• Google Cloud Platform
• Azure
• AWS

• CI/CD pipelines
• Infrastructure automation
• BASH, Python, HCL
• Docker, Podman, Containers
• Terraform, Infrastructure as Code (IaC)
• ARM, Bicep, Vault, Packer
• PowerShell, YAML, ELisp

• Identity and Access Management (IAM)
• Privileged Access Management (PAM)
• Secret Management

• Linux Kernel
• Packaging (DEBs, RPMs)
• Managing Standard Internet Services
• Networking
• Database Administration
• Debian, RHEL
• Security / Hardening
• Configuration Automation
• Deployment Automation
• Containerization
  • Docker, Podman
  • Compose, Swarm, Kubernetes
• Orchestration

• Proactive approach to system health and performance

• Offering expert services in building resilient teams
• Implementing automation tools for small and medium businesses
• Develop workshops on my latest deliveries
• Increase team expertise by developing and presenting workshops
• Serious about performance and strong team player
• Building, optimizing, and troubleshooting:

Technologies: Software development, Terraform IaaC, BASH, Github Actions CI/CD pipelines, Google Cloud, Architecting Asynchrounous Event-Driven Workflows, IAM, PAM, WIF, ABAC, RBAC, Secret Management, OAuth2 Client and Provider, OpenID Connect, MFA, Certificate Management, Single Sign-On (SSO), Identity Federation, and Privileged Access Management

• Designed and implemented robust hybrid cloud solutions for Ubisoft's game development environment, leveraging Azure expertise
• Automated provisioning, configuration management, and application deployments using Azure DevOps pipelines across a hybrid multi-cloud Dotnet microservices infrastructure
• Managed infrastructure as code (IaC) with Bicep and Terraform, ensuring consistent, scalable deployments across on-premises, Azure, Google Cloud, and AWS environments
• Collaborated with senior development managers to integrate Azure, GCP, AWS, and Alibaba Cloud services, enhancing security and performance of game deployments
• Configured MultiClusterIngress for GKE Services with Anthos Service Mesh, deploying both external and internal Google Load Balancers (GCLB/ILB) for efficient traffic management
• Deployed Locust for comprehensive load testing across regions, simulating millions of user sessions to ensure game readiness, facilitated by ASM ingress gateways
• Improved load-testing deployment processes, cutting deployment time by >50% and reducing errors through optimized CI/CD pipelines, utilizing CI/CD container automation in Gitlab, Hashicorp Vault, Artifact registries, etc.

Technologies: Linux, DevOps, Google Cloud, Google Kubernetes Engine, Python, Locust, E2E/End-to-End Load Tests, Advanced GitLab CI/CD pipelines, HashiCorp Vault, Writing Dockerfiles, Automating builds, Advanced CI/CD pipelines, GitLab, Secret Management, Alibaba Cloud, IAM, PAM, Azure DevOps, ARM Templates, Bicep, Anthos Service Mesh, Terraform, AWS, Hybrid Cloud Solutions, MCI, Google Load Balancers (GCLB/ILB)

• Joined Invue at a strategic time when the Software Engineering department was focused on converting a Node.js monolith into microservices
• Migrated the monolith's legacy infrastructure from AWS to Google Cloud, transitioning from inefficient, costly Compute Engine instances to Kubernetes
• Facilitated the migration of the microservice architecture running on Kubernetes to Microsoft Azure Cloud
• Architected a streamlined microservice infrastructure by automating the build and containerization of existing microservices
• Developed an MVP of the cluster's infrastructure using Docker Compose, which allowed developers to run the entire setup locally in a consistent and reproducible manner, thereby eliminating the need for shared, costly cloud-based development environments
• Enhanced developer proficiency in DevOps practices as measured by a 100% increase in contributions to CI/CD pipelines skill use by developers after conducting workshops and training sessions
• Implemented CI/CD pipeline processes to improve code quality, security, and automated tests
• Modernized their DevOps practices by adopting sound CI/CD pipelines effectively replacing Ansible with Terraform and brought Terraform Cloud into the enterprise, as well as Hashicorp Vault, leading to significant reductions in manual interventions and enhanced consistency in provisioning
• Elevated security as measured by improved secret management protocols and cloud IAM processes, enhancing the overall security posture

