designing a new “V2” system and was in development as a fully SaaS product with both web GUI access and customer available API access.  Infrastructure was required to support the SaaS product, provide reliable operations, secure access, and customer data, and enable customer driven Single Sign-On integration.

Tasks Performed:

  • Project Management using Agile methodologies, and hybrid reporting
  • Needs analysis, define requirements, and plan migration route
  • Architectural design and PoC implementation with modernization of infrastructure
    • AWS Cloud, IAM, SQS, SNS, SES
    • AWS EC2; Elastic Load Balancing, Auto-Scaling Groups, Lambda
    • S3 Storage, Elastic Block Store, Elastic File System
    • AWS RDS, EC2 Oracle (BYOD)
    • VPC, CloudFront, Routee53
    • CloudWatch (Events & Metrics,) CloudTrail, Config, SystemsManager, Trusted Advisor
    • AWS CloudFormation, TerraForm v0.7, SALT, bespoke scripting, GIT, Bamboo, Jenkins
    • VMWare 5.5 & 6.0, Citrix XenServer, Redhat RHEV, RedHat RHEL, Redhat Satellite & Moonwalk
    • Docker – Java/Tomcat Container Applications, Syslog-NG, BMC Insights
  • Security Coordination and alignment to required Guidelines (HIPAA & NIST)
  • Implementation of IT Security and Cyber Protection Controls to secure and protect customer facing SaaS solution, with relevant log (SIEM) integration. Map to multiple Security Controls – ISO:27001, NIST, and HIPAA.
  • Develop and implement Access Control Program and Posture to manage integration of External Client directories with application-based permission system, with validated and acceptable RBAC permission scopes based on Actors, Users and System Role requirements for project access, and issue access. Additional integration of IT Systems Administration staff with restricted permission sets to non-client data areas, and de-identified data-based shadow and sandbox systems
  • Facilitated requirements gathering with tiger-teams created from the organization as a whole, as a primary product solution. Facilitate meetings and discovery sessions with development teams, QA teams, professional services teams, internal IT Support, Sales teams, business stake holders (TAM’s and Product Owners,) external support vendors, and customer representatives. Create business process maps to capture discrete processes for client onboarding, client data and solution maintenance, client special projects, and internal process including IT Support, industry audit processes, financial related processes and people related processes. Document and capture flows as required
  • Review and realign infrastructure as required
  • Staged migratory testing of services with inline remediation
  • Internal feedback to development and operations for change coordination
  • Internal changes to CI/CD pipeline, automation, and management systems
  • Provide final architecture and documentation
  • Pre-migratory pen-testing and security reporting, load testing, and failure/high-availability testing
  • Migration and cut-over processes
  • Documentation preparation for Operations staff, Development staff, and Management, knowledge transfer and cross-training

 

 

Project 4.3 Description – Infrastructure Decommission & Migration

October 2015 – April 2016

An asset sale required a project to divest software, development environments, QA environments, staging environments, demo environments, training environments, DR environments, and production environments for the “V1” software product.  Secondary systems including monitoring, security analysis, edge networking (firewalls, load balancers, etc.,) and backup systems had to be either migrated to the purchasing company with replacements provisioned in Highroads infrastructure, or newly provisioned identical systems provisioned in DirectPath infrastructure.  Tertiary systems requiring migration and/or new provisioning included corporate applications (Wiki’s, CI/CD software, JIRA, etc.,) physical office installations and office hardware.

To be compliant with the Sale Agreement and Transitional Services Agreement 80% of the work had to be carried out by Highroads with zero down-time to either organization in a timely manner as defined in the sale documentation.  A significant percentage of the sale value was held in escrow until completion and approval of the purchasing company.

Tasks Performed:

