eVAndrofisiCO
 

Curriculum Vitae

About Me

In my current job I'm responsible for coordinating network security, managing our private cloud infrastructure and integrating our infrastructure and development teams. Although my education is on Statistical Physics, I was always very interested in computing, and ended up using those skills building computing clusters for research purposes during my graduation and masters degree.

As part of my PhD training, I have experience teaching and mentoring and my current job provides me with a lot of experience producing technical documents, as well as preparing training materials.

Table of Contents

Skills

Development

Web

Most of my web development experience is focused on adding functionality and integrating features on large preexisting projects, such as roundcube, nextcloud, movim, extending them via plugins and integrating them via well stabilised protocols. On the backend I'm proficient in php, and on the frontend I can develop applications using vanilla JS, css and html5, alongside with modern web technologies, being capable of turning one regular application into a progressive web application with little to no modifications.

Another of my talents on web development is the capability to understand and quickly debug large codebases, both for speed optimizations and security, using my expertise in systems administration and architecture to enable the migration of such applications to new architectures (e.g AWS, horizontal scaling) or to find speed bottlenecks and suggest enhancements.

Systems Programming

My absolutely favorite language for systems programming is Lua, a Brazilian language developed at PUC-RIO. As embedded language, it is mostly used as an scripting engine inside other applications, such as it's most famous use in World of Warcraft. Most of my experience with Lua is as an application language, running on the luajit runtime, powering data aggregation daemons, automating API data consumptions (e.g Zabbix json-rpc interface), log aggregation and data visualization. Besides Lua, I can do systems programing in both C and C++ and I'm proficient in the typical unix system software life cycle, being capable of building, debugging and profiling software such as daemons though the Linux kernel and hypervisors such as the Xen kernel.

On the scripting side, I'm a capable shell script writer, having written scripts used for backup jobs, virtual machine integration and general automation. Sometimes use Bash shell scripting as prototyping for more complex functionalities of larger programs.

Distributed Architectures

I have experience developing and integrating platforms and administrating distributed and highly available systems, using message queue platforms and protocols such as RabbitMQ and MQTT; multiple NoSQL databases and services such as Redis, MongoDB and MemcacheDB; and load balancers such as openresty and haproxy.

Scientific Simulations

As a trained PhD in Statistic Physics and complexity, a large part of my research depends on computer simulations. Most of my code implements cellular automata build to investigate emergent properties on complex systems. As it is a particularly computation intense problem, I usually use C and C++ for the simulation code itself, with data analysis being done on a mix of gnuplot, python and bash scripting.

Another feature of such simulations is the runtime. For some of the higher dimensions (6+1), the largest systems run to up to 24 months, requiring precision and planning on memory allocation and resources consumption.

System Administration

I have over 20 years of experience in GNU/Linux, 15 years on *BSD systems, from building custom distributions from scratch, from embedded systems and desktops to supercomputing clusters and datacenters.

Lots of experience on open source hypervisors, such as Xen and KVM, having started to use Xen open source version on production systems from version 3.1. I have experience on the whole storage stack, from the block layer, lvm, multipath, fiber channel, nbd, glusterfs and other filesystems technologies. On the network side, I've implemented numerous technologies, from the lower layers (LACP, vlan, bridging) to routing, firewalls (pf) and authentication protocols (freeradius).

Services Integration

Besides being capable of buiding infrastructure with high performance and high availability, I'm very interested in providing services to the end users. From my first job at the University of Brasília I have always administered multiple backend and user facing services, all based on open source software. As examples of user facing services, I can list email, including spam and virus filtering, http proxies, multimedia applications, file storage and monitoring. As a small example, I list below some software and technologies I've implemented on the last 20 years working with open-source software:

  • Mail Delivery Systems: Dovecot, Postfix, spamassassim, rspamd, roundcube
  • Multimedia applications: RTMP, html5 video, transverse proxies
  • Systems monitoring: Cacti, Nagios, Zabbix
  • Http servers: apache, nginx/openresty, tomcat, wildfly
  • http proxies: e2guardian, squid
  • Source control and Continuous integration: svn, git, Gitlab, Jenkins, docker

With my current repertoire, I'm capable of building solutions for many technological problems, using as a base open source software, being capable of solving problems and offering services with low cost and high availability, with agility.

