damianzaremba.tex

\hypertarget{damian-zaremba}{%
\section{Damian Zaremba}\label{damian-zaremba}}

I enjoy interesting problems at scale, mostly involving networking.

((Systems + Networking) + Business requirements = Positive business
impact) == \textless{}3

\hypertarget{summary}{%
\subsection{Summary}\label{summary}}

Network/Linux focused engineer constantly looking to improve service and
run at the edge of technology.

Passionate about networking, architecture, automation, testing,
open-source, monitoring and training.

Driven to impact change where required and deliver things done
efficiently and effectively.

\hypertarget{employment-history}{%
\subsection{Employment History}\label{employment-history}}

\hypertarget{infra-bits---freelance-networksystems-engineer-trainer}{%
\subsubsection{Infra Bits - Freelance network/systems engineer \&
trainer}\label{infra-bits---freelance-networksystems-engineer-trainer}}

\emph{April 2021 - present}

\begin{itemize}
\tightlist
\item
  PADI/TecRec training
\item
  EFR training
\item
  Network consultancy
\item
  Software development
\end{itemize}

\emph{Not currently looking for a long term position.}

\hypertarget{fastly---senior-network-engineer}{%
\subsubsection{Fastly - Senior Network
Engineer}\label{fastly---senior-network-engineer}}

\emph{September 2018 - April 2021}

Focused on the automation, management, expansion \& improvement of
AS54113 (FSLY) as part of the network reliability engineering team.
During this time the network grew from 37T to over 130T of capacity,
with new generations of topologies.

Responsibilities included:

\begin{itemize}
\tightlist
\item
  Management/development of the global configuration state \& traffic
  engineering posture
\item
  Building tooling for automation of repetitive tasks and safety in
  operations
\item
  Integration of systems for optimisation of processes \& data
  de-duplication
\item
  Planning for and execution of large customer events
\item
  Extension of existing critical systems for new business requirements
\item
  Migration and/or replacement of legacy systems/topologies
\item
  Troubleshooting complex technical issues/interactions
\item
  Evaluating and designing technical integrations of systems
\item
  Subject matter expert for operational \& engineering teams (on-call
  escalation)
\item
  Provisioning \& testing of new architectures
\end{itemize}

Achievements include:

\begin{itemize}
\tightlist
\item
  Extensive improvements to topology \& business logic validation
  frameworks, preventing common configuration issues
\item
  Migration of a legacy route server platform into an extensively tested
  CI driven platform, removing significant amounts of business risk
\item
  Extending integration of IPAM services into Chef data
  providers/helpers, removing significant operational friction \& risk
\item
  Integration of internal systems into industry-standard platforms such
  as PeeringDB, IRRD \& RADB, reducing operational overhead
\item
  Porting of core Ansible based configuration management tooling into
  Python 3.x from 2.x, ensuring continued maintainability
\item
  Implementation of alerting for and debugging of network-level
  performance events (packet loss, RTT deviation)
\item
  Extension of operator tooling to perform validation of actions, for
  example preventing accidental withdrawal of unicast prefixes from a
  site
\item
  MTU sizing correction, deployed across thousands of machines,
  improving IPv6 reachability to numerous networks
\item
  ACL restructuring, resulting in higher hardware efficiency while
  providing improved abstractions for operators \& auditors
\item
  Development, testing and deployment of internal IPv6 BGP \& IGP
  topologies, ensuring redundant connectivity
\item
  Implementation \& deployment of IPv6 policy control, resulting in
  significant customer-facing performance improvements
\item
  Numerous improvements to internal systems across an array of languages
  \& domains, minimising business risk \& operational overhead
\end{itemize}

\hypertarget{booking.com---network-engineer}{%
\subsubsection{Booking.com - Network
Engineer}\label{booking.com---network-engineer}}

\emph{September 2016 - September 2018}

Focused on the design, engineering and management of AS43996 \&
AS202196, powering Booking.com \& Rentalcars.com (BKNG) globally.