Technologies: JavaScript, TypeScript, Advanced Build Processes, Security, Secret Management, Identity and Access Management, Docker, Github, Github Actions, Kubernetes, Google Kubernetes Service, Azure Kubernetes Service, Amazon Kubernetes Services, Spinnaker, Automation, BASH, Terraform, Terraform Cloud, Hashicorp Vault, Linux, DevOps

• Collaborated within a multidisciplinary team to enhance security for Desjardins' Big Data solutions in Google Cloud Platform, Google Workspace, and Google Marketing solutions (Analytics, AdWords, Search Console, Maps)
• Led a large-scale account and access management migration project, synchronizing Desjardins' user identities for Single Sign-On (SSO) and transitioning access from user-owned to corporate accounts, ensuring uninterrupted service for thousands of users
• Developed a governance strategy for unmanaged accounts, eliminating consumer-type accounts with access to corporate resources and ensuring all corporate identities were securely managed
• Automated data mining tasks for user data migration using advanced LDAP queries with Active Directory, enhancing efficiency and accuracy
• Identified and disabled consumer-type accounts, securing Google Cloud resources owned by the firm
• Created proof of concepts to evaluate Big Data solutions for marketing and analytics teams using Google Cloud technologies

Technologies: Google Cloud Identity, Active Directory, LDAP, SAML, Terraform, Vault, Linux, GitLab, BigQuery, BASH, Python, Cloud Operations, Apache Beam, Apache Airflow

• Ensured e-commerce infrastructure availability around the clock
• Maintained infrastructure-as-code and performed manual system administration on legacy infrastructures
• Designed a multi-cloud solution used to facilitate the migration of the platform to a different cloud vendor
• Centralized application logging and implemented log-based metrics used to create dashboards and visualize data
• Implemented system monitoring and service health checks
• Increased e-commerce average page load speed by >30%

Technologies: Terraform, Linux, Gitlab, Docker, Docker Compose, Kubernetes, AWS, GCP, Apache, NGINX, Python, PHP, BASH, Django, Redis, Github Actions, Slack API

• Deployed and configured multi-regional Kubernetes clusters with Istio service mesh using Google Kubernetes Engine, and Helm
• Implemented multi-regional, Spinnaker k8s clusters for continuous delivery and canary deployments with automated pipelines triggered by container image tags

Technologies: Google Kubernetes Engine (GKE), Istio Service Mesh, Helm, Spinnaker, NGINX Load Balancer, Istio RouteRules, Private Container Registry, Kubernetes, Continuous Delivery, Canary Deployments, Blue/Green Deployments, Automated Pipelines

• Founded a next-generation business assistant as a service business—https://www.kisscalls.com—bridging the gap between online to offline conversions

Technologies: Python, Django, REST framework, OAuth2, Dialogflow, Google Assistant, App Engine, Polymer, Material Design, WebRTC, Firebase Hosting, Firebase Database, Cloud Functions, Express.js, Twilio, GCP, Github, Google Data Studio, Sendgrid

• Acceptance testing of provincial-wide, multi-vendor, RIS, PACS, DIR solution
• Installation and migration of large scale on-prem Oracle databases servers with replication across 3 central locations in the province of Quebec via private WAN
• Automated asynchronous load and conformance tests
• Developed a domain-specific language to automate end-to-end tests by writing YAML instead of a programming language

Technologies: Linux, DICOM, HL7, RIS, PACS, XDS, Python, BASH, Agfa IMPAX, dcm4chee

• Supported 5 enterprise web portals (50k daily users)
• Performed manual production rollouts on the products I owned
• Automated a subset of these production upgrades and progressive rollouts
• Developed our groups' IAM strategy during the first firm-wide rollout of MS's proprietary Identity and Access Management system
• Created a firm-wide wiki that lives on to this day and has had hundreads of daily users during my stay

Technologies: Linux, Organizaional skills, Self-driven, Read and wrote documentation, Tomcat, Java, PostgreSQL, Adobe Experience Manager, Oracle Database Server on-prem administration, Python, BASH, Identity and Access Management

