Rocky Warren

An AWS Certified Solutions Architect with over ten years of experience shipping and maintaining tested, distributed, secure systems from thousand-line microservices moving billions of dollars each year to multi-million line GPS guidance systems. I deliver customer value utilizing object-oriented, functional, statically-typed, dynamic, and database languages and lead teams as a Founding Principal Engineer, Tech Lead, Architect, Product Manager, and Startup Co-founder.

Skills

  • JavaScript
  • TypeScript
  • Elixir
  • Solidity
  • Scala
  • C#
  • Python
  • Shell/Bash
  • Java
  • Rust
  • PostgreSQL
  • SQS
  • DynamoDB
  • Kafka
  • AWS Lambda
  • Athena
  • Akka
  • Redis
  • gRPC
  • React
  • Cloud SIEM
  • Phoenix
  • Docker
  • REST API Design
  • Distributed Systems
  • Threat Modelling

Recommendations

  • CEO describing a Fortune 100 company's reaction to a demo I created: "Slam dunk with [Company]! Thank you for all your efforts on this! [Company VP] was visibly and vocally excited. I think his voice cracked a little when he exclaimed, 'how did you do that!'."
  • VP of Product: "If no one is telling you, it's appreciated how intentional you are with growing our collective knowledge and being a champion for training. Thanks for doing this stuff, Rocky. I've also been hearing great things about your contributions and speed-of-delivery. The leadership team is impressed."
  • VP of Engineering: "Rocky is one of our most respected and valuable engineers. His contributions are critical to the success of the company."
  • Technical Lead and Manager: "He's a one-man wrecking crew, one of the most productive engineers I've worked with."

Experience

Brale

Principal Software and Security Engineer

Remote
Aug 2022 - Present
  • Encrypt sensitive data client-side using 256-bit AES-GCM envelope encryption backed by AWS KMS, random initialization vectors, and tagged ciphertexts to ease quarterly rotation. Searchable fields leverage HMAC SHA-512 hashes.
  • Lead regular Threat Model exercises to determine and create mitigation plans. Leverage NIST SP 800-30 and MITRE ATT&CK for threat sources and events.
  • Set up ingestion of application, CloudTrail, GuardDuty, VPC flow, and load balancer access logs into Datadog. Over 95% of cloud security posture management (CSPM) rule findings passing for PCI, SOC 2, and GDPR. Use security information and event management (SIEM) to alert on both new findings and anomalous activity.
  • Use Burp Suite to scan for vulnerabilities and penetration test applications, GoPhish for phishing simulations, and Slither and Echidna to statically analyze and fuzz smart contracts, reporting on and addressing findings.
  • Implemented and maintain Cloudflare Access and Gateway for zero trust application access and internet browsing for both office and remote employees.
  • Coordinate company-wide security training and engineering team OWASP Top 10 and SANS Top 25 vulnerability demonstrations.
  • Deploy Kandji to company endpoints to gather telemetry, manage software patches, and enforce security rules such as disk encryption and malware protection.
  • Deploy honeypots (aka canaries) to company environments and endpoints to attract and then alert on cyber attacks.
  • Perform manual secure code reviews with an eye toward authentication, authorization, session management, data validation, error handling, logging, and encryption.

Founding Principal Engineer

Remote
Feb 2022 - Aug 2022
  • Drive DevOps culture with automated identity and access management (IAM) and resource provisioning across multiple AWS accounts using AWS Organizations and AWS's Infrastructure as Code (IaC) tool, CDK.
  • Author ERC-20 compatible Solidity smart contracts, coordinate external code audits, and build automated multi-blockchain deployment infrastructure.
  • Encourage and, if possible, enforce secure best practices such as AWS access via only temporary credentials, password managers for employee secrets, AWS Secrets Manager for software secrets, and hardware security keys when using Git over SSH.
  • Architect and build cost-efficient, secure, and performant cloud infrastructure utilizing managed and serverless services running in multi-subnet VPC protected by WAF.
  • Rolled out SAML single sign-on company-wide with hardware security key multi-factor authentication (MFA) and automatic identity provider (IdP) user provisioning.
  • Proposed and implemented multi-signature hardware wallet signing process for smart contract and multi-blockchain cryptocurrency custodial wallet access control taking care to prevent locked assets.
  • Build continuous integration and delivery (CI/CD) pipelines to ship customer features on each two-person controlled software merge.
  • Protect against supply chain attacks with Renovate dependency updates and automated Dependabot and Docker container security alerts.
  • Maintain employee onboarding and offboarding, scripting application install, SSH configuration, and IAM provisioning/deprovisioning.
  • Build secure by default CDK constructs (e.g., least-privilege policies, private S3 buckets, encryption at rest) to ease development.