Responsibilities included:

\begin{itemize}
\tightlist
\item
  Management of the global routing policies
\item
  Extending/managing peering relationships and transit selections
\item
  Hardware upgrades and maintenance in a non-stop manner
\item
  Deployment of new POPs
\item
  Ensuring adequate capacity and redundancy
\item
  Testing and implementing new technologies as required (EVPN, IPFIX
  etc)
\item
  Developing tooling and processes required to manage the global
  deployment
\item
  Supporting network tooling and authentication services for all network
  teams within Booking.com
\item
  Participating in the on-call rotation covering all production networks
\item
  LIR administration
\end{itemize}

Achievements included:

\begin{itemize}
\tightlist
\item
  Management of all network tooling services in Puppet
\item
  Port of existing IPFIX/Netflow v5 decoders into Go reducing resource
  usage and custom code significantly
\item
  Peer/IX selection/management tooling using flow and latency data for
  business/data-focused decisions
\item
  Internal tooling integration with PeeringDB
\item
  Implementation of real-time TCP latency monitoring tooling
\item
  Implementation of POP performance measurement tooling (deployed to
  customer/partner facing apps)
\item
  Introduction of Kafka and Hadoop technologies for data processing
\item
  Introduction of OpenBMP and RPKI validators to aid
  troubleshooting/leak prevention
\item
  Development of Ansible based configuration management with integration
  into existing data sources
\item
  Automation of manual processes (lab router firmware version changes,
  dashboard creation, route filter management etc)
\item
  First internal team to have IPv6 enabled management for all devices
\item
  Improvements to the GeoDNS backend including EDNS0 support
\end{itemize}

As an extension to this role, I also provided design/engineering support
to and act as an escalation point for BookingGo (Rentalcars.com) teams
on an ad-hoc basis, including on the integration of infrastructure.

\hypertarget{traveljigsaw-limited-rentalcars.com---principal-security-engineer}{%
\subsubsection{TravelJigsaw Limited (Rentalcars.com) - Principal
Security
Engineer}\label{traveljigsaw-limited-rentalcars.com---principal-security-engineer}}

\emph{November 2015 - September 2016}

Focused on improving all technical aspects of the security landscape.

Worked closely with Legal, Finance, Technology and Security teams in the
business to deliver security objectives.

Several large undertakings were completed successfully including:

\begin{itemize}
\tightlist
\item
  Achieving a \textasciitilde{}65\% reduction in external-facing
  vulnerabilities while observing a \textasciitilde{}44\% increase in
  assets
\item
  Deploying an internal certificate authority and root certificates
  (ca-bundle + JKS files) to 800+ servers
\item
  Developing tooling in Puppet for firewall rule management and deployed
  a restrictive rule-set
\item
  Deploying OpenLDAP using SSSD \& pam\_access to 800+ servers for
  centralised authentication and access control
\item
  Built tooling around Nexpose, Serverspec \& Test Kitchen for
  integration into CI pipelines
\item
  Implementing internal vulnerability scanning of \textasciitilde{}2000
  assets
\item
  Developing CSP/HPKP functionality and servlet filters for
  external-facing applications, including reporting functionality to
  assess the impact of policy/filter changes
\item
  Developing tooling for automated server patching (including staged
  rollouts + reporting)
\item
  Developing tooling for rotating encryption keys on 10+ million data
  entries in a fast and minimally impactful manner
\item
  Deploying a horizontally scalable (Anycast + Resilient ECMP based)
  load balancing implementation using HAProxy to support migrating all
  external traffic to use TLS
\item
  Provided expert support to other teams in the business, ensuring their
  designs were both secure and scalable
\end{itemize}

