Herbert Pfennig
E: dasein555@gmail.com L: Redwood City, CA
I am an Internet handyman with over 14 years of experience working in startups. If I can be a useful mentor to my colleagues and we can build out reliable infrastructure through code commit and automation, there is a good chance I am a happy person :)
OS: Linux, OSX, FreeBSD, ESXi
IaaS: AWS, GCE, Azure (proficient), Alibaba (stay away)
Platforms: Docker, Kubernetes, Virtualbox, VMWare
Languages: Python, Shell scripting, with some Go, C, C++ etc.
Networking: HTTP, SMTP, DNS, DHCP, GPXE, TCP/IP, UDP
Tools: Git, Gerrit, Github Enterprise, Gitlab Enterprise, Jenkins, GNUmake, BSDMake, Ansible, Terraform, Packer, Sumologic, Wavefront, Grafana, Prometheus, Datadog, Vault (Transit, Secrets, PKI)
Learning: Go
IaaS: AWS, GCE, Azure (proficient), Alibaba (stay away)
Platforms: Docker, Kubernetes, Virtualbox, VMWare
Languages: Python, Shell scripting, with some Go, C, C++ etc.
Networking: HTTP, SMTP, DNS, DHCP, GPXE, TCP/IP, UDP
Tools: Git, Gerrit, Github Enterprise, Gitlab Enterprise, Jenkins, GNUmake, BSDMake, Ansible, Terraform, Packer, Sumologic, Wavefront, Grafana, Prometheus, Datadog, Vault (Transit, Secrets, PKI)
Learning: Go
- Migrated all internal build systems from traditional static node build systems to docker based build environments
- Deployed and managed build and test infrastructure for multiple cloud providers using Terraform
- Built out scalable and resource defined build systems using Gitlab runners and AWS EKS
- Wrote various tools for improving developer workflow including git auto-merge functionality, jira automation to track code commit activity and slack integrations for CI/CD notifications
- Reduced AWS costs by 70% by implementing strict tagging policies and enforcing resource quotas using AWS lambda functionality
- Secured IAM user management by migrating to Workspace One IdP (e.g SAML) and enforcing all IAM access through STS (e.g. instance profiles and assume roles)
- Deployed Vault services (e.g. Transit, Secrets and PKI engines) to implement Secure Release Pipelines (SRP) for things like artifact signing and secure boot infrastructure
- Migrated local development and hosted build infrastructure to use a Docker based build pipeline
- Developed and rolled out the continuous delivery pipeline for hosted infrastructure running in AWS on Kubernetes
- Implemented a Git precommit workflow with Gerrit and Jenkins for all internal repos to ensure code review, code compliance and testing
- Deployed build and stage architecture in both GCE and AWS for our hosted product and build/test environments
- Owned the build, test and rpm-based release pipeline for product written in C++ and Python
- Automated developer workflow using GitHub API (auto merge, backport fixes, code linting)
- Developed and deployed consistent build, dev and test environments on ESXi infrastructure
- Built CentOS rpm packages and internal install infrastructure for third-party dependencies
- Trained the organization on git process and best practices
- Automated performance testing against forward proxy infrastructure
- Created Limelight Test Framework (LTF) used by QA automation for end-to-end testing
- Built out and managed 30+ node QA lab with one-click unattended install of production\test Ubuntu, CentOS and FreeBSD platforms
- Owned performance testing for MTA written in stackless Python
- Designed and built performance lab test environment
- Hunted down root cause failures for major production systems
- Lead test engineer on many high profile client\server projects.
- System and Network Administrator for both lab and corporate infrastructure
- Coordinated live productions and conferences held at the University Theater
CSU, Hayward (1990 - 1994) :: B.S. Industrial Psychology
Fluent in German and Spanish. Conversant in Swiss German
Builder, Homebrewer, Bike Commuter, Climber and Dad