• Tailored identity and access management solution for fortune 500 companies

Technologies: Windows Server, Active Directory, Database Management, Oracle Database <12, Lotus Notes, Solaris, Linux, AS/400, LDAP, Python, Twisted, Identity and Access Management, HTML, LaTeX, m4, BASH

• Deployed laboratory information systems

Technologies: Windows 2008 R2, RedHat Enterprise Linux, Solaris, AIX

• Deployed and upgraded large scale digital radiology software (100+ servers, 300+ RPMs)
• Investigated and documented system issues working closely with developers

Technologies: Linux, RHEL, BASH, Perl, Python, DICOM, HL7

• Installation, configuration, and administration of Linux servers, Linux Terminal Server (thinclients), shell scripting automation

Technologies: Debian, RedHat, Cyrus, LTSP, Sendmail, Popa3d, Courier-IMAP, Bind (DNS), Yellow Pages (NIS), Firewall (IPTables), Nagios, Postfix, PostgreSQL

• Google Developer Profile
• Developing a Google SRE Culture Coursera
• Reliable Google Cloud Infrastructure: Design and Process (Coursera)
• Google Cloud Fundamentals: Core Infrastructure (Coursera)
• Preparing for your Professional Cloud Architect Journey (Google) - Jun. 2024
• Generative AI with the Vertex AI Gemini API (Google) - Jun. 2024
• Developing a Google SRE Culture (Google) - Feb. 2024
• Managing Cloud Infrastructure with Terraform (Google) - Jan. 2024
• Google Cloud Fundamentals: Core Infrastructure (Google) - Feb. 2024
• Kubernetes in Google Cloud ((Google)) - Feb. 2020
• Baseline: Data, ML, AI (Google) - Feb. 2020

You can use gcloud to create and manage:

• Google Compute Engine virtual machine instances and other resources
• Google Cloud SQL instances
• Google Container Engine clusters
• Google Cloud Dataproc clusters and jobs
• Google Cloud DNS managed zones and record sets
• Google Cloud Deployment manager deployments
• Deploy App Engine applications
• Perform other tasks against Alpha and Beta Cloud Platform services

You can use gsutil to:

• Create and manage Cloud Storage buckets
• Upload objects to buckets, and download and delete them
• Move, copy and rename objects
• Manage access to stored data

You can use bq to manage datasets, tables and other entities in BigQuery, as well as run queries on your data.

Manage App Engine instances.

Local App Engine development server.

   curl https://sdk.cloud.google.com | bash

Warning: You can verify the SSL certificate using curl –cacert <certificate> and this root CA:

   # Operating CA: Symantec (GeoTrust)
   # Issuer: CN=GeoTrust Global CA O=GeoTrust Inc.
   # Subject: CN=GeoTrust Global CA O=GeoTrust Inc.
   # Label: "GeoTrust Global CA"
   # Serial: 144470
   # MD5 Fingerprint: f7:75:ab:29:fb:51:4e:b7:77:5e:ff:05:3c:99:8e:f5
   # SHA1 Fingerprint: de:28:f4:a4:ff:e5:b9:2f:a3:c5:03:d1:a3:49:a7:f9:96:2a:82:12
   # SHA256 Fingerprint: ff:85:6a:2d:25:1d:cd:88:d3:66:56:f4:50:12:67:98:cf:ab:aa:de:40:79:9c:72:2d:e4:d2:b5:db:36:a7:3a
   -----BEGIN CERTIFICATE-----
   MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
   MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
   YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
   EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
   R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
   9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
   fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
   iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
   1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
   bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
   MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
   ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
   uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
   Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
   tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
   PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
   hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
   5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
   -----END CERTIFICATE-----

Project-level authentication:

gcloud auth login --project=<project ID>

Make bucket files world-readable:

gsutil acl ch -u AllUsers:R gs://<bucket>/<object>

• https://cloud.google.com/compute/docs/load-balancing/http/using-http-lb-with-cloud-storage

