伊曼纽尔Chebukati
验证专家 in Engineering
DevSecOps工程师和开发人员
Emmanuel是一位具有系统审计经验的云安全工程师, App 保护, 安全的云部署. He has delivered sensitive technology projects across the East African region and globally in the public and private sectors. Emmanuel的经验得到了三项微软Azure和两项AWS认证的支持. 他是一名认证道德黑客(CEH). Emmanuel holds an MSc in Information Technology from Carnegie Mellon and a BSc from USIU Africa.
Portfolio
Experience
Availability
首选的环境
Apache2, 亚马逊网络服务(AWS), Azure, Cisco, Office 365, GitLab, NGINX, Kubernetes, 关系数据库服务(RDS), Debian
最神奇的...
...thing I've done was transform the bottle-necked physical IT infrastructure of a fintech to a hybrid cloud that was modern, secure, 而且易于管理.
工作经验
|联合创始人云安全工程师
七分析
- 共同创立了公司, 担任董事, 领导三个IT基础设施团队, 并领导客户团队定义和交付解决方案.
- Migrated and rebuilt 24 production VMware virtual machine applications for a client and set up a Kubernetes cluster in a hybrid cloud set up with minimal consumer downtime. 建立安全的远程访问和站点之间的连接.
- Migrated and maintained a Microsoft stack (IIS connected to SQL Server 2008 with multiple subdomains) from a local VM to Azure (App Services with managed databases). 用GitHub和swap为客户端建立一个DevSecOps管道.
- 调查并响应客户托管设施的停机事件. Migrated workloads to the cloud to mitigate the impact and wrote and presented the incident report, 导致我的委托人被判损害赔偿.
- 为二十多个邮箱在客户端域上设置私人电子邮件托管. 将现有的Office 365用户电子邮件地址迁移到新的电子邮件托管设置. 设计了一个电子邮件安全网关解决方案,支持多种云解决方案.
- 识别客户现场过程持续运行的潜在风险. 风险评估阶段涉及识别风险和减轻风险的控制措施, 在制造工厂的销售点进行鉴定后.
- Developed a sturdy Android application that can cope with the complex internet connectivity environment to receive audio reports. 部署一个安全的仪表板来查看、组织、管理和处理案例报告.
- Brainstormed a potential fintech solution for a client and advised on potential challenges and workarounds. Developed and deployed an Android mockup code to demonstrate an initially intended functionality.
Azure平台工程师
华格纳技术服务
- Prepared, documented, and implemented a plan to migrate from bare metal on-premise Windows servers into the Microsoft Azure cloud ecosystem.
- Federated user identities from the on-premise Active Directory to Azure Active Directory using the password hash-sync method with Seamless Single Sign-On.
- Synchronized multiple on-premise SMB file shares to Azure Files via Azure File Sync under a single storage account of one on one share mapping.
高级开发运维工程师
Rollee
- Implemented continuous integration and continuous deployment and delivery (CI/CD) in GitLab for 10+ applications. The pipeline was complete with minimal downtime deployments to ensure customer requests were unaffected during production deployments.
- Set up Airflow on Kubernetes with the Kubernetes Executor and migrated it from a VM using the SequentialExecutor. 将数据库迁移到托管数据库, 容器中已安装的依赖项, 并为dag设置CI/CD和git同步.
- Installed Prometheus for infrastructure and database metrics collection to aid business needs. 安装并固定Grafana以可视化收集的指标, 设置警报, 并制作了事故手册.
- 将一个Go应用程序迁移到Kubernetes上工作和运行. 适当地设置服务、部署、PVC、ConfigMaps、secrets和Ingress. Set up a managed database and NFS provisioner on top of the block storage for ReadWriteMany access.
- Researched, recommended, 并在Gitflow之间为公司记录了合适的Git工作流策略, GitHub flow, 和GitLab流程. 该建议在不影响运营的情况下被提出、讨论和采纳. 实现GitOps.
- 实现了Grafana Loki和Promtail作为基础设施和应用程序日志解决方案. This enabled the collection of logs and seamless analysis of application and infrastructure logs.
- Created a CI/CD pipeline for a React and React Native SDK to build and publish to an npm organizational account. 还实现了一个Python应用项目的CI/CD,并在GitLab中支持回滚.
- 在GitLab中实现了带有回滚支持的CI/CD,用于包含三个应用程序的单线程. 管道仅在特定代码库文件夹中反映更改时运行.
- Investigated and identified a shared lock issue on PostgreSQL preventing services from restarting. 问题是没有正确关闭长时间运行的查询, 为了快速解决问题,哪些问题被放在了代码行中.
- Led the company's technical side through a successful ISO 27001 audit by implementing recommendations, 记录决策, 捍卫公司的地位.
领英学习导师
LinkedIn学习
- 策划了一门关于金融科技安全要素的网络安全课程.
- 为金融科技安全要点的网络安全课程编写脚本.
- 录制关于金融科技安全要素的网络安全课程.
- Planned a 14-video course on cybersecurity essentials highlighting the top 10 most commonly reported vulnerabilities in 2022.
- 为网络安全必备课程编写脚本和准备幻灯片.
- 录制了14个视频的网络安全基本要素课程,每个视频都有演示.
DevSecOps工程师
Freelance
- Resolved a burst traffic issue on an Azure Kubernetes服务(AKS) cluster using a HorizontalPodAutoscaler (HPA) and a Cluster Autoscaler.