  • Project Management using Waterfall methodologies
  • Stakeholder reporting and meetings with C-Level executives and Board Members
  • Needs analysis, define requirements, and plan migration route
  • Architectural design and PoC implementation with modernization of infrastructure
    • AWS Cloud, IAM, SQS, SNS, SES
    • AWS EC2; Elastic Load Balancing, Auto-Scaling Groups, Lambda
    • S3 Storage, Elastic Block Store, Elastic File System
    • AWS RDS, EC2 Oracle (BYOD)
    • VPC, CloudFront, Routee53
    • CloudWatch (Events & Metrics,) CloudTrail, Config, SystemsManager, Trusted Advisor
    • AWS CloudFormation, TerraForm v0.7, SALT, bespoke scripting, GIT, Bamboo, Jenkins
    • Docker – Java/Tomcat Container Applications, Oracle WebLogic, Oracle 11, Syslog-NG, BMC Insights
  • Security Coordination and alignment to required Guidelines (HIPAA & NIST)
  • Implementation of IT Security and Cyber Protection Controls to secure and protect customer facing SaaS solution, with relevant log (SIEM) integration into migration target company’s data centre. Map to multiple Security Controls – ISO:27001, NIST, and HIPAA.
  • Perform “safe” deconstruction and decommission of legacy data centre and hosted solutions, including safe decommission of data storage and certified destruction client data, hosted application data, and historical log data.
  • Develop and implement Access Control Program and Posture to manage migration and eventual hand-over of systems to purchasing company. Define solution to provide interim access to key personnel, based on RBAC requirements with permissions declining based on a combination of timelines and milestones met. Create new Access Control Program and Posture to support ‘post-migration’ remaining components. Scope includes physical data centre access and secure building access permission sets.
  • Facilitated requirements gathering with tiger-teams created from purchasing organization and selling organization as a whole, as a primary product solution. Facilitate meetings and discovery sessions with development teams, QA teams, professional services teams, internal IT Support, Sales teams, business stake holders (TAM’s and Product Owners,) external support vendors, and customer representatives. Create business process maps to capture discrete processes for client onboarding, client data and solution maintenance, client special projects, and internal process including IT Support, industry audit processes, financial related processes and people related processes. Additional focus for overlapping process to facilitate legal hand-over period for support, and milestones to capture separation of processes from seller to purchaser to ensure release of funds from Escrow. Document and capture flows as required, and report to senior management.
  • Staged migratory testing of services with inline remediation
  • Internal feedback to development and operations for change coordination
  • Internal changes to CI/CD pipeline, automation, and management systems
  • Provide final architecture and documentation
  • Pre-migratory pen-testing and security reporting, load testing, and failure/high-availability testing
  • Migration and cut-over processes
  • Decommission of legacy hardware, separation of hardware
  • Project Close-Out, Stakeholder reporting, Legal/Financial reporting for disbursement of Escrow fund compliance
  • Documentation preparation for Operations staff, Development staff, Management, and external acquiring company,

 

Project 4.4 Description – Operations Decommission & Migration

May 2016 – December 2016

In Q4 2016 Highroads announced the closure of their Canadian offices, with subsequent planned closure of the Canadian company.  IT Operations was to be fully handed over to various outsourced vendors, physical presence within the Ottawa office was to be immediately deprecated and the closure of the data centre supporting the “V1” application was to be planned.  Primary objective was to identify all internal IT Operations functions that we carried out purely from the Ottawa office, and relocate those processes and functions to outsourced vendors.  Key focus was placed on risk mitigation from lack of presence and established staff.

Tasks Performed:

  • Project Management using Waterfall methodologies
  • Stakeholder reporting and meetings with C-Level executives and Board Members
  • Needs analysis, define requirements, and plan migration route
  • Review and realign infrastructure with cloud offerings
    • AWS Cloud, IAM, SQS, SNS, SES
    • AWS EC2; Elastic Load Balancing, Auto-Scaling Groups, Lambda
    • S3 Storage, Elastic Block Store, Elastic File System
    • AWS RDS, EC2 Oracle (BYOD)
    • VPC, CloudFront, Routee53
    • CloudWatch (Events & Metrics,) CloudTrail, Config, SystemsManager, Trusted Advisor
    • AWS CloudFormation, TerraForm v0.7, SALT, bespoke scripting, GIT, Bamboo, Jenkins
    • Docker – Java/Tomcat Container Applications, Oracle WebLogic, Oracle 11, Syslog-NG, BMC Insights
  • Security Coordination and alignment to required Guidelines (HIPAA & NIST)
  • Implementation of IT Security and Cyber Protection Controls to secure and protect customer facing SaaS solution, with relevant log (SIEM) integration. Map to multiple Security Controls – ISO:27001, NIST, and HIPAA. Validation of migrated system, verification to meet HIPAA compliance.
  • Develop and implement Access Control Program and Posture to manage migration and eventual hand-over of systems to parent operations in Boston, MA office. Define solution to provide interim access to key personnel, based on RBAC requirements with permissions declining based on a combination of timelines, milestones met, staff onboarding and lay-off structure. Create new Access Control Program and Posture to support ‘post-migration’ remaining components. Scope includes physical data centre access and secure building access permission sets
  • Facilitated requirements gathering with tiger-teams created from the organization as a whole, as a primary product solution. Facilitate meetings and discovery sessions with development teams, QA teams, professional services teams, internal IT Support, Sales teams, business stake holders (TAM’s and Product Owners,) external support vendors, and customer representatives. Create business process maps to capture discrete processes in migrated, post deprecation environments, for client onboarding, client data and solution maintenance, client special projects, and internal process including IT Support, industry audit processes, financial related processes and people related processes. Document and capture flows as required
  • Staged migratory testing of services with inline remediation
  • Internal feedback to development and operations for change coordination
  • Internal changes to CI/CD pipeline, automation, and management systems
  • Provide final architecture and documentation
  • Migration and cut-over processes
  • Preparation and planning for decommission of legacy hardware, separation of hardware
  • Project Close-Out and handover
  • Documentation preparation for Operations staff, Development staff, Management, and external outsourced support company, including cross-training and knowledge transfer

