Download PDF

CEO of LetXPert -- Cloud Computing Consulting

  • Cloud Architect
  • Principal Engineer at Amazon.com
  • Security Architect at Visto.com
  • Secure Systems Software Developer at A&T Bell Labs
  • Innovator and Inventor

Summary

My goal is to help companies find their own secure path to the Cloud

My personal journey with security and services started over twenty years ago at AT&T Bell Laboratories writing source code for one of the first Internet firewalls on our own B1 hardened secure version of UNIX. It was fun and fascinating to hack into systems (with permission), to find and anticipate security holes and write patches for the operating system.

When the world wide web exploded onto the scene, Jim Bidzos of RSA Security personally recruited me to become the security architect at a little startup called Visto -- where we invented ways to securely store and synchronize  bookmarks, files, photos, and email on the Cloud. We were like DropBox ahead of our time but unfortunately broad-band wasn't widely available and we wound up with plenty of patents but not enough customers.

Amazon recruited me to help them with scalability and security.  As a principal engineer, I led the teams that developed Amazon's first distributed service "CustomerMaster".  We created our own Object-Relational Mapping (ORM),  giving an editable graph of objects to our service clients.  Since CustomerMaster managed all of Amazon's customers and their shopping preferences, it  had to be highly available, redundant, and fault tolerant.


But before we could build a  service around customer data, we had to refactor a huge code base and gather all customer information into its own database cluster.  Those were exciting times!! But when my wife became chronically ill, I took a sabbatical to help her recover and to enjoy raising my kids and seeing them off to college.  Now, I've gotten back into scaling, the Cloud, security and programming, working freelance as a Cloud consultant (naturally focusing on AWS), and most recently helping SocialCode.com migrate to Docker containers.

Docker amazes me with its simplicity and elegance. I enjoy helping companies discover how docker and the Cloud can simplify their architecture and development/deployment cycle and help them find the right migration path -- minimizing the pain and maximizing the gain.

Moving legacy systems to the Cloud can be an enormous challenge.  Like heart surgery, business never stops. Sometimes it feels like we're  replacing the pistons in a race-car's engine during a race with no pit stops.

I enjoy helping companies to find their own secure path to the Cloud,  and to find a workable migration path from where they are to where they want to be. Although my focus is on architecture and scalability, I also enjoy writing and refactoring source code with innovative solutions.

Work History

2010Present

Founder/CEO

LetXpert -- Cloud Computing Consulting

After a career pause to focus on family,  I decided to get back into technology, so I quickly refreshed my technical knowledge and settled in on Cloud computing which is my first love in terms of technology (the second being computer security).

Recent Clients:

SocialCode Inc:  December 2015 - present:  Cloud Computing Architect/Consultant guiding  their path  from classic services to Docker containers on ECS and their own AWS Virtual Private Cloud.  

  • Refactoring Javascript and Python code into Versioned Packages
  • Docker/Chef Integration Policy -- how to leverage their existing investment in recipes.
  • Versioning and Tagging Policy
  • Docker Development Workflow -- designed an efficient workflow for development of JavaScript, Go Language and Python services and applications.
  • Docker Continuous Integration 
  • Docker/ECS Continuous Deployment
  • Invented an Instantaneous Pull Request Previewer for Docker images
  • Secrets Management
  • ELK Logging and Monitoring for Docker on ECS
  • All things Docker and ECS
  • Helped various teams containerize their code in preparation for Docker
  • Go Language, Lua, Python, JavaScript, Node, ECS, Docker
  • Several services are already in staging, and headed to production.

Trove.com: September 2014 to November 2015 closing:  Coordinator for projects that cut across multiple teams

  • Large-scale refactoring all URLs to be more SEO friendly
  • Open Graph and oEmbed semantic tagging of all data
  • Sitemap Generation
  • HTML Pre-rendering (using Phantom 2) to make Trove's content crawl-able to all robots.
  • Created Orthrus an A/B Testing Framework that leverages GIT branches to create multiple versions of a website, without relying on run-time if statements or javascript hacks.
  • Python and JavaScript

Unfortunately Trove.com did not acquire enough curators or readers to sustain its business model, so it ceased operations in November 2015. 

