Projects #
ISO 27001/22301 Information Management System #
I coauthored a 27001 and 22301 information security and business continuity management system for the IT systems at a satellite company. The decision was made to build internal knowledge about the procedure by reading the primary ISO documents in order to produce and certify our own system rather than spend a huge amount on an external contractor to set everything up for us to operate. Great experience and learned a lot. We ultimately got the system certified and it’s been going strong through several years of operation and annual re-certification.
This experience filled an important gap. I’d been beholden to security requirements before, but reading primary sources and turning those into a certified management system has given me confidence that I can implement and operate any similarly standards based system.
SIS Synchronization and Automation #
One of the first large tasks I was given when I started as an analyst for a school district was to take the data in the student information system (SIS, an ERP for educational institutions) and mirror it to a Google Apps for Education (Workspace) domain. Essentially taking the user relational information, teachers, classes, student rosters, and mirroring them into Google Workspace groups and classrooms. That responsibility expanded to dozens of platforms across several departments covering educational tools, HR, state reporting, etc. The last incarnation of those tools was the result of years of changes but ended up mostly consisting of Python, Go, bash, and SQL running on a variety of cloud services managed in terraform templates.
Serverless functions when the tasks were short, ephemeral compute instances when the tasks were longer. Expensive state queries stored in S3 or Cloud Storage to serve as a cache to be consumed by workers to keep slow API calls to a minimum. Updates and fixes deployed using cloud CI/CD, docker, and git to keep things organized. The secrets required by tasks all stored in AWS or GCP Secrets Manager to follow best practices.
Using cloud storage service as event queues is still one of my favorite patterns. Plugging serverless calls into storage events seems to be a generally mature pattern to follow and results in a paper trail that’s easier to debug than one of the built-in queue services. Not the best choice for every problem, but can get you surprisingly far.
MyClasses #
I was the sole developer and maintainer of the district web application MyClasses. MyClasses was a Flask (Python) application hosted on AWS using EC2 auto scaling groups. OpenID Connect provided single sign on authentication with our identity provider. It consumed an API I wrote in Go that handled communication with our SIS. The original purpose was to provide features our SIS lacked but over time it became a central web portal for our district. It could manage student accounts, reset passwords, display schedules, consume grades, and provide teachers with oft-needed data exports. Parents used the app to view schedules and progress grades aggregated in a single location. Prior to my leaving the district I was hitting 30,000 MAU easily for somewhere around $400 a month in AWS spend.
Productivity Automation #
During my career I’ve also been the sole developer and maintainer of the following non-exhaustive list of applications:
- A web app that collects and manages requests for training conferences. Users can view past submissions and administrators have an interface for searching, editing, and removing entries.
- A single page application that manages bussing transportation requests for special education students.
- A single page serverless application that runs on AWS using Lambda and Aurora Serverless to provide a search interface for a massive database of historical transcripts. This included the conversion and OCR of some 600,000 documents using tessaract on cloud compute.
- A single page application that provides an index and search of board policies and administrative regulations.
- A single page application used to mass geocode addresses, filtered through GIS tools to assign schools based on addresses and district boundaries.
- A CLI application written in Go specifically designed to backup terabytes of data from S3 to an offsite storage location based on S3 inventory files.
- A CLI application written in Python to migrate close to 10tb of Google Shared Drive data to SharePoint in a manner that would record the source and destination URLs for every document migrated so that external reference links could be updated.
- A CLI application that synchronizes calendar events between Google Workspace and Office 365 calendars.
- An Azure App Functions web application that handles Slack style incoming webhook payloads and deliver’s them to Teams channels.
- A CLI application that consumes compliance tickets submitted to a CRM platform and submits them to a sanctions vendor via their API to verify the sanctions status of the potential vendor or client.
Cloud Solutions Architecture and Administration #
The above projects are the result of performing regular gap analysis and solution design focused on simplifying workflows and reducing costs. The vast majority of which are solved by employing services available on AWS, Azure, and Google Cloud Platform. The result over the last few years is a decent sized web of tools consuming those services that require some level of administration and maintenance for which I am responsible.