More day to day operational items included:

\begin{itemize}
\tightlist
\item
  Introducing hiera-eyaml (using the GPG backend) and node\_encrypt into
  Puppet (3.x), for improved configuration secrets handling
\item
  Deploying SELinux in targeted mode to all `critical infrastructure'
  (including in PCI/PII zones and core infrastructure)
\item
  Developing security tooling with appropriate access controls for
  common activities such as managing OSSEC alerts, reporting on user
  access and changing on-call settings
\item
  Developing Python tooling for handling inventory changes in `black
  box' security appliances
\item
  Performing reviews on proposed solutions and technical aspects of
  legal contracts
\item
  Providing security on-call coverage
\item
  Standardising firewall rules across multiple Juniper SRX clusters
\item
  Working with external and internal auditors to improve controls and
  ensure (SoX, PCI DSS, DPA, Privacy Shield) compliance
\item
  Developing abstractions in Puppet for managing pam\_access and sudo
  (group) based access rules, with inheritance
\item
  Drafting a roadmap and key milestones for security enhancements
\end{itemize}

\hypertarget{traveljigsaw-limited-rentalcars.com---technical-architect}{%
\subsubsection{TravelJigsaw Limited (Rentalcars.com) - Technical
Architect}\label{traveljigsaw-limited-rentalcars.com---technical-architect}}

\emph{June 2015 - November 2015}

As a founding member of the architecture team, my initial focus was a
review of the core systems, potential contention/failure points and a
roadmap for core infrastructure.

The work was varied and included documenting existing systems,
interviewing candidates for multiple roles, providing expert support
during service issues/solution design, building software prototypes,
working with the teams to establish standards and designing new
solutions.

As the only infrastructure-focused member of the team, a lot of
alignment and collaboration with the 2 software architects was
undertaken during this time.

Some key solutions that were designed and placed into production
included:

\begin{itemize}
\tightlist
\item
  Internet connectivity, resolving redundancy issues and providing
  future scalability; this established the first ASN and IP space
  directly held by the company
\item
  AWS direct connect for hybrid (test/development) environments; a
  successful PoC, now supporting multiple teams and production services
\item
  `Event backbone' using Apache Flume and Kafka with custom consumers
  written in Java; a successful PoC handling millions of events a
  minute. This is now the standard way to transmit/consume events within
  the company and has a diverse set of backends (ElasticSearch, MySQL,
  AppDynamics, HDFS etc)
\end{itemize}

Other outcomes included:

\begin{itemize}
\tightlist
\item
  An 18-month roadmap/improvement plan for the network
\item
  Numerous risks identified within the technology landscape and
  prioritised for resolution with the engineering teams
\item
  Implementation of Bamboo for CI, including multiple example jobs and
  Java-based plugins
\item
  Implementation of Artifactory Pro for internal binary sharing
  (integrated into Bamboo and internal deployment systems)
\item
  Updated design for a multistage Clos architecture within the data
  centres, with the budget accepted
\end{itemize}

\hypertarget{traveljigsaw-limited-rentalcars.com---linux-systems-administrator}{%
\subsubsection{TravelJigsaw Limited (Rentalcars.com) - Linux Systems
Administrator}\label{traveljigsaw-limited-rentalcars.com---linux-systems-administrator}}

\emph{February 2014 - June 2015}

Working in a team of 3 DBAs, 3 Sysadmins and a Network operations
engineer scaling out and managing the 1k+ of servers that make up the
Rentalcars.com infrastructure.

\begin{itemize}
\tightlist
\item
  Managed/deployed a heterogeneous infrastructure consisting of bare
  metal rack mount and blade servers (HP/Dell) alongside VMWare ESX,
  KVM, Docker and EC2 based instances
\item
  Refactored a Puppet 2.x setup into a Puppet 3.x setup using the latest
  language standards and the principle of state convergence on the first
  run
\item
  Supported the internal tools written in Python/Ruby, including the
  Django-based asset management tool
\item
  Provided out of hours support to the business via an on-call rota
\item
  Introduced CI to operations for RPM builds and Puppet testing
\item
  Deployed anti-virus scanning and DKIM signing of outbound messages
  using Exim routers to ensure external-facing email meets
  validation/verification levels requested by the business
\item
  Developed multiple Fabric scripts for real-time auditing and
  remediation of servers (firmware versions, log file cleanup etc)
\item
  Worked closely with development teams to test new software and build a
  path to production
\item
  Developed kickstart files and custom initrd files for hardware
  installation (including automated firmware updates)
\item
  Developed acceptance tests for hardware using PyUnit and Fabric
\end{itemize}