 

Technical Environment:

  • Public Cloud: Amazon AWS, Microsoft Azure, NaviSite “Navi-Cloud”
  • Private Data Centre: Tier3 certified data centres Rogers Data Centres, NaviSite Data Centres
  • Applications: Oracle 10g, MS Exchange, Active Directory, OpenLDAP, PingFed Identity Management, Atlassian JIRA, Atlassian Bamboo, Atlassian Confluence, Atlassian HipChat, Nagios Monitoring, SolarWinds Monitoring, OpMananger Monitoring, Observium Monitoring, Syslog-NG, UniTrends Enterprise Backup, Microsoft Project 2013, Gerrit GIT, Apache SVN, SALT, Java, Tomcat, Apache, SOLR, IIS, .NET, Azure PowerShell, Azure ARM, AWS CloudFormation
  • Servers: RHN Satellite, Windows 2008, Windows 2012, RedHat RHEL / CentOS 5.5/6.0/7, VMWare 5.5, VMWare 6, Citrix XenServer 6.5
  • Security: Cisco Catalyst, FortiGate Firewall, FortiGate FortiGuard, FortiOS IPS, CheckPoint Firewall, CheckPoint IDS/IPS, F5 Big-IP LTM, Snort, Syslog-NG, rsyslog, Spunk, AlienVault, PFSense SquidGuard, CheckPoint DLP, Nagios, SolarWinds, Tenable Nessus

 

 

Project 3 – Dymon Corporation – Infrastructure Manager

Dymon Corporation

Role: Operations and Infrastructure Architect

December 2014 – June 2015

 

Project 3.1 Description – Operations Virtualization

December 2014 – May 2015

The Dymon corporate infrastructure was operating on unique physical hardware per server and per service.  We identified 8 physical servers of identical capacity that were running at less than 20% utilization, in one instance 0% utilization.  Switching and network was analyzed, and we identified 3 totally unused Layer 3 switches with zero utilization.  An architecture was created to migrate to a fully virtualized infrastructure, segregate corporate traffic with various VLANs to support operations, POS systems, publicly accessible web services, CCTV data, and credit transactions in addition to iSCSI traffic, virtualization traffic, monitoring traffic, and Building Automation traffic.

Tasks Performed:

  • Stakeholder reporting and meetings with CIO
  • Needs analysis, define requirements, and plan migration route
  • Review and realign infrastructure plan with budget limitations
    • HP ProCurve Switching with Cisco Top-of-Rack Switches & Sophos UTM
    • HP Switching and MPLS Integration
    • WhiteBox Server Hardware Cluster
    • Citrix XenServer Clustering & Replicated NAS Storage
    • Linux CentOS Workload Servers
  • Security Coordination and alignment to required Guidelines (PCI Compliance)
  • Implementation of IT Security and Cyber Protection Controls to secure and bespoke hosted Self-Storage system, with compliance to PCI-DSS 3.0.
  • Facilitated requirements gathering within organization with consideration to distributed workforce, with varying internal business offerings and processes. Capture processes for discrete line of businesses (storage, residential healthcare, construction, solar.) Map high-level business processes and engage with user base to verify and perform gap analysis. Document processes and utilize for defining security and risk points as well as general strategy and architecture.
  • Staged migratory testing of services with inline remediation
  • Migration and cut-over processes
  • Preparation and planning for decommission of legacy hardware, separation of hardware
  • Project Close-Out and handover
  • Documentation preparation for Operations staff, and training, including cross-training and knowledge transfer

 

Project 3.2 Description – Remote Desktop Services (RDS)/ Thin Client Implementation

January 2015 – June 2015

The Dymon Health Care retirement residences were operating with heavily aged systems that incurred excessive amounts of downtimes, ran various operating systems and various versions of software.  A frequent churn of nursing staff required unique profiles to be created on each system repeatedly.  We identified a number of different solutions, with selection being given to a Terminal Server (RDS) / Thin Client solution where roaming profiles were available to each staff member, and data was centralized into the corporate servers away from the local desktops.  Our objective was to leverage technology to reduce the overhead of managing systems, and staff related issues, whilst consolidating services, centralizing data, and incorporating into corporate backups.

Tasks Performed:

  • Stakeholder reporting and meetings with CIO & Health Care COO
  • Needs analysis, define requirements, and plan transformation
    • Citrix XenServer Virtualization Cluster & Defined NAS Storage Cluster for RDS User and centralised data
    • Windows 2012 R2 Remote Desktop Services Cluster
    • Active Directory design and management for isolation of RDS Users
    • WyseTerminal Hardware & Virtual Terminals on existing hardware
  • Security Coordination and advisory process
  • Staged migratory testing of services with inline remediation
  • Migration and cut-over processes
  • Implementation of IT Security and Cyber Protection Controls to secure and bespoke hosted Self-Storage system, with compliance to Canadian PIPEDA
  • Preparation and planning for repurposing or decommission of legacy hardware
  • Project Close-Out and handover
  • Documentation preparation for Operations staff, and training, including knowledge transfer and cross-training.