• https://cloud.google.com/gpu/

gcloud beta compute instances create gpu-instance-1 \
    --machine-type n1-standard-2 --zone us-east1-d \
    --accelerator type=nvidia-tesla-k80,count=1 \
    --image-family ubuntu-1604-lts --image-project ubuntu-os-cloud \
    --maintenance-policy TERMINATE --restart-on-failure \
    --metadata startup-script='#!/bin/bash
    echo "Checking for CUDA and installing."
    if ! dpkg-query -W cuda; then
      curl -O http://developer.download.nvidia.com/compute/cuda/repos/ubuntu1604/x86_64/cuda-repo-ubuntu1604_8.0.61-1_amd64.deb
      dpkg -i ./cuda-repo-ubuntu1604_8.0.61-1_amd64.deb
      apt-get update
      apt-get install cuda -y
    fi'

dev_appserver.py <src>

with application debug log level:

dev_appserver.py --log_level debug <src>

with application server debug logging:

dev_appserver.py --dev_appserver_log_level debug <src>

with both:

dev_appserver.py --log_level debug --dev_appserver_log_level debug <src>

In order to have access to the remote_api, it must first be deployed with the option enabled¹:

builtins:
  - remote_api: on

remote_api_shell.py -s <project-id>.appspot.com

ref: https://cloud.google.com/appengine/docs/python/tools/remoteapi

gcloud dns managed-zones list

output:

NAME              DNS_NAME           DESCRIPTION
example-zone      example.com.

Here is an example of creating a CNAME record named my-cname.example.com that points to cname.value.example.org

$ gcloud dns record-sets transaction start -z <zone-name>
Transaction started [transaction.yaml]
$ gcloud dns record-sets transaction add -z <zone-name> --ttl <seconds> --type CNAME --name my-cname.example.com cname.value.example.org.
Record addition appended to transaction at [transaction.yaml]
$ gcloud dns record-sets transaction describe -z <zone-name>
additions:
- kind: dns#resourceRecordSet
  name: example.com
  rrdatas:
  - ns-cloud-e1.googledomains.com. cloud-dns-hostmaster.google.com. 3 21600 3600 259200
    <ttl seconds>
  ttl: 21600
  type: SOA
- kind: dns#resourceRecordSet
  name: mycname.example.com
  rrdatas:
  - cname.value.example.org.
  ttl: <ttl seconds>
  type: CNAME
deletions:
- kind: dns#resourceRecordSet
  name: example.com
  rrdatas:
  - ns-cloud-e1.googledomains.com. cloud-dns-hostmaster.google.com. 2 21600 3600 259200
    <ttl seconds>
  ttl: 21600
  type: SOA

$ gcloud dns record-sets transaction execute -z <zone-name>
Executed transaction [transaction.yaml] for managed-zone [<zone-name>].
Created [https://www.googleapis.com/dns/v1/projects/<project id>/managedZones/<zone-name>/changes/1].
ID  START_TIME                STATUS
1   2016-06-16T13:10:50.051Z  pending

Plain commands list:

gcloud dns record-sets transaction start -z <zone-name>
gcloud dns record-sets transaction add -z <zone-name> --name my-cname.example.com --ttl 300 --type CNAME cname.value.example.org.
gcloud dns record-sets transaction describe -z <zone-name>
gcloud dns record-sets transaction execute -z <zone-name>

Install requirements and configure gpg2 to be the default gpg:

sudo apt install libpam-yubico libyubikey-dev libyubikey0 python-yubico-tools yubikey-personalization gnupg gnupg-agent gnupg2 gpgv openssh-client gpgsm pcscd libccid pass

Uninstall gnome-keyring:

sudo apt remove libpam-gnome-keyring gnome-keyring

This is a matter of preferences, I do no use a display manager and if you do you may want to tweak this to be used in your .xsession file instead.

