[<img id='icon' src='icon.png'/>](https://go.lunenetworks.com/nelson/resume/cloud) Nelson's Cloud & Networking Experience

Highlights

I spent most of my career working on networking and security infrastructure, with its natural evolution to the cloud.

Since pre-college days I have been working on a variety of projects, from physical networking (cabling coaxial, RJ45, dedicated T1 lines, and fiber) to cloud infrastructure (AWS, GCP, and Azure). It was networking projects (at the university and its partner educational institutions) that funded and paid for my college degree.

I worked on software for networking at various levels (from kernel to user land), including writing network link-layer device drivers and application level networking infrastructure, as well as software defined network infrastructure (SDN).

I have been working with public and private cloud providers for 15+ years, and I have worked in various multi-cloud efforts, connecting private data centers to the cloud, as well as connecting cloud providers to each other, using various methods: private links, VPC interconnect, transit gateways, VPN, IPSec, VPC peering, and others.

From my 15 patents:

6 are networking and cloud related: US 8161475 B2, US 8635331 B2, US 20110161391, US 8806480 B2, US 9223596 B1, WO 2017217988 A1

2 are cloud related: US 9223596 B1 and WO 2017217988 A1.

Extensive experience with Kubernetes and multi-cloud environments.

Detailed Experience

Networking

Logical Design: I participated in various, many complex networking designs, for both my employers and customers (when I had my consulting business,) ranging from small to large multi-region clusters.
- I have worked on designing and implementing the network infrastructure for latency-sensitive workloads, connecting to SDN infrastructure for insights on workload and selecting best appropriate routes and service endpoints.
- I also worked on highly-sensitive networking projects, where I designed and implemented access to strictly controlled workloads, crossing security perimeter boundaries with explicit controls in place.
Physical network design: I worked as a contractor helping connect educational institutions to the university’s campus and the Internet (UFRJ was one-of-three entry points of Internet for Brazil,) and as a Network Engineer for an ISP connecting customers to the ISP as well as modem arrays to the network, using fiber, RJ45, dedicated T1 lines, and coaxial cable.
Connectivity:
- Multiple OS: IBM/AIX, SunOS, Solaris, Novell Netware, Linux, and Windows.
- Hardware: Cisco, Juniper, and Arista.
- Application-level: F5, IAP (Identity-Aware Proxy), OAuth, and OIDC.
Scale:
- At Google, I architected and led the team that implemented the Developer Infrastructure virtualization, providing 100M+ network-aware and network-sensitive virtual machines for video recording and graphical remote desktop, across 10+ data centers, supporting 1B+ workloads.
- At Indeed, as part of migrating and reimagining the company as cloud- and mobile-first, we leveraged multi-region Kubernetes clusters and CDN to provide geographically distributed services to millions of users, with a high-availability SLA.
- Architect and developer manager of Brazilian Presidential Elections security system, used in every voting booth, every district network computer and every processing hub across the country. Largest synchronized deployed system ever built at the time.
  
  Featured case study by Microsoft, as the largest deployed network system to enforce security nationwide at technet.microsoft.com/en-us/library/cc750080.aspx
Software Development:
- I wrote kernel device drivers for network link-level networking, using Windows DDK, SoftICE, and NDIS, to provide application transparent encryption for uses in the (Brazilian) military and financial sectors.
  - In partnership with Fortress Technologies, we shipped He@tSeeker Pro transparent firewall to Brazilian and American markets, with support to Windows NT and Novell Netware.
  - Support for high-speed network cards.
  - Implemented ecliptic-curves and El Gamal network cryptography for the (Brazilian) military.
- For one of my startups (Oba!Web) I wrote network-level device drivers to prevent unauthorized (non-billable) access through the Internet kiosks, which was the flagship feature of the product.
- At InfoLink (largest ISP in Rio de Janeiro), I implemented an BSD-based firewall appliance solution, deployed to the customer-side dedicated lines of the ISP network, to provide anti-virus protection for Internet access.
Routing: working as a Network Engineer for an ISP and the university NOC, I worked with various routing protocols for ASN, including BGP and RIP.
Special Projects: looking to improve how distributed file systems work, in 2018 I started an OSS project ez[D]FS (“easy” FS) to release an open source alternative to complex distributed file systems, such as GlusterFS or Ceph, especially if you are security conscious and need to integrate encryption and authentication, e.g. with Kerberos and LDAP, and serve it through NFSv4. I worked on it for a few years, got to a MVP and used on my own projects, but the market apetite was not strong and in 2023 I decided to phase it out.

Cloud

Providers:
- Google Cloud: at Google, and Sourcegraph
- Amazon AWS: at Grab, Indeed, and Sourcegraph
Multi-cloud:
- Connectivity: To connect data centers to the cloud, cloud providers one to another, or to connect across accounts/customers within the same cloud provider, I worked with multiple technologies to achieve these goals: Transit Gateways, VPN, VPC Interconnect, VPC Peering, direct network routing, and others.
  - At Sourcegraph, I am working with both GCP and AWS to provide a seamless experience for customers. Sourcegraph’s core infrastructure resides on GCP, while some large customers are on AWS. We connect the two using various mechanisms, for both ingress and egress.
  - At both Indeed and Grab we connected various AWS accounts and customers together into a unified transparent system, using TWG, VPC, private links, and service endpoints.
- Software Development:
  - At Google OOS and Partnership team, I worked on the development of GCP support for Spinnaker, Netflix’s multi-cloud continuous delivery platform, enabling Netflix to use Google Cloud.
  - At Google Cloud Platform team, I worked on the Kubernetes project, contributing to the first version of the product.
Private-to-public: I got hired at Indeed to drive the company’s employer and candidate divisions move to the cloud. Not simply a lift-and-shift, but to reimagine how 2500+ Engineers develop and release software for the modern cloud technologies. Leading a team of 100+ Engineers in the Platform group, I delivered a push-on-green system that dramatically reduced the time to developer and release new features, improved reliability, observability, and performance by an order of magnitude.

Kubernetes

At the intersection of cloud and networking, I worked extensively with Kubernetes, leveraging various distributions and clusters of multiple sizes and complexities.

Distributions: GKE, EKS, OpenShift, Heptio, “vanilla” (kubeadm), and Minicube.

Due to a partnership between Grab and Amazon, I worked directly with the Amazon EKS team, meeting with their Engineering team regularly at Amazon’s HQ in Seattle, discussing Grab’s need for realtime large-scale ride-hailing applications, and having access to pre-release features and builds.

Also, Indeed and Sourcegraph are heavily based on Kubernetes, and I worked on its design and delivery, including security controls (CIS20) and using dynamic access policies such as Entitle.