Kevin B. Hicks
Security, DevOps, and Site Reliability Engineer
khicks.net/resume
/in/kevinblakehicks
Summary
A high performance, versatile engineer with experience developing strategies and implementing solutions in companies undergoing extraordinary growth. Diverse experience in software and systems development, cybersecurity, networking, and customer service augmented by the ability to identify and solve complex business challenges through creative applications of technology. Recognized as a highly motivated, disciplined team player with excellent communications and interpersonal skills as well as demonstrated analytical, planning, and organizational skills.
Constantly searching for volunteer opportunities to advance the betterment of society. If you operate a 501(c)(3) nonprofit organization specializing in women's health, online privacy, disaster relief, or similar and are in need of IT or development services at no cost, please contact me via my website or LinkedIn.
Thrives in workplaces that promote diversity, inclusion, equity, and belonging.
Technical Skills
Operating Systems
Ubuntu, Amazon Linux 2, FreeBSD, VMware ESXi, Windows Server, Windows 7 and 10, pfSense, Kali Linux, TrueNAS, Citrix XenServer.
Programming Languages
Python, PHP, SQL, JavaScript, Ruby, Bash, Java, HTML, CSS, Perl.
Applications and Tools
Amazon Web Services (AWS)
IAM, EC2, ECS, EKS, VPC, S3, EFS, CloudFront, Lambda, CloudTrail, Config, Route 53, Transit Gateway, Load Balancing, CloudWatch, RDS, DynamoDB, QLDB, Organizations, Backup, API Gateway, CloudFormation, Athena, RAM, SSM, Secrets Manager, ACM, WAF, Shield, SES, SNS, WorkSpaces, cost optimization.
Development and CI/CD
Terraform, Docker, GitLab, FastAPI, Angular, Consul, Vault, Packer, GitHub, Jenkins, Ansible, SaltStack, Chef, Burp Suite, SSH, Kubernetes.
Server Administration
Prometheus, Grafana, MySQL, Nginx, Apache httpd, Teleport, Splunk, Elasticsearch, Kibana, VMware, LDAP, Active Directory, Group Policy.
Enterprise Apps and Services
Atlassian Jira, Confluence, Zoom, Microsoft Office 365, Slack, Box, ServiceNow, Workday, Google Workspace.
Concepts and Protocols
Zero Trust Architecture, Principle of Least Privilege, OWASP Top 10, AES, RSA, DHE, cryptographic hashing, digital signatures, REST APIs, IPv4/6, POP3, IMAP, SMTP, WireGuard, OpenVPN, IPsec, DNS, RADIUS, NAT, DHCP, VLAN, NFS, SMB.
Work Experience
Currently possess 10 years of diverse professional experience in cloud, security, systems, and development.
Okta
An identity and access management company providing software-as-a-service that helps companies manage and secure user authentication into applications, and for developers to build identity controls into applications, web services, and devices.
Senior Site Reliability Engineer, March 21st, 2022 - Present- Built a new cloud federal environment from scratch certified for FedRAMP High, including services for VDI, logging, network traffic inspection, and others as part of a constantly collaborating team.
- Provisioned, configured, and actively maintain a highly available multi-node instance of GitLab complete with CI/CD runners, centralized authentication with SSO, and documented disaster recovery procedures. Additionally provide end-user guidance support for its growing customer base.
- Led a successful effort to consolidate the SRE team's Terraform code base to a modular, hierarchical, and adaptable model for management of multiple cloud accounts and regions.
- Created extendable, scalable, and highly available cloud network infrastructure with north-south and east-west traffic inspection for controlled environments.
SailPoint Technologies
A security-focused software company providing solutions for identity governance and administration with a combination of SaaS and on-premise options aided by artificial intelligence for continuous auditing of user permissions.
Senior DevSecOps Engineer (Team Lead), February 25th, 2019 - March 18th, 2022- Responsible for security operations in the DevOps/SRE team with a focus on defense in depth across multiple platforms and application stacks.
- Led in implementation of security controls in the SaaS environment such as endpoint protection, vulnerability scanning, and web application firewalls.
- Onboarded and provided a welcoming environment for new DevSecOps team members with diverse levels of starting knowledge.
- Ensured compliance with SOC 2, ISO 27001, and FedRAMP security standards in production and data curation environments.
- Responded to customer inquiries pertaining to the SaaS environment such as external penetration testing, on-premise virtual appliances, and tenant isolation.
- Established strong communication channels between the DevOps and security operations, engineering, and IT teams.
- Maintained records of a diverse and revolving inventory of cloud assets.
- Constantly monitored for cost savings opportunities.
- Recipient of the quarterly company-wide "Security Hero" award within the first month of employment.