 

Project 3.3 Description – Sales Software & POS Infrastructure System Upgrade

May 2015 – June 2015

A vendor driven change to end-user credit transaction PIN pads required Dymon Storage to update their credit transaction software, Line of Business integration module, merchant banking authentication and physical handsets with zero downtime realized to storage facilities.  The POS Upgrade object was to replace the PIN pads, upgrade and reconfigure each unit and complete a site within 45 minutes.  Pre-testing verification was performed, followed by installation testing a transaction verification of the installation, with post-implementation reporting verified the back-end allocations.

Tasks Performed:

  • Stakeholder reporting and meetings with CIO, COO, and Chief Accountant
  • Needs analysis, define requirements, and plan transformation
  • Security Coordination and advisory process
  • Lab-based PoC testing
  • Migration and cut-over processes
  • Implementation of IT Security and Cyber Protection Controls to secure and bespoke hosted Self-Storage system, with compliance to PCI-DSS 3.0.
  • Facilitated requirements gathering within organization with healthcare operations, operating as three discrete businesses and organizations. Capture processes for discrete businesses, plus centralized roll-up reporting into parent company.
  • Map high-level business processes and engage with key team-leads to verify and perform gap analysis. Document processes and utilize for defining security and risk points as well as general strategy and architecture.
  • Project Close-Out and handover
  • Documentation preparation for Operations staff, and training including cross-transfer and knowledge transfer

 

Technical Environment:

  • Public Cloud: Microsoft Office 35
  • Private Data Centre: Physical on-premise locations
  • Applications: Active Directory, SpiceWorks Helpdesk, SysAid ITIL Helpdesk, ManageEngine OpManager Monitoring, Symantec Backup Exec, UniTrends Backup, Microsoft Project 2010 Server, Sage Timberline Suite, IIS, .NET, Shift4 Payment Processing, DHL Total Recall ERP
  • Servers: Physical Servers, Citrix XenServer, VMWare 5.5, CentOS, Windows 2003, Windows 2008, Windows 2012, Windows 2008 Terminal Services, Windows 2012 RDS
  • Networking: Cisco Switches, HP ProCurve
  • Security: Sophos UTM (NextGen FW,) rsyslog, Syslog-NG, SolarWinds, ME OpManager Monitoring

 

Project 2 – GeoDigital International Inc. Infrastructure Manager

GeoDigital International (GeoSpatial Engineering)

Role: Operations and Infrastructure Architect

September 2011 – December 2014

 

Project 2.1 Description – “PAS – Photo Acquisition Service” SaaS Cloud Application

May 2012 – December 2014

GeoDigital created a market pioneering SaaS application utilized by premium US insurance companies to provide a Photo Acquisition Service (PAS) system to provide on-the-fly imagery and extrapolated engineering metrics for roofing claims.  API integration provided the customer’s agents the ability to receive zip bundles of imagery along with PDF descriptors of building dimensions, including pitch, slope, and height via single click integration to customer’s proprietary Line of Business (LoB) application.  Primary objective was to design, architect, and develop a fully sustainable and scalable SaaS infrastructure that could grow vertically and horizontally as utilization increased with growth of customer of customer base, and could grow in feature functionality as additional market requirements were serviced.  The Application was deployed with a cloud-first initiative delivering integration with client desktop delivery with a hybrid-cloud backend.

Tasks Performed:

  • Project managed and deliverables tracked with Agile Project methodologies and Sprint based cadences
  • Needs analysis, define requirements, and identify cloud provider (AWS & RackSpace)
  • Architectural design and PoC implementation with alignment to cloud services
    • AWS EC2 Linux Instances & AWS EC2 Windows Instances
    • AWS ELB Load Balancers & AutoScaling & AWS CloudFront
    • AWS S3 Storage & AWS EC2 EBS
    • AWS CloudWatch & AWS SNS & AWS SES
    • “Secure” data links & delivery redirected to On-Premise Datacentre
  • Security Coordination and alignment to required Guidelines (NERC, FISMA & NIST)
  • Implementation of IT Security and Cyber Protection Controls to hosted SaaS platform for US Markets. Compliance required for ISO:27001, NERC and NIST.
  • Facilitated requirements gathering within organization R&D team for new application process. Created tiger team with primary customer, as an early adopter, to drive product and process maps for consumption. Facilitated interactions with internal support teams, development teams, sales and business teams, and finance teams to capture business process requirements. Created documentation and performed transformation functions to move to operational model.
  • Develop and implement Access Control Program and Posture to manage operations access for SAAS application, based on RBAC requirements with integrations from internal departments and external vendor support. Provide guidance and governance for directory creation to support customer access types, with application data management roles.
  • Staged build and deployment of cloud infrastructure and on-premise infrastructure
  • Internal feedback with development and operations for coordination
  • Internal integration to CI/CD pipeline, automation, and management systems
    • Automation Scripting (Bash, Python, MS Batch)
    • Hudson-Jenkins CI/CD Tooling
    • Visual SVN Subversion Version-Control System
  • Generate final architecture and documentation
  • Pre-migratory pen-testing and security reporting, load testing, and failure/high-availability testing with alignment to customer requirement reporting
  • Go-Live and release
  • Documentation preparation for Operations staff, Development staff, and Management including cross-training and knowledge transfer

