Securing Container Workloads on AWS Fargate

Securing Container Workloads on AWS Fargate

Tuesday, Feb 19, 2019

When containers first became mainstream (think PyCon 2013 with Solomon Hykes on stage), everyone thought it had potential and began to test running containers on their own, but almost no one set out to put containers in production that day. They wanted to see it battle-tested…which has happened over time. Containers have matured from an emerging technology to production-ready where it’s generally considered safe, but there’s a new problem. Now, we need our business processes, tools, and architecture models to mature as well.
@ Theo
1 minute read
Automatically Deploy Hugo Blog to Amazon S3

Automatically Deploy Hugo Blog to Amazon S3

Saturday, Jan 19, 2019

I had grand aspirations of maintaining a personal blog on a weekly basis, but sometimes that isn’t always possible. I’ve been using my iPad and Working Copy to write posts, but had to use my regular computer to build and publish. CI/CD pipelines help, but I couldn’t find the right security and cost optimizations for my use case…until this year. My prior model had my blog stored on GitLab because it enabled a free private repository (mainly to hide drafts and future posts).
@ Theo
2 minutes read
Rotate IAM Access Keys

Rotate IAM Access Keys

Thursday, Aug 16, 2018

How often do you change your password? Within AWS is a service called Trusted Advisor. Trusted Advisor runs checks in an AWS account looking for best practices around Cost Optimization, Fault Tolerance, Performance, and Security. In the Security section, there’s a check (Business and Enterprise Support only) for the age of an Access Key attached to an IAM user. The Trusted Advisor check that will warn for any key older than 90 days and alert for any key older than 2 years.
@ Theo
4 minutes read
Add Athena Partition for ELB Access Logs

Add Athena Partition for ELB Access Logs

Tuesday, Jul 31, 2018

If you’ve worked on a load balancer, then at some point you’ve been witness to the load balancer taking the blame for an application problem (like a rite of passage). This used to be difficult to exonerate, but with AWS Elastic Load Balancing you can capture Access Logs (Classic and Application only) and very quickly identify whether the load balancer contributed to the problem. Much like any log analysis, the volume of logs and frequency of access are key to identify the best log analysis solution.
@ Theo
3 minutes read

About Me

Self-described technology enthusiast working with containers, DevOps, networking, load balancing, etc.

Career

After college, I came back to the family business, this time to force-feed technology into the business instead of passing around a QuickBooks file and design templates on a Zip disk. This ended up as a good trade–I was able to both freely learn and implement new(er) technology and gain powerful business experience. I am fully capable of explaining any technical topic to a non-technical audience. I taught my mother about files/folders on a hard disk by showing her the files and folders in her file cabinets.

I spent a short time as a law firm doing more of the same, but wanted more. I joined a state-level government agency and began to specialize in networking. I quickly moved through the ranks moving from Junior to Senior status, and spent a few years as a Network Manager. I dove into “network service” technologies and tools like load balancing, name resolution, monitoring, logging, and analysis. My success there came from four principles:

  • Work with the customer–ensure your decisions are for their benefit.
  • The borders of your responsibility are soft–learn about how your department affects other departments. A little cross-team knowledge goes a long way.
  • Don’t waste time repeating processes–if you’ll repeat it, script it and let the system work for you.
  • Automate yourself out of a job–if you do, they’ll give you a better one.

College

I went to Florida Institute of Technology in Melbourne, FL, USA and received my Bachelor of Science in Computer Science. While the degree is a great résumé builder, the knowledge and experience gained were much more valuable.

We didn’t just focus on learning a programming language–we learned WHY a language was developed and what separates it from others. Concepts were more important, because that led to a language-independent programming skill. As a result, I can now write code in any language.

I also got a taste at other IT-related skills. The program provided enough electives for us to branch out and “test the waters” around different disciplines. As a result, I got a breadth of skills to help complement my degree: cryptography, computer vision, system administration, OS concepts, database design, etc.

My senior project was a collaboration between Aerospace, Mechanical, Computer, Electrical, and Software Engineers. We built a scale model of a V-22 “Osprey” with a design for mid-air transition while carrying heavy cargo. Since it was a scale model, we also used a wireless serial transmitter and ground interface to control the osprey using a Radio Controller hooked up to a computer screen. My job was the GUI/software for the Flight Control System and interface as well as the scripts to perform the advanced aeronautical calculations. It was a great team experience that further expanded my breath of skills and abilities.

Moving

My family and I wanted to move from Tallahassee, FL, USA, to Charlotte, NC, USA and we got the opportunity when I was offered a Network Engineer position with an insurance company that had a regional headquarters in Charlotte. I joined the Network Services team and found my passion for improving processes through orchestration/automation. I also got my first taste of cloud and cloud networking, which required a new education on cloud networking. For many years, I had watched other network professionals accelerate their knowledge and experience on networking to a point, then stick with that knowledge until otherwise forced to change. I realized that I’m not an “old school” networker, as I think being an expertise in networking doesn’t mean knowing every command in a CLI. Cloud networking is different, and requires a new way of architecting–traditional networking tools only work until the cloud border. Ultimately, I spent a short time at the insurance company because I was recruited by Amazon.

The Early Years

Ask my mother, and I was always going to work in technology. At age 5, I set the clock on the VCR and programmed it to record my shows.

My family owns a swimming pool contracting business in Tallahassee, FL, USA and I spent my childhood and teenage years learning how to run a business. Technology was a hobby, and I had fun exploring building my own gaming rig, writing plugins for software, and begrudgingly providing free technical support to friends and family.