Resume ====== Summary ------- I have solid Kubernetes, Linux, and infosec experience. I can troubleshoot complex issues across the stack. I put emphasis on limiting complexity when designing systems. I focus on end-user success and thrive in supporting development teams. Experience ---------- Teleport """""""" Teleport is a startup and an open-source platform helping users to securely access their companies' resources, and helping companies to declare, visualize and review who can access which resource. This was my first `gothic R remote`__ job. I owned the integrations: everything which is not Teleport but is needed to run Teleport. This covers deployment methods (Helm Charts, Terraform, Cloudformation), tools to interact with Teleport from your IaC (Kubernetes Operator, Terraform provider) or plugins allowing Teleport to interact with other services (event forwarding, access requests through Slack/Jira/Discord/MsTeams/emails/...). My most significant achievements are: - Refactoring the Helm charts to allow modular Teleport deployment while allowing users to pass specific configuration overrides to each component and maintaining as much backward compatibility as possible. - Building and maintaining a Kubernetes operator to configure Teleport resources. - Designing and developing a deployment updater to ensure Teleport Cloud customers' agents are automatically and securely updated without human interaction. - Revamping the Teleport Terraform provider to improve the user experience and authenticate against Telpeort in a phish-proof fashion. - Improving the documentation quality by generating references from various sources such as Helm values, GO's AST, or proto definitions. - Designing and writing documentation for a multi-region Teleport deployment. - Load-testing Teleport Helm deployments across the different backends and multiple network topologies. __ https://web.archive.org/web/20240813003422/https://dave.cheney.net/2019/05/19/the-three-rs-of-remote-work Ubisoft """"""" Ubisoft is a video game company composed of numerous studios. It had a cross-game department called Harbour [#harbour]_ in charge of standard online services across games. I worked on the Harbour Fleet product [#fleet]_, an opinionated Kubernetes distribution providing out-of-the-box monitoring, logging, tracing, traffic routing, player and service authentication, alerting/escalation management, and integration with other Ubisoft services (event, metric, log forwarding). We also tightly worked with game production teams to train them and provide assistance during load tests or incident response. Due to the broad product scope, I had the chance to dive into numerous topics, including: - Logging and ingestion performance with ElasticSearch - Nginx and Kong performance tuning under high-pressure workload (1.5M concurrent players) - Building the most minimal set of Prometheus Alerts and Grafana Dashboards to help service developers assess the health of their services. - Dealing with a large amount (1M+) of persistent connections - DNS - Distributed Tracing strategies under high load (it's expensive). - Kubernetes Operator development (we maintained several operators, one for each facility Fleet offered) - Automating maintenance and deployments of 100+ Kubernetes clusters Matters Startup Studio """""""""""""""""""""" Matters is a Paris-based Product and Startup Studio. They help startup founders think and build their products. I maintained the infrastructure cross-project and supported developers on infrastructure-related problems, and advised customers during the design phase. For example: - I standardized Kubernetes deployments and their related pipelines across most company's projects - I developed tooling to manage server inventories and provide seamless access to the developers [#matterssh]_ - I animated various talks to present our architectural choices and share feedback about how things went for us. Digital Security """""""""""""""" DigitalSecurity was an infosec company and CSIRT team providing cybersecurity services in Europe with a specific expertise in IoT security. They retained their independence after being bought by Econocom but have been merged into the Atos group since. I worked as an intern in a team of infosec seniors. I pentested for various customers, did a couple of architecture reviews, and took part in an incident response doing basic forensics on devices. Matters Startup Studio """""""""""""""""""""" Matters is a Paris-based Product and Startup Studio. They help startup founders think and build their products. I worked on their largest product then: Ubeeqo [#ubeeqo]_. Ubeeqo is a car-sharing service operating in several European