 

Project 2.2 Description – Data Centre Migration (Vancouver, BC – Ottawa, ON)

May 2012 – September 2012

The client required the migration of physical data centre from Vancouver On-Premise location to Ottawa Tier 2 Data Center.  Architecture migration of 750TB production IBM FC SAN storage, IBM FC SAN & Tivoli System 200TB Backup/Archival Storage, 2000 Windows 2008R2 Servers, and VMWare 5.0 IBM Cluster.  An expedited timeline was in place due to the termination of facility contracts, and no local staff.  Additional risk was identified due the size of data, and GIS Airborne Acquisition data loss would require the physical re-flight of areas and financial exposure and damage to the organization.

Tasks Performed:

  • Project Management using hybrid Agile and waterfall methodologies
  • Needs analysis, define requirements, and extreme risk with project
  • Vendor Selection Advisory and Vendor Engagement
  • Vendor Management & Project Management with focus to high risk and severe impacts
  • Provisioning of supporting infrastructure and data centre services
    • IBM SAN & Brocade FC Switch Fabric
    • IBM Tivoli Backup System & IBM SAN & LTO5 Tape Array
    • IBM VMWare HyperVisor Cluster & Microsoft Windows 2012 Cluster
    • Child Workload VM’s of various nature (LiDAR Processing & related)
    • Dell PowerConnect Network Switching & Cisco Top of Rack Switching
  • Coordination and advisory services to organization departments (Sales, PMO, Production, Acquisition, and Executive Teams) for impact and expected interruption
  • Generate final architecture and supporting documentation
  • Pre-migratory planned tasks, including risk mitigation processes
  • Migratory cut-over including on-site management and advisory with receiving data centre
  • Post-migration management of changes and integrations
  • Implementation of IT Security and Cyber Protection Controls to hosted SaaS platform for US Markets. Compliance required for ISO:27001, NERC and NIST.
  • Facilitated requirements gathering with tiger-teams created from the organization. Facilitate meetings and discovery sessions with development teams, QA teams, professional services teams, internal IT Support, Project Management teams, Sales teams, business stake holders (TAM’s and Product Owners,) external support vendors, and customer representatives. Create business process maps to capture discrete processes for field LiDAR acquisition and transfer, QA processes, LiDAR engineering production processes, backup and maintenance processes, data archival processes, and client delivery processes, as affected by the migration. Transform previous process workflow to a new ‘post-migration’ workflow.
  • Develop and implement Access Control Program and Posture to manage operations access for remote production infrastructure stack, based on RBAC requirements with integrations from internal operations staff, production ‘super-user’ types, automation systems, and external vendor support. Integration with local directories, and external vendor based ticketing system for automated reactive maintenance.
  • Documentation preparation for Operations staff, Production staff, and Management including cross-training and knowledge transfer

 

Project 2.3 Description – Corporate Private Cloud (Data Centre Architecture)

September 2012 – August 2013

As a multi-petabyte data handling organization, GeoDigital required a robust and richly featured solution for handling data archiving, data retention, and data integrity. Leveraging Tier II and Tier III secure data centres with enterprise scale storage platforms for automated scaling data storage management this project served the identified requirements of all Business Units.  The solution had to create and manage a complete ‘corporate software directory’ of internal tools for workflow maximization based on business requirements, providing fully self-serve managed environments.

 

Tasks Performed:

