Norm.

Hi, I'm Norm.

I computer, usually.

About Me

I am a Cloud-focused, security-minded, operations and development generalist. I have a long history of designing, developing, and implementing robust and easy-to-use security and operations tooling and services for use by developers. I am passionate about allowing developers and other technologists to implement robust security and operations practices through the use of Cloud technologies, open source software, and easy-to-use tools and services. There's a talk that I saw at Monitorama 2016. And one of the slides said these two things that I still think about regularly:
  • People aren't generally evil, but they are busy.
  • Help people be great at their jobs.
That perfectly encompasses my view of effective Operations and Security teams, and something I try to remember every day.

Professional History

Principal Software Engineer - Cimpress (2016-07 - Present)

Cimpress owns several print and customization brands (such as Vistaprint) and is building a "Mass Customization Platform" to create a marketplace that allows first and third parties to leverage its global network of merchants and fulfillers. As a software developer on the UnOps team, I lead the Cloud Engineering squad. We are a small team of Cloud-focused generalists with Operations mindsets in charge of Cimpress' Cloud footprint. We manage a majority of Cimpress' AWS accounts and GCP projects and provide teams throughout the organization with tooling, services, support, and consulting to help them architect their services to be operable, secure, fault-tolerant, and cost-effective.
  • Led the initiative to define, codify, and document Cloud Operations and Security standards for all of Cimpress. Includes writing a 12,000 word documentation site with tips and tricks on developing and operating secure and operable services within AWS, GCP, and Azure using open source tooling and industry-standard best practices.
  • Helped move Cimpress from a single AWS account to more than 150 linked accounts owned by service teams. Made accounts easy to request/create, provisioned accounts are secure by default and come with several "quality of life" features for improved security and operability.
  • Helped design and implement the federated login mechanism for Cimpress AWS accounts and created tooling to make it easy to use.
  • Designed, implemented, and open sourced several small unitilies for Cloud operations and security.
  • Established and/or maintained Enterprise relationships with AWS, Google, and Cloud security service vendors.
AWSRubyNodeBashRESTOAuth2DockerGCP

Senior Software Engineer - Cimpress (2014-07 - 2016-07)

Cimpress owns several print and customization brands (such as Vistaprint) and is building a "Mass Customization Platform" to create a marketplace to allow first and third parties to leverage its network of merchants and fulfillers. As a software developer on the Infrastructure Core Engineering team, I was responsbile for providing tooling and running services that enabled development teams to break apart a monolithic codebase into a microservices ecosystem. Tooling and services focused on development, CI/CD, and monitoring.
  • Contributed to in-house, self-service microservice deployment service and surrounding tooling.
  • Later led efforts to retire said in-house deployment system in favor of Cloud-native or third-party deployment technologies. Provided support and documentation to technology teams on adopting industry or community standard tools and services for deployment.
RubyNodeC#WindowsIISPuppetUbuntuNginxSensu

System Administrator - Vistaprint (2010-10 - 2014-07)

Vistaprint.com is a global e-commerce company that enables customers to design, customize, and print marketing material and promotional products. As a System Administrator on the NOC Admins team, I was a member of a 24/7 team responsible for monitoring the production website, deploying patches, and troubleshooting/triaging issues. A typical shift involved deploying new code to production, coordinating with teams on change management, triaging alerts from monitoring systems, and developing automation or documentation for troubleshooting and remediating production issues.
  • Built a change management and collaboration tool to coordinate multiple remote parties during major production activities.
  • Built tooling and scripts for automating the detection, troubleshooting, and remediation of production issues.
  • Communicated with development and operations teams throughout the organization to help understand, troubleshoot, and remediate production issues.'
WindowsPowershellIISC#SCOMNagios

Recent Projects

Red-X

A Lambda function that can automcatically detect abandoned or misconfigured subdomain delegations within a Route53 Hosted Zone. A misconfigured delegation can obviously present a problem if it is meant to be in-use. But an abandoned zone can actually be entirely hijacked by an attacker for their own use.

Felix

A Lambda function that can automatically rotate IAM keys used by third-party services like GitLab, SumoLogic, and TravisCI. Because sometimes you need to interact with someone that can't use cross-account roles and you still need to be able to rotate your keys. Uses convention-based configuration to determine where a key is used and uses configuration from the EC2 Parameter store to update values in third-party APIs. Pluggable architecture can easily be extended to include additional endpoints.

Dashiell

Dashiell is a a C++ application that wraps OSQuery and CFacter in websockets to make system state of a fleet of servers queryable at any time from a web browser. The nodejs web server that brokers the websockets connection provides a simple UI for executing queries and browsing results. Unfortunately, this project is currently dead. I have been unable to get it compiling recently due to changes in the OSQuery project.

Guiding Principles

Use and contribute to open source.

Practice empathy in communication with others.

Construct secure, composable, and maintainable systems.

Make it easy for people to do the right thing.

Build reliable and repeatable processes.

Adopt industry and community standards and tooling where possible.

Skills

I'm pretty heavily diversified between Operations and Development skills. Here's a smattering of stuff I've been working with recently.


Web/API Developmentpretty good

pretty-good
HTMLCSSJSRESTOauth2JWT

Programming and Scriptingpretty good

pretty-good
NodeRubyGoBash

Cloud Operations and Securitypretty good

pretty-good
AWSGCPTerraform

System Administrationalright

alright
LinuxDebianNginxBINDPuppet