- Researched and recommended an appropriate cloud-native data volume for Azure Kubernetes Services (AKS) that supports concurrent access across multiple pods and horizontal scalability.
- Architected a cloud-native infrastructure with the Web-Queue-Worker style for a new scalable, secure, resilient, 高可用性应用, 哪个支持多租户客户机.
- Deployed a Web-Queue-Worker sample infrastructure architecture and demonstrated how the client would transition into a big data architecture using Azure Synapse Analytics and other tools.
安全培训师
e.KRAAL创新中心
- Taught the National Cybersecurity Training Program (NCSTP) third cohort of 20 trainees on cloud security, 具有30多个小时的现场直播, 实际内容, 以及Azure上的9个实践实验室, 5天以上交货.
- Taught the NCSTP first cohort of 40 trainees on critical information infrastructure protection (CIIP), 具有24小时以上的现场直播, 实际内容, 以及AWS上的五个实践实验室, 四天以上交货.
- 每次培训都获得了压倒性的积极评价.
系统开发人员
自然冲浪系统
- 设计和部署专注于安全性的定制IT基础设施. 这包括通配符SSL证书, 强SSL密码套件, 反向代理和负载平衡器, 远程接入vpn, 以及点对点vpn.
- 带领开发团队连续两个月每周发布一个新特性.
- 通过创建lite将Android应用程序大小从1MB减少到40KB, 能够在入门级智能手机上运行的缩小版.
管理实习生
总统数字人才计划
- 更新入境事务处的资讯保安政策.
- 审查内政部网站,并对其重新设计提出建议.
- 作为100名管理培训生的指定代表,带领整个团队.
Experience
HeptaPay
http://heptapay.com2017年肯尼亚总统选举情绪分析
http://uchaguzi.today/邮件服务器审计
This project was carried out in three phases remotely and through three regional trips to the Arusha headquarters:
Phase one involved a forensic analysis of the mail system to identify instances of foul play. 不当行为确实被发现了,证据也被提交给了项目负责人.
Phase two was implementing a solution that migrated the mail server to a secure cloud virtual private server running with encryption and email antivirus and anti-spam mechanisms in place. 这次迁移是无缝地、成功地完成的,对业务的影响最小.
The final phase was the optimization of office ICT systems for both performance and security. 这个阶段进一步涉及邮件服务器的配置,以满足组织的需求, 例如,特定的帐户仅限于内部通信.
总的来说,这个项目取得了巨大的成功.
Skills
Tools
VPN, Apache, Azure密钥库, Ansible, NGINX, 亚马逊虚拟私有云(VPC), VirtualBox, OpenVPN, Azure应用服务, Azure Kubernetes服务(AKS), Sentry, Grafana, GitLab
Paradigms
基于角色的访问控制, DevOps, 持续集成(CI), 持续交付(CD), Web应用程序设计, DevSecOps, Azure DevOps
Platforms
Linux, Apache2, Azure, Kubernetes, 亚马逊网络服务(AWS), Android, Docker, Amazon EC2, AWS云计算服务, Azure的功能, Ubuntu, Amazon, Debian
Storage
MySQL, Azure Active Directory, On-premise, Data Centers, 存储区域网络(SAN), MariaDB, Azure SQL数据库, Amazon S3 (AWS S3), PostgreSQL, Azure SQL
行业专业知识
IT安全,安全,网络安全,网络安全
Other
Office 365,混合云基础设施,信息安全,身份 & 访问管理(IAM), 云安全, 云服务, 云存储, Networks, IP Networks, 云架构, CI / CD管道, Deployment, 安全策略 & Procedures, 它操作, Architecture, 系统管理, 基础设施即代码(IaC), 安全设计, AWS认证云从业者, Lecturing, Shell脚本, 直连(DC), Code Auditing, Networking, Cisco, 云计算, 逆向工程, Mail Servers, App 保护, Cloud, Data Security, Applications, Azure管理员, Azure Storage, Azure虚拟机, 多因素认证(MFA), PIM, Azure虚拟网络, Data, 虚拟化, Azure资源管理器(ARM), IT Audits, AWS云架构, Reviews, Leadership, 团队的领导, Training, 业务连续性计划(BCP), 业务连续性, Storage, 电子邮件安全, 数据保护, DevOps工程师, Azure Synapse, Azure Files, Kubernetes HPA, Azure容器实例, Azure容器注册表, Azure数据工厂, Azure Synapse Analytics, Fintech, AWS VPN, Amazon RDS, AWS WAF, 亚马逊API网关, AWS机密管理器, AWS自动扩展, IT基础设施, Proxies, Prometheus, GitFlow, 文件管理系统(DMS), 负载平衡器, Subscriptions, 关系数据库服务(RDS), 安全体系结构, Controls, 安全管理, PCI遵从性
Languages
PHP, Python, Java, JavaScript, Bash
Frameworks
Classic ASP
库/ api
Twitter API
Education
信息技术硕士学位
卡内基梅隆大学非洲-基加利,卢旺达,非洲
应用计算机技术学士学位
美国国际大学-非洲-内罗毕,肯尼亚,非洲
认证
AWS认证安全-专业
亚马逊网络服务
微软认证:Azure安全工程师助理
Microsoft
AWS认证云从业者
AWS
微软Azure管理员助理
Microsoft
微软认证:Azure基础
Microsoft
Associate - Information Storage and Management Version 2.0
戴尔的技术
认证道德黑客(CEH)
EC-Council