A Certified Information Systems Security Professional (CISSP) and AWS Certified Solutions Architect and Security Specialty with over ten years of experience shipping and maintaining tested, distributed, secure systems from thousand-line microservices moving billions of dollars each year to multi-million line GPS guidance systems. I deliver customer value utilizing object-oriented, functional, statically-typed, dynamic, and database languages. I lead teams as a Founding Principal Engineer, Tech Lead, Architect, Product Manager, and Startup Co-founder.
- AWS ECS
- AWS RDS
- Cloud Security
- Cloud SIEM
- Continuous Integration
- Continuous Delivery
- REST APIs
- Threat Models
- Distributed Systems
- CEO describing a Fortune 100 company's reaction to a demo I created: "Slam dunk with [Company]! Thank you for all your efforts on this! [Company VP] was visibly and vocally excited. I think his voice cracked a little when he exclaimed, 'how did you do that!'."
- VP of Product: "If no one is telling you, it's appreciated how intentional you are with growing our collective knowledge and being a champion for training. Thanks for doing this stuff, Rocky. I've also been hearing great things about your contributions and speed-of-delivery. The leadership team is impressed."
- VP of Engineering: "Rocky is one of our most respected and valuable engineers. His contributions are critical to the success of the company."
- Technical Lead and Manager: "He's a one-man wrecking crew, one of the most productive engineers I've worked with."
Principal Software and Security Engineer
- Authored and maintain SOC2-audited business continuity, disaster recovery, and incident response plans.
- Encrypt sensitive data using 256-bit AES-GCM envelope encryption backed by AWS KMS, random initialization vectors, and tagged ciphertexts to ease quarterly rotation. Searchable fields leverage HMAC SHA-512 hashes.
- Lead regular Threat Model and tabletop exercises to determine risks and create mitigation plans. Leverage NIST SP 800-30 and MITRE ATT&CK frameworks for threat sources and events.
- Set up ingestion of application, CloudTrail, GuardDuty, VPC flow, Route53, and load balancer access logs into Datadog. Over 95% of cloud security posture management (CSPM) rule findings passing for PCI, SOC 2, and GDPR with plans to reach 100%. Use security information and event management (SIEM) to alert on both new findings and anomalous activity.
- Use Nessus, Burp Suite, and Metasploit to scan for vulnerabilities and penetration test applications. Use Slither and Echidna to statically analyze and fuzz smart contracts, reporting on and addressing findings.
- Implemented and maintain Cloudflare Access and Gateway for zero trust application access and internet browsing for both office and remote employees.
- Coordinate company-wide security training and engineering team OWASP Top 10 and SANS Top 25 vulnerability demonstrations.
- Foster security culture by encouraging and, if possible, enforcing secure best practices such as AWS access via only temporary credentials, password managers for employee secrets, AWS Secrets Manager for software secrets, and hardware security keys for Git SSH access.
- Deploy Kandji to company endpoints to gather telemetry, manage software patches, and enforce security rules such as disk encryption and malware protection.
Founding Principal Engineer
- Drive DevOps culture with automated identity and access management (IAM) and resource provisioning across multiple AWS accounts using AWS Organizations and AWS's Infrastructure as Code (IaC) tool, CDK.
- Author ERC-20 compatible Solidity smart contracts, coordinate external code audits, and build automated multi-blockchain deployment infrastructure.
- Architect and build cost-efficient, secure, and performant cloud infrastructure utilizing managed and serverless services running in multi-subnet VPCs protected by WAFs.
- Rolled out SAML single sign-on company-wide with phishing-resistant FIDO hardware security key multi-factor authentication (MFA) and automatic identity provider (IdP) user provisioning.
- Proposed and implemented multi-signature hardware wallet signing process for smart contract and multi-blockchain custodial wallet access control taking care to prevent locked assets.
- Build continuous integration and delivery (CI/CD) pipelines to ship customer features on each two-person controlled software merge.
- Protect against supply chain attacks with Renovate dependency updates and automated Dependabot and Docker container security alerts.
- Maintain employee onboarding and offboarding through scripted application install, SSH configuration, and IAM provisioning/deprovisioning.
- Build secure by default CDK constructs (e.g., least-privilege policies, private S3 buckets, encryption at rest) to ease development.
Principal Technical Lead and Product Manager, APIs & SDKs
- Managed and mentored developers. Team strongly focused on customer satisfaction and ease of on-boarding with regular customer interviews, step-by-step guides, interactive demos, command-line interface (CLI), and automated, always up-to-date API code samples.
- Performed product discovery and regularly prioritized to ensure team quickly delivered the right products at the right time. Furthered this by implementing "No Meeting Wednesday" and asynchronous stand-ups to increase focus time.
- Created uptime and availability tests with automatic rollback and alerting, confidently enabling continuous delivery of services.
Principal Software Architect
- Hired as Principal Engineer responsible for leading public REST APIs. Built it from scratch to OpenAPI, JSON:API, and CloudEvents specifications. Inter-service communication via Kafka and gRPC. Code coverage >90%.
- Created and owned core libraries and build plugins to reduce duplication, improve security, and multiply engineering team's productivity.
- Architected and implemented distributed, streaming, event-driven systems capable of sub-second bill of materials (BOM) and scene updates on CAD models with hundreds of thousands of BOM lines.
- Search over hundreds of millions of pieces of CAD metadata using combination of Elasticsearch and Postgres full-text search.
Principal Software Engineer
- Transitioned most business-critical database table from mutable to immutable, enabling point-in-time user balance queries, robust statements, and snapshots. Snapshots led to 200x faster database queries and 75% reduction in overall database deadlocks.
- Migrated webhooks to serverless Lambda functions, scaled to millions of daily messages, reduced peak delays from hours to minutes, cut costs by 50%, and launched with zero downtime.
- Led development of API responsible for moving billions of dollars per year while decreasing partner "time to first API call" from hours to minutes with step-by-step guides and SDKs.
- Led Instant Bank Verification, cutting account verification times from three days to a few seconds via 3rd party integration. Built as containerized, auto-scaling microservice.
Senior Software Engineer
- Led company's foray into microservices with Dwolla Credit, integrating credit provider to inject millions in buying power into network. Mitigated partner downtime with caching and fault-tolerant background processes.
- Won internal hackathons by reducing ACH clearing times and allowing account creation via API. Each influenced what are now best-selling products.
- Led CommandCenter project development, an in-cab self-driving GPS guidance display. Now factory installed in all large-scale John Deere vehicles worldwide. Two million+ lines of code, released on schedule, with all known defects closed.
- Led fortnightly meeting of 25 tech leads across all guidance displays comprising over 150 developers.
- Organized company's first Hackathons. After votes from 200+ employees, won both with customer analytics, predictive keyboard, touch screen gestures, and Tetris! Demoed results to CEO and staff.
Software Engineer Intern
University of Iowa
Software Engineer Intern
University of Iowa
Bachelor of Science, Computer Software Engineering
- Minors in Computer Science and Business