Phone: +44 (0)7973 797020 Email: email@example.com Website: cetre.co.uk Blog: cetre.co.uk/blog LinkedIn: linkedin.com/in/mattbrocksysadmin
Over 10 years of infrastructure management, engineering and consultancy for multiple clients, primarily small companies and startups (full client list available here) with responsibility for ongoing maintenance, administration and support. Some examples of key projects (specific client details withheld due to confidentiality requirements):
Creation of fully automated solution for client requirement of RabbitMQ deployment on Kubernetes using GKE on GCP; evaluation of provisioning tools with selection of Terraform using GCS bucket for remote state/locking and safe sharing with team via GitHub; additional scripting for Cloud DNS and IAM permissions management; successful deployment of cluster with ingress-nginx and cert-manager for TLS, and RabbitMQ with custom deployment spec and secure TLS/AMQPS connections; deployed apps pulling container images built and pushed to Artifact Registry; extensive documentation and successful handover.
Consultancy and hands-on engineering for client migration of web infrastructure from data centre to AWS; worked with development team on upgrading and streamlining systems to facilitate and simplify migration process, and on providing the most elegant solutions possible for necessary legacy systems; presented client with multiple migration options for all tiers and advised on choices, taking into account resiliency, security and cost; built dynamic test environment with VPC, Apache/PHP on Amazon Linux with EC2 Auto Scaling and Varnish for dynamic caching, static content moved to S3/CloudFront for edge delivery, Memcached moved to ElastiCache, migration to CloudSearch from SOLR, and move of MySQL to RDS; provided solutions for ongoing provisioning, code deployment and integration, configuration management, centralised log management/storage and monitoring; successful production migration and handover to client with extensive training/documentation.
Managed the migration of client to automated configuration management; advised client of benefits and evaluated solutions leading to selection of Ansible for flexibility, reliability and absence of additional client installation; moved entire software and infrastructure configuration to git with fully automated deployment; utilised Boto for dynamic EC2 inventory specification; also extended the success of this solution to automated IaC AWS cloud infrastructure provisioning via Ansible playbooks for automated AMI builds from Staging for rolling redeployments on Auto Scaled EC2 cluster with ELB provisioning and Route 53 updates.
Development of detailed and extensive server hardening procedure for financial client needing high security; included kernel and Linux OS hardening, Apache/PHP hardening and ModSecurity/mod_evasive Apache security module installation; shared procedure as popular blog article and updated for newer versions of Ubuntu and Red Hat/CentOS; automated hardening procedure with suite of Ansible playbooks.
Designed and built main company database infrastructure as per client requirement of PostgreSQL database on CentOS Linux for high transaction environment; deployed server cluster with RAID 10 database storage with kernel/OS tuning and filesystem optimisation; configured log shipping for replication and redundancy; extensive tuning and testing of PostgreSQL for performance optimisation leading to significantly reduced latency.
Provisioned new GCP environment for client project with new VPC, MySQL on Cloud SQL, GCE instances running Docker containers on Ubuntu Linux with nginx; specced and provisioned infrastucture; set up automated deployment system with GitHub/Ansible; built automated Docker environment with image creation and repo push/pull; documentation and training for successful handover to client tech team.
Creation of virtualised development environment using Vagrant, with automated provisioning Bash scripts for full VirtualBox setup with apps, tools, modules, code and config pulled from GitHub and internal git repos, and configured for effective simulation of Production environment for all developers leading to much more efficient and synchronised code testing and integration.
Setup of CloudWatch alarms to enhance client's existing monitoring/notification system, with integration of CloudWatch notifications on Slack for stuck SQS queues via SNS and Python Lambda app.
Installation and setup of ELK Stack/Elastic Stack as per client requirement, using Logstash to collect log data from syslog, Java and Apache, with Kibana and Elasticsearch to enable effective graphical search and analytics for development team.
Setup and administration of Jenkins for client as per specification from CTO, working with development team on development and administration of build scripts with a combination of manual and automated deployments to development, staging and production environments.
Deployment of HAProxy as robust and efficient load balancing solution for high transaction environment; Linux high availability active/standby setup for redundancy using CMAN/Corosync and Pacemaker; management of multiple virtual hosts and routing setups in HAProxy config; SSL/TLS handoff and certificate administration; complex requirements of intensive environment leading to successful creative solutions including modification of source code and submission of patch for feature subsequently added to next HAProxy release.
Set up full infrastructure monitoring system; evaluation of options and selection of Nagios for its power and flexibility; installation and configuration for monitoring of full range of infrastructure, hosts and applications; effective notifications of impending and active problems; management of alerts for teams via multiple messaging endpoints including Slack integration; development of custom monitoring plugins in Bash, Perl and Python for targeted and detailed insights.
Developed MongoDB infrastructure as per client requirement for document-based database; solved problem of reclaiming storage space with hardware limitations via development of custom Bash script to safely clear nodes in turn with zero downtime, leading to successful ongoing usage in production.
Designed and built effective new email system for all client's incoming and outgoing email including one million legitimate outgoing emails per day; selected Postfix on CentOS Linux for performance, flexibility and reliability plus supporting software to handle TLS and SASL authentication, greylisting, SPF/DKIM processing, log processing and reporting; wrote Bash and Python scripts for SASL security, autoreplies, bounce handling, alias handling and queue management; configured AWS infrastructure for mail sending and reverse DNS; setup of feedback loops and ongoing management of positive external mail reputation.
Managed setup of first hosted environment for startup; evaluated and selected colocation provider, data centre and hardware; installed and configured pfSense firewalls, Cisco switches and HP ProLiant DL servers; configured RAID, NIC teaming, and VLAN trunking for full redundancy; liaised with colo provider for network feeds and routing; automated CentOS Linux builds with Kickstart; deployed nginx, Java apps, PostgreSQL database, BIND for internal DNS, and other tools and related config; set up hardware and software monitoring; oversaw successful environment activation and ongoing production usage.
Management and administration of all infrastructure for castings and arts recruitment websites. Example of key project:
Engineering and administration of server and network infrastructure at high availability, high transaction gaming website. Example of key project:
Nov 2004 - Aug 2005: Web Architect at ING Group - systems and database management in a banking environment.
May 2002 - Oct 2004: Freelance System Administrator - system administration for a webmail service and dating websites.
Apr 2001 - Mar 2002: Hosting Engineer at IMG/TWI/PCCW - server and infrastructure engineering for an internet-streamed TV network.
Jun 1999 - Apr 2001: System Administrator at IPD (now MSCI) - server and network administration for a property industry data supplier.
Jun 1998 - Jun 1999: Junior System Administrator at Saratoga (now Mako) - system administration for a trading company.
Sep 1997 - Jun 1998: NOC Frontline Administrator at Demon Internet - frontline administrator in the network operations centre at an early ISP.
Mar 1997 - Aug 1997: Internet Support Technician at Support Link (later iDesk) - helpdesk support technician for home internet users.
1993 - 1996: London Metropolitan University - BSc (Hons) Music Technology (2:1)
1985 - 1992: Exeter School - 3 x A Levels and 10 x GCSEs