  • Project Management using hybrid Agile & Waterfall methodologies
  • Stakeholder reporting and meetings with Executive teams and operations teams
  • Needs analysis, define requirements for project
  • Advisory services for technology selection and cloud provider integrations
  • Architectural design and lightweight PoC implementation
    • Dell PowerConnect Network Switching & Cisco Top-of-Rack switching
    • Dell PowerEdge Server Clusters & Bespoke Dell PowerVault Rack
    • NexentaStor Software Defined Storage Cluster presenting Block Storage Volumes and Object Storage Shares with automated snapshotting and intelligent data-tiering
    • Redhat Linux RHEL & CentOS Linux Cluster and Virtualization (Xen & KVM)
    • Integration with AWS Cloud for off-site replication and storage-bursting using AWS S3 buckets
  • Security Coordination and alignment to required Guidelines (NERC, FISMA & NIST)
  • Implementation of IT Security and Cyber Protection Controls to hosted SaaS platform for US Markets. Compliance required for ISO:27001, NERC and NIST.
  • Facilitated requirements gathering with tiger-teams created from the organization. Facilitate meetings and discovery sessions with development teams, QA teams, professional services teams, internal IT Support, Project Management teams, Sales teams, business stake holders (TAM’s and Product Owners,) external support vendors, and customer representatives. Create business process maps to capture discrete processes for field LiDAR acquisition and transfer, QA processes, LiDAR engineering production processes, backup and maintenance processes, data archival processes, and client delivery processes, as affected by the migration. Transform previous process workflow to a new ‘post-migration’ workflow.
  • Develop and implement Access Control Program and Posture to manage operations access for remote production infrastructure stack, based on RBAC requirements with integrations from internal operations staff, production ‘super-user’ types, automation systems, and external vendor support. Integration with local directories, and external vendor based ticketing system for automated reactive maintenance.
  • Vendor Selection Advisory and Vendor Engagement
  • Vendor Management & Project Management
  • Provisioning of supporting infrastructure and data centre services
  • Staged integration of new services with existing infrastructure, and inline remediation
  • Manage internal feedback to operations for change coordination
  • Manage internal changes automation, and management systems
  • Provide final architecture and documentation
  • Build, deploy and integrate process
  • Project Close-Out,
  • Documentation preparation for Operations staff including knowledge-transfer and cross-training

 

Project 2.4 Description – On-Premise Data Centre Virtualization

September 2012 – August 2013

Due to growth by corporate acquisitions, the client operated multiple physical locations without a centralized standardized IT Infrastructure platform.  This project managed the migration from physical servers and unstructured virtual servers, to a standardized virtualization platform leveraging Hyper-V as a single vendor platform.  It provided full license management and auditing, ensured right-sizing of resources for daily operations and future growth.  Mr. Turner steered strategy to ensure maximization of virtualization platform and resources.

 

Tasks Performed:

  • Project Management using hybrid Agile & Waterfall methodologies
  • Stakeholder reporting and meetings with Executive teams and operations teams
  • Needs analysis, define requirements for project
  • Advisory services for technology selection and infrastructure integrations
  • Architectural design and structure planning
    • Dell PowerConnect Network Switching & Cisco Top-of-Rack switching
    • Dell PowerEdge Server Clusters & Bespoke Dell PowerVault Rack
    • NexentaStor Software Defined Storage Cluster presenting Block Storage Volumes with automated snapshotting and intelligent data-tiering to on-prem data centre
    • VMWare 5,x Virtualization Cluster
    • Integration with AWS Cloud for off-site replication and storage-bursting using AWS S3 buckets
  • Security Coordination and alignment to required Guidelines (NERC, FISMA & NIST)
  • Implementation of IT Security and Cyber Protection Controls to LiDAR and engineering production IT Infrastructure platform for US Markets. Compliance required for ISO:27001, NERC and NIST.
  • Develop and implement Access Control Program and Posture to manage operations access for remote production infrastructure stack, based on RBAC requirements with integrations from internal operations staff, production ‘super-user’ types, automation systems. Integrations via Active Directory systems.
  • Facilitated requirements gathering with tiger-teams created from the organization. Facilitate meetings and discovery sessions with development teams, QA teams, professional services teams, internal IT Support, Project Management teams, Sales teams, business stake holders (TAM’s and Product Owners,) external support vendors, and customer representatives. Create business process maps to capture discrete processes for field LiDAR acquisition and transfer, QA processes, LiDAR engineering production processes, backup and maintenance processes, data archival processes, and client delivery processes, as affected by the migration.
  • Vendor Selection Advisory and Vendor Engagement
  • Vendor Management & Project Management
  • Provisioning of supporting infrastructure and data centre services
  • Staged integration of new services with existing infrastructure, and inline remediation
  • Manage internal feedback to operations for change coordination
  • Manage internal changes automation, and management systems
  • Provide final architecture and documentation
  • Build, deploy and integrate process
  • Project Close-Out,
  • Documentation preparation for Operations staff

 

 

Project 2.5 Description – Corporate Hybrid Cloud (Production & Field Acquisition Systems)

December 2013 – September 2014

The client expanded operations and business markets out of North America and into the Australasia region.  The client requirement was to limit expansion, and cost, to only airborne data acquisition teams without incurring any significant support staff, or production staff footprint.  Leveraging public cloud partners in Sydney, Australia (RackSpace,) cloud partners in North America (Amazon AWS US,) colocation Data Centre partners (Rogers) and on-premises data centre to create an holistic and end-to-end data management system for hands-off and lights-out management of acquisition data.  Data was acquired in Sydney, Australia at the rate of 1TB per day, and handed off by GIS field staff to RackSpace Cloud’s data centre personnel.  Data was then processed via automation scripts and replicated across cloud partners and to on-premises sites for production staff.