Vertex Software

Principal Technical Lead and Product Manager, APIs & SDKs

Remote
Aug 2020 - Feb 2022
  • Managed and mentored developers. Team strongly focused on customer satisfaction and ease of on-boarding with regular customer interviews, step-by-step guides, interactive demos, command-line interface (CLI), and automated, always up-to-date API code samples.
  • Performed product discovery and regularly prioritized to ensure team quickly delivered the right products at the right time. Furthered this by implementing "No Meeting Wednesday" and asynchronous stand-ups to increase focus time.
  • Created uptime and availability tests with automatic rollback and alerting, confidently enabling continuous delivery of services.

Principal Software Architect

Remote
Sep 2019 - Aug 2020
  • Hired as Principal Engineer responsible for leading public REST APIs. Built it from scratch to OpenAPI, JSON:API, and CloudEvents specifications. Inter-service communication via Kafka and gRPC. Code coverage >90%.
  • Created and owned core libraries and build plugins to reduce duplication, improve security, and multiply engineering team's productivity.
  • Architected and implemented distributed, streaming, event-driven systems capable of sub-second bill of materials (BOM) and scene updates on CAD models with hundreds of thousands of BOM lines.
  • Search over hundreds of millions of pieces of CAD metadata using combination of Elasticsearch and Postgres full-text search.

Dwolla

Principal Software Engineer

San Francisco, CA
Jun 2016 - Sep 2019
  • Transitioned most business-critical database table from mutable to immutable, enabling point-in-time user balance queries, robust statements, and snapshots. Snapshots led to 200x faster database queries and 75% reduction in overall database deadlocks.
  • Migrated webhooks to serverless Lambda functions, scaled to millions of daily messages, reduced peak delays from hours to minutes, cut costs by 50%, and launched with zero downtime.

Lead Developer

San Francisco, CA
Jul 2014 - Jun 2016
  • Led development of API responsible for moving billions of dollars per year while decreasing partner "time to first API call" from hours to minutes with step-by-step guides and SDKs.
  • Led Instant Bank Verification, cutting account verification times from three days to a few seconds via 3rd party integration. Built as containerized, auto-scaling microservice.

Senior Software Engineer

Des Moines, IA
Jul 2012 - Jul 2014
  • Led company's foray into microservices with Dwolla Credit, integrating credit provider to inject millions in buying power into network. Mitigated partner downtime with caching and fault-tolerant background processes.
  • Won internal hackathons by reducing ACH clearing times and allowing account creation via API. Each influenced what are now best-selling products.

Crucible Commodities

Co-founder

San Francisco, CA
Jul 2014 - Dec 2016
  • Built commodities trading platform from ground up, complete with reactive, real-time market, PDF contract generation, and e-signing.
  • Secured with encryption in transit and at rest, A+ Qualys TLS score, and OWASP Top 10 mitigation.

John Deere

Technical Lead

Des Moines, IA
Jan 2010 - Jul 2012
  • Led CommandCenter project development, an in-cab self-driving GPS guidance display. Now factory installed in all large-scale John Deere vehicles worldwide. Two million+ lines of code, released on schedule, with all known defects closed.
  • Led fortnightly meeting of 25 tech leads across all guidance displays comprising over 150 developers.

Software Engineer

Des Moines, IA
Jan 2008 - Jan 2010
  • Led code katas of multiple 50+ developer groups teaching keyboard shortcuts, refactoring, test-driven development, pair-programming, and Linux shell commands.
  • Organized company's first Hackathons. After votes from 200+ employees, won both with customer analytics, predictive keyboard, touch screen gestures, and Tetris! Demoed results to CEO and staff.

Software Engineer Intern

Des Moines, IA
May 2006 - Jan 2008

    University of Iowa

    Software Developer

    Iowa City, IA
    Aug 2006 - Dec 2007
    • Created psychology studies and GUIs in DirectX and GDI+.

    Education

    University of Iowa

    Bachelor of Science, Computer Software Engineering

    Iowa City, IA
    Aug 2003 - Dec 2007
    • Minors in Computer Science and Business

    Talks and Publications

    3D Digital Twin Example Applications
    Open-source examples to get started building interactive 3D applications; no 3D experience required.
    Sending Millions of Serverless Webhooks
    Talk at the dsmJS Meetup describing my serverless webhooks architecture.
    Lessons Learned From Sending Millions of Serverless Webhooks
    Blog published on Serverless.com describing faster, lower cost webhooks using my serverless architecture.

    Certifications