countries. They were bought by Europcar just before I arrived. Ubeeqo was mainly a sizeable PHP monolith, and 30 developers were slowly extracting standalone services from it. I worked with Alexis Von Glasow to design and build the infrastructure hosting those freshly extracted services. We built and owned [#ubeeqo2]_: - Kubernetes clusters on GKE hosting all services - the container image building process and pipelines - databases: PostgreSQL, ElasticSearch, Redis, RabbitMQ - the API Gateway (kong-based with a couple of custom plugins) Associative ISPs (Supélec Rézo, ARES) """"""""""""""""""""""""""""""""""""" Before admission, all students were told Supelec was in Paris. This was a lie. The school was 1h by train from Paris, stuck between a forest, crop fields, and construction sites. 800 students lived there, in the middle of nowhere. No shop, restaurant or commerce was in a 30-min radius. In this context, students organized into associations to provide the missing city services. This included a shop, a bar, a mechanic, fast-food..., and internet service. Each year, previous students trained 1st-year students to manage the network and ensure the service keeps working. This is how I learned networking, server racking, infosec, and system administration. This association is the main reason I work in this industry today. Education --------- CentraleSupélec cursus Supélec """""""""""""""""""""""""""""" Supélec was one of the top French engineering schools (they're called "Grandes Écoles"). It got absorbed by Centrale Paris, another Grande École when I was still studying there. The Supélec curriculum is very generalist. If you need put a label on it, the closest thing might be a mix of Electrical Engineering and Computer Science. During my last year, I specialized in cybersecurity. I also studied neural networks, implementing different models from research papers, from the perceptron to LSTM networks. [#ml]_ Preparatory classes (PC*) in maths, physics and chemistry """"""""""""""""""""""""""""""""""""""""""""""""""""""""" Skills ------ I develop mainly in Golang but also have Python experience. I'm extremely familiar with Kubernetes. I mainly worked with GKE but have EKS knowledge. I managed ElasticSearch and Prometheus and can operate them at reasonable scale. I can troubleshoot services using various databases such as PostgreSQL, Redis, or RabbitMQ. Ansible is my primary automation tool. I'm used to working on Linux systems, mostly Debian-based distros. | | .. [#harbour] Rebranding departments and internal products was a national sport at Ubi. Ubisoft emplolyees might use several names to describe the same department. Harbour is also known as" Technical Group, Technical Group Online, Harbour, Online Services, Global Services Online Services. .. [#fleet] Fleet was insanely good. The project started long before I joined and went through many iterations before taking its final form. It was one of the few cases where Kubernetes is the right technological choice, with a 10-person team dedicated to dealing with its complexity. Each time I work in a Kubernetes cluster, I miss all the facilities that were deployed by default and made our life easier. .. [#matterssh] Yes, this is basically Teleport. In retrospect, I repeatedly had to solve the server discovery and access problem. When I learned about Teleport, the product made a lot of sense: I had a "this is what I wanted" moment. If you're curious about the various implementations: At Matters I used Vault as a CA and KV store. All servers were registered into it. Developers used a python CLI to list the servers they had access to, generate ssh config, and request daily certificates. At Ubisoft we had to connect to 100s of clusters. So with a colleague we built a collection of scripts discovering servers and generating kubeconfigs for each. .. [#ubeeqo] Ubeeqo's primary domain is behind Cloudflare and blocks all Americas. We were not operating there and received a lot of DDoS/credential stuffing attacks from US/Canada. You'll need an EU VPN to access the website. .. [#ubeeqo2] We also broke a lot of things. It was still the Kubernetes early days; we had little experience with how systems fail at scale. In retrospect, this was fun and we learned a lot, but we likely ruined some holiday trips when the system crumbled under load because of a misconfigured liveness probe timeout. If your Ubeeqo car did not start the first Saturday morning of the Toussaint holiday, I'm sincerely sorry |:sweat:| .. [#ml] Since then, I losely followed the new models by reading the most important papers. I would not be able to implement a transformer nor a diffusion model without a good refresher.