 

Tasks Performed:

  • Project Management using hybrid Agile and waterfall methodologies
  • Needs analysis, define requirements, and identify cloud providers
  • Architectural design and PoC implementation with multi-vendor integration
    • RackSpace Compute Instances & Database Instances
    • RackSpace Data Ingestion (Up to 2TB per day on bare drives) at Sydney data centre
    • Automated Data validation, manifest validation and replication into AWS Cloud
    • AWS EC2 Linux Instances
    • AWS ELB Load Balancers & AutoScaling & AWS CloudFront
    • AWS S3 Storage & AWS EC2 EBS
    • AWS CloudWatch & AWS SNS & AWS SES
    • Data replication from AWS to off-shore data analysts in Asia and in-house data analysts in California USA, Minnesota USA, British Columbia CA, & Ottawa CA.
  • Security Coordination and alignment to required Guidelines (NERC, FISMA & NIST)
  • Implementation of IT Security and Cyber Protection Controls to hosted client data processing platform for US Energy and Utilities Markets. Compliance required for ISO:27001 and NIST.
  • Facilitated requirements gathering with tiger-teams created from the organization. Facilitate meetings and discovery sessions with development teams, QA teams, professional services teams, internal IT Support, Project Management teams, Sales teams, business stake holders (TAM’s and Product Owners,) external support vendors, and customer representatives. Create business process maps to capture discrete processes for field LiDAR acquisition and transfer, QA processes, LiDAR engineering production processes, backup and maintenance processes, data archival processes, and client delivery processes, as affected by the migration. Transform previous process workflow to a new ‘post-migration’ workflow.
  • Develop and implement Access Control Program and Posture to manage operations access for remote production infrastructure stack, based on RBAC requirements with integrations from internal operations staff, production ‘super-user’ types, automation systems, and external vendor support. Integration with offline remote directories, and external vendor based ticketing system for automated reactive maintenance.
  • Staged build and deployment of cloud infrastructure and on-premise infrastructure
  • Internal feedback with development and operations and GIS Acquisition for coordination
  • Internal integration to CI/CD pipeline, automation, and management systems
  • Generate final architecture and documentation
  • Pre-migratory pen-testing and security reporting, load testing, and failure/high-availability testing with alignment to customer requirement reporting
  • Go-Live and release
  • Documentation preparation for Operations staff, Development staff, and Management

 

Project 2.6 Description – Office 365 Cloud Migration

September 2011 – December 2012

The client intended to manage risk and centralize mail management into a streamlined cloud platform after growth through mergers and acquisitions.  With various offices having been integrated from separate companies and organizations a number of mail systems, and mail domains were operating in stand-alone silos.  A targeted strategy was created to consolidate mail and migrate directly into the new Office 365 platform, with a zero-mailbox loss, and zero interruption requirement.

 

Tasks Performed:

  • Project Management using hybrid Agile and waterfall methodologies
  • Internal directory configuration reviews
  • Migration planning and aligning to tool requirements
  • Active Directory upgrades & reconfiguration
  • Office365 Tenant Creation and Domain planning
  • Deployment of Office365 specific features
  • Exchange Mailbox & Resource Migration & Cutover Process
  • PowerShell scripting and automation
  • Implementation of IT Security and Cyber Protection Controls to secure and protect public facing mail systems, with relevant log (SIEM) integration. Map to ISO:27001 and NIST Security Controls
  • Provide guidance and governance whilst reviewing and implement Access Control Program to manage access to Microsoft Exchange Mail System, with integrated Active Directory Access components, with validated and acceptable RBAC permission scopes based on Actors, Users and System Role requirements for Exchange resource provisioning and access, mailbox access rights, and litigation hold access
  • Facilitated requirements gathering with tiger-team created from all business departments to represent key-users, included technical teams for support and implementation. Map additional processes defined by migration vendor and maintain regular meetings to ensure continuous alignment. Design and document and align with support team and management.
  • Migration Review and end user documentation
  • Decommission of Exchange Server Services
  • Operational support and maintenance

 

 

Technical Environment:

  • Public Cloud: Amazon AWS, Google GCP, Google GME,Microsoft Azure, Microsoft Office 365, RackSpace Cloud
  • Private Data Centre: Physical on-premise location, Rogers Tier 2, ATT Tier 3
  • Applications: SharePoint, QuickBase, QuickBooks Enterprise, SalesForce, MS SQL, MySQL, MS Exchange 2010, Active Directory, ManageEngine ServiceDesk Pro, ManageEngine OpManager Monitoring, Symantec BackupExec, Veaam Backup, Microsoft Project 2010, VisualSVN, Mulitple GIS Platforms
  • Servers: Windows 2008 R2, Windows 2012, VMWare 5.5, Linux KVM, RedHat RHEV, Microsoft Hyper-V, Citrix XenServer
  • Networking: Cisco Catalyst, Cisco IOS Routers, Dell PowerConnect
  • Security: Cisco ASA, FortiNet FortiGate, Snort, F5 Big-IP LTM, Nagios, Solar Winds, New Relic Monitoring, ME OpManager Monitoring

