Full-stack Developer

I oversee operations and product development at the research and education nonprofit Wastefull. I write all of the code for our web applications, from front-end interfaces to back-end services. Our primary product, WastefullDB, is a Jamstack application built with custom middleware delivered through an Angular application.

This is a volunteer position, and thanks to recent cuts to government funding ensuring that it's going to stay that way, I am looking for additional work.

Tooling

• Python
• Angular 5 (JavaScript)
• Github Actions
• Github Project Management Suite
• Docker CLI
• Google Cloud Platform CLI

Full-stack Engineer

As a full-stack engineer at Sun-Net I juggled multiple projects and priorities, ensuring timely delivery of high-quality software solutions. I collaborated with cross-functional teams to design and implement user-friendly interfaces, while also optimizing back-end processes for efficiency and scalability. Tech stacks could vary widely due to the diversity of the projects, so I had to be able to step in and adapt quickly.

Because of the product's position in the utility industry and my security background, I was also asked to step in to conduct internal audits to ensure compliance with industry regulations and best practices.

Tooling

• JavaScript & various frameworks including Angular
• Java, Maven, Tomcat
• SQL
• JIRA
• Confluence

Security Developer

At Chain, I specialized in cloud security and DevSecOps practices, ensuring that our clients' applications and infrastructure were secure by design. I worked closely with development teams to integrate security into the CI/CD pipeline, conduct threat modeling, and implement security best practices.

In this role, I also focused on automating security testing and compliance checks, helping to shift security left in the development process. I collaborated with cross-functional teams to ensure that security was a shared responsibility and not just the job of a separate team.

While I can't share the clients I worked with, they worked in industries that included:

• Semiconductor design, materials, manufacturing, packaging and testing
• Electronic auto parts (and associated cryptography, supply chain governance)
• Enterprise software (such as OEM) and critical interfaces
• Embedded systems (such as automotive and IoT devices)
• Military robotics (particularly at the MilBus and other interfaces)
• Highly secure facilities (such as data centers and government installations)

Projects at Chain Security

Custom Application Development

Custom IT separations often required very specific and generally unavailable toolsets. I developed custom web applications (Django stack or ASP.net Core in C#) as needed to fill in technical migration gaps that arise at the interface of different systems and platforms, in particular navigating the complexities of data transfer and integration in partially or entirely Government cloud-based environments.

Tooling

• ASP.NET Core (C#)
• Django (Python)
• Microsoft Graph API/CLI
• Microsoft 365 Admin Center (Commercial and Government Cloud)
• Windows Server and Active Directory
• Enterprise software as needed

IT Separation Plans

We had clients with complex IT environments, and I architected IT separation plans in the hundreds of pages, complete with citations (usually based in NIST SPs) and custom diagrams and screenshots. These plans were carefully created in collaboration with points of contact at the client organization and often required dozens of hours of interviews and discussions to lay out all of the organization's business requirements for their IT stack. Tension typically arose from a foreign company acquiring the business and entering into an LOA with the US Government requiring adherence to specific data handling and security protocols in exchange for access to necessary business information.

Company culture often showed up here as both friend and foe; employees often feel loyal to their company and coworkers to the extent that it can blind them from potential vulnerabilities within an organization. Taking the time to get to know the companies involved and establish a baseline of trust is critical to developing a plan that the organization can actually use and succeed with.

• I identified missing information needed for planning and compliance documentation.
• I filled in these gaps by identifying and interviewing former and current employees, and consulting documentation that might be found on old servers, on the internet, on-premises, and on the Wayback Machine, sometimes translating from other languages using my extensive background in linguistics and translation. For instance, some critical legacy automotive tools had very old documentation only available in German, which I was able to use to figure out the equipment's functionality and firmware integration points.
• I participated in the implementation of these high-pressure technical and logical IT separations while helping clients to meet strict government standards of confidentiality, integrity, and accessibility, acting both as technical lead and internal auditor, tracking possible issues before they arose.
• Through interviewing client employees at many levels of the organization, I determined key business and technical requirements, using their domain knowledge to familiarize myself with critical business requirements that needed protection throughout the migration, and communicating these requirements to management.
• I acted as flexible jack of all trades to manage all levels of IT support during technical migrations and separations while maintaining careful and accurate documentation of the process

Incident Response Plans

Working closely with stakeholders, I created incident response plans (IRPs) for big players in the cybersecurity space, curated as detailed manuals with accompanying swim lane diagrams and all actors defined. I went through the plans with stakeholders to ensure clarity and alignment with business objectives, developing them iteratively over the course of many meetings.

Training and Awareness

I developed and presented slide presentations to train large groups of employees on technical and security changes to their work environment, including onboarding, hardware access procedures, and training on any new software tools and processes.

Full-stack Web Developer

At Tecolote, I maintained and developed key web apps used daily by the Department of Defense and its subcontractors, which required special security considerations as well as obtaining and maintaining government clearance.

Projects at Tecolote

Responsive Full-stack Web Development

Having been brought in with the specific goal of modernizing the web applications, I built out a new, responsive Bootstrap web portal in Angular 5 on a Microsoft Core (C#) / SQL Server back-end while maintaining compatibility with the rest of the site, which was running on an old version of ASP written in VB.NET.

Transition to OAuth

I architected and executed the transition of our web apps from Microsoft Membership to OAuth using Microsoft Identity, and lead the charge for better security practices from the ground up.

Continuous Improvement

• I maintained legacy applications in VB.NET on a full Microsoft stack
• I championed and popularized (with the support of a great manager) a culture of documentation and best practices as well as code reviews
• I documented issues, fixes and ideas, as well as project progress, by collaborating in Microsoft Team Foundation Server (TFS) using Scrum best practices

Tooling

• JavaScript, Angular 5
• ASP.NET Core (C#)
• ASP.NET MVC (VB.NET)
• Team Foundation Server (TFS)