Resume

Professional Summary

  • Distinguished Engineer and Founder of KATN Solutions with 25+ years of experience in distributed systems, platform engineering, and infrastructure automation across fintech, cryptocurrency, enterprise technology, and financial services, with deep expertise in Kubernetes, multi-cloud architecture (AWS, GCP, Azure, bare-metal), and modern cloud-native systems

  • Platform Engineering and Distributed Systems Expert specializing in multi-cloud Kubernetes infrastructure, real-time data processing systems, and cost optimization at scale — achieving 76% infrastructure cost reductions, 100x observability cost savings, and architecting platforms processing millions of cryptocurrency market data events daily across federated clusters. Over $1.2M in annual savings.

  • Security and Compliance Leader with track record founding security teams, implementing enterprise WAF systems protecting global user bases, designing PCI DSS compliant payment infrastructure, achieving FedRamp authorization automation, and responding to critical security incidents including insider threat forensic recovery with zero data loss

  • Technical Innovator and Open Source Contributor creating production-grade tools including AI-powered diagnostic systems achieving 85% MTTR reduction, self-updating binary distribution systems (listed in awesome-go), Kubernetes operators, and authentication systems — with multiple projects adopted across organizations

  • Engineering Leader and Educator building and managing globally distributed teams across five continents, establishing engineering standards and hiring systems, strict GitOps and BDD for code, configuration, and infrastructure, and delivering technical training in security, DevOps, and software development practices throughout career

Experience

KATN Solutions | Founder & Principal Consultant | Mar 2025 - Present

  • Founded infrastructure, security, and DevOps consulting practice delivering enterprise-grade systems to startups and growing companies — architect, build, train, and hand off

  • Expert consulting that architects systems, establishes engineering standards, and trains teams to own them — enterprise-grade infrastructure without ongoing senior engineering costs

  • Specializing in Kubernetes platform engineering, security architecture, observability, AI automation, and GitOps across AWS, GCP, Azure, and bare-metal environments

Terrace | Director of Infrastructure and Security | Jun 2023 - Mar 2025

  • Re-architected flagship cryptocurrency trading platform in under 3 months, reducing latency from 600ms to microseconds and enabling 100x data capacity increase to meet market launch requirements

  • Designed distributed data curation platform for cryptocurrency markets with sub-10ms change detection latency across 4.1M+ trading pairs, serving as core library adopted by 27+ services and eliminating over $500k in annual data costs

  • Implemented AI-powered security and incident response automation using Claude, achieving 24/7 automated coverage, 80% reduction in manual triage, and 50% faster MTTR through Slack-integrated diagnostic bots

  • Architected federated multi-cluster observability platform processing 2M+ WAF security events daily across multiple distributed Kubernetes clusters, reducing MTTR by 85% (30 minutes to 5 minutes) and automating 60-80% of routine diagnostics

  • Established engineering standards and processes including strict GitOps and BDD for code, configuration, and infrastructure. Automated Acceptance Testing that distills “Customer Happiness” into signals a computer can measure.

  • Built and managed globally distributed engineering organization spanning five continents (North America, South America, Europe, Africa, India) with asynchronous-first communication and consistent quality standards

  • Architected multi-cloud hybrid Kubernetes platform spanning AWS, GCP, Azure, and bare-metal, achieving 76% cost reduction and 40% latency improvement while eliminating vendor lock-in through cloud-agnostic design

  • Led forensic response to critical insider threat incident, executing complete asset recovery and system reconstruction within hours of total compromise with zero customer data loss, validating zero-trust architecture under adversarial conditions

  • Achieved 100x reduction in monitoring costs by implementing Prometheus + Thanos federation replacing commercial SaaS observability solutions while improving visibility and MTTD. $120k annual costs eliminated.

  • Replaced AWS NAT Gateways with EC2-based solution using iptables, eliminating $120k+ annually in recurring costs while maintaining equivalent functionality and availability

  • Designed bare-metal Talos Kubernetes clusters with LUKS full-disk encryption and custom Key Management System integrated with Hashicorp Vault, eliminating $120k-$240k yearly data egress costs through datacenter co-location

  • Implemented comprehensive Infrastructure as Code with Terraform complete with compliance and acceptance tests managing multiple AWS accounts plus Azure resources, establishing GitOps workflow with cross-account IAM, OIDC providers, and production security controls

Amazon Web Services | Systems Development Engineer, Senior DevOps Consultant | 2022 - 2023

  • Automated FedRamp compliance processes for Amazon Global Accelerator Federal government cloud systems, achieving 100% automation of compliance checks and 50% faster authorization with zero compliance violations

  • Developed Kubernetes Operators for Amazon WAF enabling declarative policy management, reducing WAF policy deployment time by 95% and achieving 100% Kubernetes-based management of AWS resources

Orion Labs | Head of Infrastructure, Principal Engineer | 2020 - 2022

  • Built stand-alone, self-bootstrapping Kubernetes platform for SaaS, cloud-prem, on-prem, and air-gapped installations — customer described as “flawless” and “easiest, highest quality software installation we have ever seen”

  • Solved thundering herd problem where MDM agents restarting device fleets overwhelmed AWS ALB auto-scaling, migrating to NLB with Layer 7 switching in Kubernetes ingress controllers to handle massive traffic spikes