 

 

Project 1 – Central Wire Industries Infrastructure Manager

Central Wire Industries

Infrastructure & Operations

Role: Operations and Infrastructure Management

May 2007 – September 2011

 

Project 1.1 Description – IT Integration of fully automated production systems (Fond du Lac, Wisconsin)

January 2010 – March 2011

Central Wire Industries, as a $500 million annual revenue enterprise, expanded its operations with purchase of a smart-factory requiring integration of all aspects of automation, including IT Systems, ERP and MRP systems.  This project required the introduction of GE Fanuc Smart Automation, and various smart SCADA systems into the manufacturing process, configuration of smart-factory automation platform software, and integration via scheduled interfaces and data transform XML process into centralized AS/400 based Lawson Movex (M3) and Info BPCS ERP/MRP suites.

Tasks Performed:

  • Project Management using waterfall methodologies
  • Needs analysis, define requirements, and trusted vendors
  • Identify additional requirements to support “lights-out” manufacturing plant supported by only skeleton crew personnel
  • Vendor Management and advisory services for integration
  • Management and facilitation of on-premise automation system configuration with Plant Manager
  • Architect, design, and implement IT automation routines for data transfer to centralized AS/400 systems and business applications
  • Integration of SNMP monitoring to smart-factory systems plus regular IT Infrastructure
  • Fail-over testing planning and testing to verify on-site documentation comprehensiveness for non-technical staff
  • Facilitated requirements gathering with between facility production team, facility management, corporate production team, material purchasing team, external vendors, and IT teams. Map process and define requirements, and document.
  • Implementation of IT Security and Cyber Protection Controls to manufacturing ERP systems, data systems, general IT Infrastructure, and facility automation (Smart-Factory) including provisioning for client data to satisfy United States NOFORN classification, for US DOD. Compliance required for ISO:27001 and NIST.
  • Generate final architecture and documentation
  • Go-Live and release

 

Project 1.2 Description – ADP Payroll Systems Migration (Citrix Virtualization, Platform Upgrade, Database Migration)

January 2010 – March 2011

The client had expanded its market share and physical locations by an increase of 60% over the previous few years, seeing a growth in staff with the final onboarding of nine physical sites across the United States of America and Canada.  ADP was selected as the corporate vendor for providing consolidated payroll services across the company, requiring the implementation of new infrastructure to support a significantly larger application cluster.  Corporate directive required that the physical infrastructure be managed from Canada, with HR and Finance Payroll staff operating from USA locations, and corporate finance operating out of Canada.

Tasks Performed:

  • Project Management using waterfall methodologies
  • Needs analysis, define requirements, and vendors requirements
  • Vendor Management and advisory services for integration
  • Architectural design and implementation planning
  • Security Coordination and alignment for finance and payroll requirements
  • Vendor Engagement and coordination
  • Provisioning of supporting infrastructure and Citrix Desktop streaming services
  • Staged integration of new services with existing infrastructure, and inline remediation
  • Manage internal feedback to operations for change coordination
  • Manage internal changes automation, and management systems
  • Cutover and migration of data and access
  • Facilitated requirements gathering with between HR teams, finance teams, US Finance executives, Canadian Finance executives, external vendors and IT teams. Map process and define requirements, and document.
  • Implementation of IT Security and Cyber Protection Controls to manufacturing ERP systems, data systems, general IT Infrastructure. Compliance required for ISO:27001 and NIST.
  • Provide guidance and governance whilst reviewing and implement Access Control Program to manage access to Corporate HR Systems and Payroll systems, with integrated Active Directory Access components, with validated and acceptable RBAC permission scopes based on Actors, Users and System Role requirements for HR Processes.
  • Provide final architecture and documentation
  • Build, deploy and integrate process
  • Project Close-Out,
  • Documentation preparation and training for Operations staff, HR Staff, and Finance Staff

 

Technical Environment:

  • Private Data Centre: Physical on-premise location
  • Applications: SharePoint, SalesForce, MS SQL, MySQL, Oracle 9, MS Exchange 2007, Active Directory, ManageEngine ServiceDesk Pro, ManageEngine OpManager Monitoring, Symantec BackupExec, Lawson MOVEX (M3), Info BPCS, Infor Syteline
  • Servers: Windows 2003, Windows 2008, SCO Unix, AS/40, IBM WebSphere
  • Networking: Cisco Catalyst, Cisco IOS Routers,
  • Security: Cisco ASA, Nagios, Solar Winds, ME OpManager Monitoring, rsyslog, Syslog-NG