Warning: this configuration allows a single state for your gpg-agent and ssh-agent (which is gpg-agent) throughout your window manager. This means that all applications may be able to access resources available using some keys after you have provided sufficient information for gpg-agent to use these keys. If you're not sure of what you're doing do not use my Xorg configuration. .xinitrc

pkill -9 -u "$USER" -x gpg-agent
pkill -9 -u "$USER" -x ssh-agent
pkill -9 -u "$USER" -x xss-lock
pkill -9 -u "$USER" -x xscreensaver

xscreensaver -nosplash &> /dev/null &
xss-lock -- xscreensaver-command -lock  &> /dev/null &
setxkbmap us                    # kbd layout preset
xmodmap ~/.Xmodmap              # kbd styling
xrdb -merge ~/.Xresources       # X styling
#xhost +SI:localuser:$USER       # Disable access control
xsetroot -cursor_name left_ptr  # Fallback cursor
xset r rate 200 60              # Keyboard repeat rate

# start the `notion' window manager
gpgconf --kill gpg-agent

exec dbus-launch --exit-with-session \
     eval "$(gpg-agent \
                       --daemon \
                       --max-cache-ttl 720 \
                       --enable-ssh-support \
                       --max-cache-ttl-ssh 720 notion)"

.bashrc

export GNUPGHOME="$HOME"/.gnupg

if [ -f "${HOME}/.gnupg/gpg-agent.env" ]; then
    source "${HOME}/.gnupg/gpg-agent.env"
    export GPG_AGENT_INFO
    export SSH_AUTH_SOCK
fi

GPG_TTY=$(tty)
export GPG_TTY
export GNUPGHOME="$HOME/.gnupg"

Make yourself the owner of the Yubikey

eval $(lsusb -v | grep Yubi -A1  | egrep 'idVend|idProd' | awk '{ print $1"="$2 }')
echo SUBSYSTEM=="usb", ATTR{idVendor}=="$idVendor", ATTR{idProduct}=="$idProduct", OWNER="$USER" > /tmp/tmptmp
sudo cp -v /tmp/tmptmp /etc/udev/rules.d/50-yubikey.rules
sudo chown root.root /etc/udev/rules.d/50-yubikey.rules
rm /tmp/tmptmp

At this point you should restart Xorg:

pkill -u $USER

[...]

startx

Review gpg programs:

gpgconf --check-programs

Optionally you may reset the status of your yubikey by doing this:

cat > /tmp/reset_yubikey<<EOF
/hex
scd serialno
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 e6 00 00
scd apdu 00 44 00 00
/echo Card has been successfully reset.
EOF

gpg-connect-agent -r /tmp/reset_yubikey

List devices

ykneomgr -l

Configure for HID/CCID with touch eject

ykneomgr -M 82

Configure key for OTP/U2F/CCID composite device with touch eject.

ykpersonalize -m 86

The default PIN is 123456 and the default admin PIN is 12345678.

To change the default admin PIN perform the following:

gpg --card-edit
admin
passwd
3
12345678
<confirm new admin PIN>
<confirm new admin PIN>

To change the default PIN

gpg --card-edit
admin
passwd
1
123456
<confirm new PIN>
<confirm new PIN>

Your key stores personal information, to customize it follow these steps:

gpg --card-edit
admin
name
sex
lang
url
list
quit

Backup keychain, primary keys, subkeys, and generate a revocation certificate for them:

mkdir -p ~/gpg_backup/{primary_keys,sub_keys,laptop_keys}
cp -r ~/.gnupg ~/gpg_backup/dot-gnupg-backup
gpg --armor --export <key-id> > ~/gpg_backup/primary_keys/public_key.gpg
gpg --armor --export-secret-key <key-id> > ~/gpg_backup/primary_keys/secret_key.gpg
gpg -a --export-secret-subkeys <key-id> > ~/gpg_backup/sub_keys/secret_subkeys.gpg
gpg --armor --gen-revoke <key-id> > ~/gpg_backup/primary_keys/recovation_cert.gpg

https://github.com/GoogleChrome/ioweb2016/pull/514#issuecomment-205866122

• https://console.firebase.google.com/project/<project name>/settings/database
• Database
• Database secrets
  • Show existing legacy token
  • Create custom database authentication tokens using a legacy Firebase token generator. At least one secret must exist at all times.

• https://cloud.google.com/appengine/downloads#Google_App_Engine_SDK_for_Go

unzip go_appengine_sdk_linux_<arch>_<version>.zip

After building the app:

cp -r app/temporary_api/ dist/app/