Small Personal Projects to Stay Current: 2010 to 2014: 

  • Javascript, jQuery, JSONP
  • CSS
  • Google Maps Integration
  • GEO-IP Website Sensitivity
  • SEO
  • Apptanium Mobile Client for SugarCRM
  • SugarCRM Customizations
  • Small Websites

19992004

Principal Software Development Engineer

Amazon.com

One of roughly a dozen principal engineers at Amazon at that time

Customer Master Service: Architect and Project lead for Amazon's first distributed service.   CustomerMaster managed all of Amazon's customer information, including email and street addresses, credit card tokens, purchasing preferences, login and authentication.

Customer Master was a mission-critical service, highly available, fault-tolerant, and redundant, without which no customer could place an order in the United States,  France, United Kingdom or Japan 

An Object-Oriented Programming API presented objects to the business logic clients such as the shopping cart and ordering modules, which allowed complex interactions and even the creation of new objects on the client, which could all be synchronized to the Customer Master Service with a single, atomic save using optimistic locking to preserve data integrity and high availability.    

The first use of globally unique identifiers at Amazon for client-side object creation.

Session Directory: Designer and Project Lead for Amazon's first sharded database solution. Session Directory managed all of Amazon's shopping cart information,  including grouping catalog items into orders.  

This two-tier solution predated the Customer Master Service.  It partitioned shopping carts and orders into multiple databases, using a weighted random allocation that allowed our DBA's to add new partitions and redistribute the load for maintenance.  Each horizontal partition (or shard) consisted of a replicated pair of identical databases, so a hot-standby was always available.   

Managed this priority zero project (above all others), without which Amazon's infrastructure could not have scaled for Christmas of 2001. Went from concept to production in 90 days, and launched with no down time by adding the initial extra partitions with an initial weight of zero.

Everything worked. No existing shopping carts were lost and the shopping cart databases scaled through the Christmas season.

Customer Master Database: Project Lead for Amazon's first successful large-scale database refactoring project, taken from concept to production in four months.

Prior to this, customer data was scattered, intermingled and co-joined  with shopping cart and order information across six huge Oracle databases on the most powerful unix hardware available that time. These databases were already straining under the load of six-way multi-master replication, because every update resulted in six writes! And replication conflicts were common.

Goal: Untangle and relocate all customer data into a single database with universal coordinated time (UTC) dates, and refactor over a million lines of code to access the new location.

Without this refactoring, Amazon's existing databases could not have scaled for Christmas of 2001.   

Since project had already been attempted and failed once before I came to Amazon, resulting in a lengthy outage and negative publicity, Jeff Bezos gave two demands: don't make the cover of the Wall Street Journal, and only take the site down for one hour.

To prepare for this project, I contacted the team members of the failed project to assess what went wrong and to build fail-safes  into our process to avoid repeating history.  On the surface, the objectives seemed to be impossible, because customer data was involved in almost every aspect of Amazon's systems from shopping to fulfillment,  but we were able to achieve them following a phased approach:

Phase 1 -- Refactor all SQL statements to avoid joins between orders, shopping carts and customers, (which would no longer work when those tables were not locally available on the same database.)

Phase 2 -- Virtual Customer Master Database.  We created a virtual customer master database consisting of nothing but DbLinks to the real database tables.  This allowed us to test our new SQL and allowed us to begin to refactor the source code.

Phase 3 -- Refactor All Source Code.  We used a call-graph analysis tool to find all paths to statements affecting customer data, and refactored the code to access customer data at its new virtual location.   

Phase 4 -- Dual Mode Access.   In the staging environment, we cut over completely to the new test database, but in production, the new code paths toggled at run-time to use the old locations. The source code and databases were instrumented to report every incorrect access to the old locations.

Phase 5 -- Live Launch.   On launch night, at midnight we took Amazon offline, and allowed the 6-way replication logs to play out and initialized the new Customer Master Database, toggled our run-time switch to access the new location and brought the system back online within the hour. Every system worked.

Phase 6 -- Post Launch.  One secret to our success was that we left DbLinks behind in the six old databases pointing to the new Customer Master Database. This fail-safe strategy allowed any tools and utilities that might have been overlooked to continue to work; but we contacted the owners and gave them a short time window to correct their code. Thirty days later, the DbLinks were removed and the new Customer Master Database project was completed.

