VJ Patel
Address and References
available on request
available on request
Experience
Vice President Lead Security Engineer
Oct 2023 -
Present
- Built a generic asset inventory in Go, enabling enumeration and traversal of relationships between resources on AWS, Kubernetes, GitHub, Snyk, and other internal systems to generate diagrams for threat modelling and reports on real data.
- Identify security domains for improvement, what good looks like for each of those domains and plan a Security Engineering roadmap to achieve it.
- Build automation tooling in Go to speed up and improve consistency of manual processes, such as vulnerability management and generating wiki documentation from code and Markdown.
Cloud Native Engineer (Contract)
Sep 2022 -
Oct 2023
- Developed an ingestion tool which scans open-source dependencies for vulnerabilities and evaluates them with Open Policy Agent (OPA).
- Established the use of GRPC service architecture to strongly define APIs, abstract layers and components into replaceable parts, and generate Swagger compatible user-facing API documentation.
- Implemented runtime rotation of time-limited database credentials provided by Hashicorp Vault.
Co-Founder and Director
Mar 2022 -
May 2023
- Implemented Zero-Trust edges to access internal services and infrastructure with github.com/pomerium/pomerium.
- Deployed an MVP of the Dracon SaaS product with multi-tenancy at the infrastructure layer powered by Terraform, Helm, GitOps and the Please build system.
- Built a scalable version of the SaaS product with multi-tenancy at the application layer that runs on serverless infrastructure to minimise costs.
Senior Backend Engineer, Cloud Security
Apr 2021 -
Sep 2022
- Technical Lead for the strategic programme of making their Vault product available as SaaS on Google Cloud Platform. This involved architecting the infrastructure, producing timelines and resource requirements, and ultimately being responsible for the technical delivery.
- Technical Lead for the deployment of Falco, a Kubernetes Runtime security agent across our Kubernetes clusters and the implementation of pre-building the eBPF probes that we use over at github.com/thought-machine/falco-probes.
- Drove and implemented identity-based methods for service-to-service authorization (i.e. Workload Identity) to move us away from provisioning and using multiple password-like credentials for services.
- Maintained open-sourced Please build rules for Terraform at github.com/VJftw/please-terraform.
Backend Engineer, Cloud Security
Aug 2019 -
Apr 2021
- Designed and built a service that facilitated self-service federated access to Cloud and Kubernetes environments with support for break-glass processes. This was a pluggable collection of micro-services in Golang which communicate via GRPC.
- Matured our Terraform usage by writing rego policies for conftest based on CIS benchmarks to mitigate misconfiguration vulnerabilities; migrating to Terraform 0.12+; adding declarative authentication; and parallelising our CI/CD pipelines.
- Implemented simple immutable infrastructure using Packer and Terraform to be used in projects where Kubernetes was undesirable.
- Designed a scalable network architecture for our SaaS offering on AWS using AWS PrivateLink VPC endpoints to expose services between VPCs instead of VPC-peering.
- Implemented and scaled our audit logs pipeline on both AWS and GCP using AWS Kinesis/GCP PubSub and Logstash to include audit logs from AWS CloudTrail, AWS EKS, AWS Security Hub, GCP, and GKE.
- Open-sourced Dracon, a tool for building k-native security pipelines on top of Tekton CI.
- Created an Attestations Proxy for B2B clients to authenticate and verify that the Docker images they pull are signed by Thought Machine. This is an authenticating reverse proxy to Grafeas.
- Created a Docker Registry Proxy for B2B clients to authenticate and pull Docker images we create.
- Developed “Cheese”, a tool to help raise awareness around engineers leaving workstations unlocked.
Senior DevOps Engineer
Apr 2019 -
Aug 2019
- Implemented horizontal auto-scaling of Jenkins workers with EC2 spot instances and promote the use of Docker in build processes to improve consistency and reduce developer deployment feedback loop.
- Devised, implemented and automated GitOps focussed Role-Based Access Control (RBAC) on AWS across multiple accounts based upon AWS Landing Zone principals.
- Automated weekly reports of cloud-based infrastructure via github.com/nccgroup/ScoutSuite.
- Reduced infrastructure divergence from code by splitting Terraform source into domain-driven modules and states that are run more frequently.
- Spearheaded Ansible to automate the deployment of new releases onto legacy “pet” instances.
DevOps Engineer
Jun 2018 -
Apr 2019
- Built a Highly Available platform with improved scalability, resource use and continuous deployment whilst improving existing security standards with Docker, AWS ECS (Elastic Container Service), Consul, Traefik, HAProxy, and Terraform with GitOps. HA Traefik was provided by DNS round-robin load balancing and workload instances utilised AWS Spot fleet to reduce costs.
- Introduced structured logging from Docker container output into centralised logging with ELK which allowed us to record and perform analysis on outbound requests through Squid proxies.
- Introduced Grafana and Prometheus with InfluxDB for metric-based monitoring.
- Maintained existing Puppet-based cloud infrastructure configuration, upgraded existing services such as Artifactory OSS, and RabbitMQ, whilst promoting the movement to immutable infrastructure.
- Lead the containerisation of Java applications to conform with Docker best practices with portable integration tests via docker-compose.
- Improved development workstation provisioning using a pre-seed configuration with LUKS(FDE) and LVM.
Developer
Jan 2016 -
Jun 2018
- Migrated projects to use Docker containers utilising AWS ECS (Elastic Container Service), WeaveNet and Traefik to reduce costs.
- Lead security which involved vulnerability scanning, risk assessments and deploying more secure protocols such as mutual TLS (mTLS).
- Lead DevOps involving infrastructure as code with Terraform and container orchestration.
Junior Developer (Internship)
Aug 2014 -
Aug 2015
- Aided in the development of projects with clients such as British Rowing and Vote for Policies which were developed in Python and PHP (Symfony).
Education
Sep 2016 -
Sep 2017
MSc Computing and Security
Pass with Distinction
- Awarded the prize for the best overall performance on the MSc in Computing and Security (2016/17).
- Dissertation titled “Collective Privacy Management in Social Media” (74%)
- C-score: 73%. Top 5 modules: Security Engineering (92%), Group Project - Chit Chat (85%), Cryptography and Information Security (80%), MSc Individual Project - Collective Privacy Management in Social Media (74%), Network Security (69%).
Sep 2012 -
Jul 2016
BSc Computer Science with Industrial Experience
First Class Honours
- Dissertation titled “Implementations of Homomorphic Encryption” (82%)
- C-score: 75%. Top 5 final year modules: Embedded Systems (83%), Computability (82%), Project - Implementations of Homomorphic Encryption (82%), Web Programming (80%), Algorithms and Complexity (73%).
Skills
Golang
(Expert)
Terraform
(Expert)
Bash
(Advanced)
Python
(Intermediate)
Public Cloud
- Amazon Web Services
- Google Cloud Platform
Containers
- Kubernetes
- Nomad
CI/CD
- Tekton
- GitHub Actions
Provisioning
- Ansible
- Puppet
Servers
- Debian & Redhat-based
- Container Linux
Micro-services
- GRPC
- Producer/Consumer
Message Queueing
- RabbitMQ
- Kafka
Caching
- Redis
- In-memory
Databases
- PostgreSQL
- MongoDB
Service Mesh
- Consul
- Istio
Domain Driven Design
Behaviour Driven Development
Separation of Concerns
Immutability
GitOps
Zero-Trust