Lightspeed Systems
An IT solutions firm focused on developing network security software designed specifically for K-12 school districts. Products include an AI adaptive web filter and a comprehensive, teacher-controlled mobile device manager, serving thousands of school districts and millions of users.
Senior Systems Engineer, May 15th, 2017 - February 22nd, 2019- Migrated a complex system of on-premise servers and applications to AWS.
- Implemented solutions for automated continuous integration and delivery of applications.
- Wrote and maintained Chef infrastructure code for complex web applications.
- Designed, implemented, maintained, and provided support for a highly available, secure, and durable environment for HashiCorp Vault on AWS using S3, Terraform, and Consul.
- Participated in on-call rotation to ensure maximum uptime of customer-facing and internal services.
Epicom Corporation (now part of SugarCRM)
A startup-like technology solutions company focused on consulting and executing complex CRM and Marketing Automation deployments, customizations, and integrations for a wide variety of clients in multiple industries. Approximately 100 clients with 3000 users.
Software Engineer, August 10th, 2015 - May 12th, 2017- Responsible for all network systems and administration. Improved overall performance by 50% and hardened network security by redesigning and implementing new configurations and methods.
- Appointed by the CEO to lead all security efforts. Responsible for all security policy creation, tool selection, risk review and governance as well as firewall reconfiguration and elimination of potential risks.
- Team lead on the company DevOps effort providing architecture design and strategic direction as well as fostering regular communications between development, operations and QA functions.
- Assisted the sales staff in gathering requirements, designing integrations, security configurations, network connectivity and implementations for new and existing clients for the SugarCRM (Customer Relationship Management) application.
- Developed integrations with client systems and other 3rd party applications to yield a streamlined, easy to use solution for the client.
- Analyzed, defined, and developed a custom integration between internal MySQL databases and Trello to improve internal project management accuracy and tracking.
- Collaborated with almost all the company's clients on a variety of technical configuration, data transfer and integrity, integrations, and general user support issues.
- Formed a cross-functional group for evaluating internal user needs. Led analysis, review and selection of new technologies to solve business problems.
- Provided analysis and architecture direction on a variety of other efforts, in all phases of development (Define, Design, Test, QA, Production) as needed.
- Active in various multi-media company culture and civil service events on an ongoing basis.
University of Texas at Austin - ITS Networking
Information Technology Services Networking department for one of the largest universities in the country with roughly 51,000 students and 22,000 employees.
Enterprise Network Engineer, May 27th, 2013 - August 4th, 2015- Employed part-time for 2 years when enrolled and offered a full-time position after graduation.
- Designed and developed a solution to UT's problem in analyzing network bandwidth consumption with application written in PHP and JavaScript that ranks and graphs bandwidth consumption for over 200,000 hosts.
- Created a real-time alerting system to notify IT staff of hosts that consume over threshold bandwidth. Limits are configurable and can be tuned on the fly.
- Created heat map of all wireless device locations on campus using Google Maps API. The map is used for analytics and redesign of wireless infrastructure to better serve users in high volume areas.
- Assisted end users with wireless connectivity issues and handled an average of 50 support calls per day.
- Participated in team building and service events at UT Austin including continued participation in student organizations as an advisor after graduation.
Volunteering and Organizations
AAGL
A professional association of laparoscopic surgeons whose mission is to promote the research and advancement of minimally invasive gynecologic surgery and to improve women's healthcare worldwide.
Cloud and Applications Engineer, January 2021 - Present- Ensure availability of internal and member-facing web services.
- Undertake development projects for new initiatives.
- Maintain legacy custom applications.
- Search for cost savings and nonprofit discount opportunities.
Education
University of Texas at Austin
Bachelor of Science, Computer Science
- Graduated May 2015.
- Specialized undergraduate coursework: Network Security and Privacy, Real World Information Security, Data Management, Information Assurance, Computer Networks, Cryptography.
- Founder of the “Information and Systems Security Society” at UT, a student organization that focuses on information security. Published white papers and gave multiple presentations on topics such as Wi-Fi security, IPv4 address exhaustion and IPv6, 802.11, SQL injection, and Tor.
- Led a team to 2nd place out of 40 schools in the Collegiate Cyber Defense Competition (2012).
L D. Bell High School
International Baccalaureate Diploma
- Graduated May 2011.
Certifications and Accomplishments
- AWS Certified Security Specialist, and previous DevOps Engineer Professional, SysOps Administrator Associate, and Solutions Architect Associate.
- Author of SpaceSiren, a breach detection tool for AWS.
- Former independent operator of a group of relays in the Tor network that collectively rank in the top 5 families of guard/entry relays, and the top 10 families by consensus weight.
- Eagle Scout.
Badges
Eagle Scout - Boy Scouts of America
(2010)
Last updated: January 3, 2024