We hit all  our milestones and kept all our promises. The new customer database scaled through the Christmas season; and replication conflicts were completely eliminated. 

19961999

Security Architect

Visto ( Good Technologies)

Personally recruited by Jim Bidzos and David Cowan of RSA Data Security and Bessemer Venture Partners,  I joined Visto in 1996 with an equity position in an exciting startup focusing on Cloud computing or "ubiquitous computing" as we referred to it in 1996. 

We quickly developed an amazing suite of services including synchronization of files, emails, bookmarks (across many browsers), and offered a secure gateway to facilitate authentication and synchronization.   

I personally developed Visto's load-balancer, HTML template engine, File Server and Email Gateway, using Java and C++.

Invented applet-based authentication, temporary certificates, and remote encryption, among a dozen patents awarded that have resulted in over three hundred million dollars in settlement payments from Research In Motion, Microsoft, Seven Networks and other infringing companies.

Visto featured file-synchronization and global secure storage ten years before Dropbox.com!

Sadly, Visto was ahead of its time -- broadband was not widely available yet so the business model itself never proved to be profitable. Visto was later acquired by Good Technologies.

19941996

Secure Systems Developer and Member of Technical Staff

AT&T Bell Labs

A member of the team that developed one of the first Internet firewalls,  the SV/MLS Computer Watch Trusted Gateway, and the SV/MLS B1 Secure version of Unix.

Wrote device drivers, utility commands, administration GUI,  and the Postfix Alarm Language (PAL) used for real-time intrusion detection.

This was hard-core C-language, operating system programming. But Bell Labs was so focused on pure research that they rarely managed to capitalize on their inventions.

20042014

Sabbatical Supporting my Wife and Son

My wife Cynthia became mysteriously ill with what we now call chronic fatigue, so I took a sabbatical to help her and to spend more time with my young sons. Unfortunately our son Samuel was stricken with schizophrenia, so I extended my sabbatical indefinitely until we tragically lost him to suicide in 2012. After grieving we decided to focus on the future and loving those that are with us now, and I returned to the workforce.

Education

19921994

Master of Science, Computer Engineering

North Carolina  State University, Raleigh-Durham, NC

Artificial Intelligence, Pipe-line Processing

19861989

Bachelor of Science, Mathematics with a Concentration in Computer Science

University of North Carolina, Greensboro, NC
  • Graduated Summa Cum Laude with a  GPA  of 4.0
  • Mathematics Department -- Student Excellence Award
19791983

Bachelor of Ministry

Southeastern Bible College, Lakeland FL
19751978

Diploma

Southeast High School, Guilford County, NC
  • Physics Award
  • Navy Nuclear Physics Entrance Exam: Highest score ever by a high school student.
  • Cross Country

Skills

Challenging Assumptions

Technology adoption and innovation must focus on business needs and follow a sensible migration plan so companies can break free from past technologies and technical debt with minimal interruption.

Planning and Communication

Large projects gain the most traction when they follow a clear plan that addresses the needs of every stakeholder so the entire organization can "buy in" to the plan and achieve the impossible.

 Cross-Organzational Projects

Leading projects that cut across organizational boundaries with the potential for massive impacts on developers, designers, and product managers is my definition of "normal." 

Technologies

Docker, AWS, ECS, GIT, Jenkins, Linux Admin, TCP/IP Networking, Distributed Systems, Cloud Computing,

Languages

Go, Python, Lua, JavaScript, Java, Php, C++, C,  php, Perl, Yaml, bash.

Patents

  • Global Secure Access
  • Distributed Authentication 
  • Temporary Certificates
  • Authentication Applet
  • Remote File Encryption 
  • Synchronization of Files, Photos, and Bookmarks over the internet.
  • Synchronization of Email
  • Global Information Translator to Native Formats

Interests

  • Sport Fishing -- for rainbow trout in mountain streams, and mangrove snapper, grouper, king fish and tarpon in the scenic Florida Keys
  • Guitar -- playing, song-writing and singing
  • Mathematics, Science and Technology