A part of this role involved building the initial infrastructure for
Car+Driver (Rideways.com); a startup within the company. This was
accomplished using:

\begin{itemize}
\tightlist
\item
  AWS EC2/S3/RDS/Cloudfront/Cloudformation/ElastiCache
\item
  Python (troposphere) based CloudFormation generation
\item
  Python (boto) based deployment scripts, for CloudFormation and
  CodeDeploy
\item
  Packer + Puppet (masterless) based AMI creation
\item
  Github + Bamboo for CI/CD
\end{itemize}

\hypertarget{music-group---software-engineer-midasklark-teknik-rd}{%
\subsubsection{MUSIC Group - Software Engineer (Midas/Klark Teknik
R\&D)}\label{music-group---software-engineer-midasklark-teknik-rd}}

\emph{July 2013 - February 2014}

\hypertarget{music-group---systems-engineer-global-enterprise-engineering}{%
\subsubsection{MUSIC Group - Systems Engineer (Global Enterprise
Engineering)}\label{music-group---systems-engineer-global-enterprise-engineering}}

\emph{October 2012 - July 2013}

\hypertarget{sub-6-limited---lead-systems-administrator}{%
\subsubsection{Sub 6 Limited - Lead Systems
Administrator}\label{sub-6-limited---lead-systems-administrator}}

\emph{October 2011 - August 2012}

\hypertarget{various---contract-systems-administrator}{%
\subsubsection{Various - Contract Systems
Administrator}\label{various---contract-systems-administrator}}

\emph{October 2010 - October 2011}

\hypertarget{volunteering-experience}{%
\subsection{Volunteering experience}\label{volunteering-experience}}

\hypertarget{scuba-education-amsterdam---staff-padi-instructor}{%
\subsubsection{Scuba Education Amsterdam - Staff / PADI
instructor}\label{scuba-education-amsterdam---staff-padi-instructor}}

\emph{2018 - Present}

\begin{itemize}
\tightlist
\item
  Provide in-classroom and in-water training to students at multiple
  levels
\item
  Operation of the filling station \& equipment servicing/management
\item
  PADI member \& certified instructor in more than 15 areas
\end{itemize}

\hypertarget{cluebot-ng---maintainer}{%
\subsubsection{ClueBot NG - Maintainer}\label{cluebot-ng---maintainer}}

\emph{2012 - Present}

\begin{itemize}
\tightlist
\item
  Heavily used anti-vandalism Wikipedia bot with over 5.7 million edits
\item
  Monitor ClueBot NG to ensure active reversion of vandalism
\item
  Perform code fixes and improvements to reduce errors
\end{itemize}

\hypertarget{fosdem---volunteer}{%
\subsubsection{FOSDEM - volunteer}\label{fosdem---volunteer}}

\emph{January 31st 2014 - 2nd February 2014}, \emph{January 29th 2016 -
31st January 2016}, \emph{February 2nd 2018 - 4th February 2018}

\hypertarget{the-scout-association---assistant-scout-leader-climbing-instructor}{%
\subsubsection{The Scout Association - Assistant Scout Leader / Climbing
Instructor}\label{the-scout-association---assistant-scout-leader-climbing-instructor}}

\emph{December 2006 - January 2014}

\hypertarget{misc}{%
\subsection{Misc}\label{misc}}

\begin{itemize}
\tightlist
\item
  UK passport holder
\item
  NL driving license
\item
  NL resident
\end{itemize}

\hypertarget{see-also}{%
\subsection{See Also}\label{see-also}}

\begin{itemize}
\tightlist
\item
  \href{https://github.com/damianzaremba}{GitHub} - damianzaremba
\item
  \href{http://uk.linkedin.com/in/damianzaremba}{LinkedIn} -
  damianzaremba
\item
  \href{http://damianzaremba.co.uk}{Website} - damianzaremba.co.uk
\end{itemize}