  • Built COVID epidemiological contact tracing system for Massachusetts Bay Transit Authority (MBTA) using voice bot-enabled platform with real-time location tracking and privacy-preserving historical contact identification

  • Developed Voice Bot Framework enabling voice-driven automation on Orion PTT platform, creating new product capability supporting customer voice automation use cases

Scribd | Principal DevSecOps Engineer | 2018 - 2020

  • Founded and led Scribd’s first Security Team, transforming security posture and establishing security-first culture for platform serving millions of users globally

  • Built scalable SIEM system from scratch handling petabytes of log data with real-time threat detection, providing self-service analytics enabling anyone in the company to answer “What’s going on?” with worldwide CDN visibility

  • Implemented enterprise-grade WAF using ModSecurity protecting global user base while maintaining 99.99% availability

  • Created Managed Secrets system providing YAML interface on Hashicorp Vault, enabling developers to define secrets without accessing production values — released as open source with community adoption

  • Designed Kubernetes clusters with native tooling connecting application workloads to Fastly CDN caches, achieving 99% cache hit rate and 50% bandwidth cost reduction

Stitch Fix | Sr. DevOps/SRE | 2017

  • Built Identity and Access System for Algorithms & Analytics department providing secure access to all resources — system maintained 100% uptime during company’s third-party SSO breach when vendor went down

  • Enabled AWS IAM Role/STS credentials on developer laptops without code alteration of Amazon SDK, providing passwordless authentication with zero credential leaks

Apple | Lead DevOps Engineer | 2015 - 2017

  • Led Apple Pay DevOps team in implementing modern administration and audit pattern, achieving first hardware ownership by Apple Pay in Apple’s history through collaboration between Security, Audit, and Engineering

  • Designed and implemented first automated test-driven CI/CD system for Apple Pay with dynamic environment creation per pull request, enabling rapid safe deployments with zero deployment-related outages during tenure

  • Architected command and control infrastructure managing 30,000 servers worldwide, orchestrating China launch with zero downtime throughout critical 2015-2017 period

  • Provided infrastructure and DevOps support for Apple Pay payment processing systems handling millions of daily transactions, maintaining PCI DSS compliant infrastructure with sub-second performance targets

  • Created private OpenStack cloud from unused hardware achieving 100x acceleration of build and test cycle, overcoming datacenter space limitations and cloud usage restrictions

  • Designed OpenStack deployment with security-first architecture so secure that Apple’s security teams couldn’t penetrate until protections were stood down — told “that was a first” at Apple

TekSystems | Sr. DevOps Consultant | 2014 - 2015

  • Built static code analysis tools using Antlr to parse Puppet DSL for Governance, Risk Management, and Compliance (GRC), enabling pre-merge compliance validation and eliminating entire class of compliance violations

  • Designed auto-scaling Continuous Delivery environment for educational testing platform, migrating multiple applications from proprietary systems to open source and reducing deployment time from weeks to hours

  • Developed and taught internal DevOps curriculum covering technology, disciplines, and cultural transformation

U.S. Bank | Security Architect, Application Architect | 2007 - 2014

  • Solely developed and managed Web Application Firewalls for entire U.S. Bank over 5 years with team of two, achieving zero breaches while maintaining PCI DSS and OWASP Top Ten compliance — organization trusted “WAF policy for all of US Bank boiled down to: Nik says so”

  • Developed Encryption Key management and distribution service saving over $1M compared to vendor bids, still in production 15+ years later supporting multiple countries with friendly UI for non-technical users

  • Designed Credit Card PAN Encryption and Tokenization System for Merchant Acquiring with scalable, highly available architecture protecting millions of transactions with zero PAN data breaches

Skills

Languages: Golang, Bash, Perl, Python, Ruby, Java, Groovy, JavaScript, TypeScript

Cloud & Infrastructure: AWS, GCP, Azure, OpenStack, Terraform, Multi-cloud Architecture

Kubernetes: EKS, AKS, Rancher, Kubeadm, Talos, Operator Framework, Helm, Kustomize, Replicated, Jsonnet

CI/CD: Jenkins, GitHub Actions, FluxCD, ArgoCD, Tekton, TeamCity, Travis, CircleCI

Databases: PostgreSQL, MySQL, Redis, Clickhouse, TimescaleDB, DynamoDB, GraphQL, Oracle, CNPG

Networking: TCP/IP, DNS, iptables, VPC Architecture, NAT, Network Segmentation, Load Balancers (ALB/NLB), CDN (Fastly, Cloudfront), Istio, Envoy, Nginx, HAProxy, Consul, Ingress Controllers, Contour

Security: WAF (ModSecurity, AWS WAF), SIEM, OWASP, PCI DSS, FedRAMP, Zero-Trust Architecture, Vault, Secrets Management, Encryption/Tokenization, IAM/RBAC, OIDC, SAML, JWT, PKI, OpenSSL, HSMs, Incident Response, Threat Detection

Observability: Prometheus, AlertManager, Grafana, Loki, Thanos, Fluentd, Fluent-bit, ElasticSearch, Logstash, Kibana, CloudWatch, Splunk, DataDog

AI Agents: Claude, Claude Code, GPT

Open Source Projects

Profiles