Security

I have experience and knowledge on security, being capable of implementing and producing security policies for the whole software process, and also the more "hands on" aspects of security, such as implementing software for resources such as firewalls, email security, proxies, IDS/IPS and SIEM. Integration of those tools with monitoring and visualisation tools.

Education

Doctorate

I worked on my Doctor/PhD degree from August 2008 to October 2013 at Universidade de Brasilia, Brasilia-DF, Brazil. My main focus was on Complex Systems, Out of Equilibrium Statistic Physics. On my thesis, titled Dynamics of Etching: Critical exponents, Galilean invariance and upper critical dimension, I propose a multidimensional version of the Etching model and use it's results to analyse some open questions on models of the KPZ universality class, such as the existence of an upper critical dimension and the validity of the Galilean invariance.

Most of the work consisted of building a theoretical framework of the model, and then developing the cellular automaton implementation of it. Simulation code was written in C++, as some of the higher dimension surface simulations would take months to produce data with a acceptable noise, and data analysis automated through the use of a mix of bash, gnuplot, python and lua scripts.

As a PhD student, I got involved with teaching and also as a sort of informal advisor of new students on the research group, mostly helping with more practical aspects of their research, such as general math, tips on writing grants proposals and most of all, and most of all, helping with scientific computing, from the very basics of data analysis to algorithm optimization and converting mathematical models to viable code.

During those five years I was supervised by Professor Fernando Albuquerque Oliveira & Professor Bernardo Assunção Mello.

Masters

From July,2005 to January,2008 I studied for my masters degree at Universidade de Brasília, Brasilia-DF, Brazil. During that period, I learned about discreet growth models, focusing on the one dimensional Etching model. Based on this knowledge, I produced my master thesis, titled Velocity correlation on a etching model. On it, I did analyse speed correlation on the Etching model, obtaining a new scaling relation for the correlation time.

Graduate

A peculiarity of Brazilian universities, on some subjects there are some more research focused degrees and some teaching focused degrees on the same subjects. As always considered teaching (specially in college) as a career, I did get both a bachelor in Physics and in teaching Physics. If I would describe, in terms of the American education system, like a major in Physics and a minor in education.

I entered Universidade de Brasilia in March, 2001 and graduated in July, 2005. One year latter, I concluded my bachelor in education. During this time I focused on Computation Biology on a undergrad research project and later on General Relativity. Also, during this period I worked on the Physics Institute Scientific Computation Lab (LCC), where I had an unique opportunity to learn a lot about UNIX, Linux and network services in general.

Work Experience

Companhia Nacional de Abastecimento

Since 2006 I've been working at a Brazilian federal government owned Company, the Compania Nacional de Abastecimento, or Conab. I started working as a sysadmin there during my second year of my Masters, so one acquired skill was balancing a full time job with academic research. The Company was going through a massive technological upheaval, after years of underfunding. One directive set by the Directors Board was to focus on the use of open source software as a means to achieve technological development with agility.

As I started working there, a strong technological foundation was already set, with all new development being done on open platforms such as Java+Jboss, Postgres and Hibernate. On the infrastructure side, services running o Debian GNU/Linux, with desktop authentication on Samba 3.x and OpenLDAP.

In the long gone years of 2005/2006, virtualization was a new, hot thing, and open source hypervisors where just starting to became stable enough for production, an as such, my first assignment was developing a new architecture for running services using the Xen (2.x) source patches and DRBD, which had just merged the master/master feature. Within the scope of this project, I designed our private cloud infrastructure, evolving into a 20 something nodes cluster using fiber channel SAN for storage, xen+libvirt+python for management and a high availability network stack.

From 2008 to 2013 the Company had an cooperation agreement with the United Nations Development Program (PNUD), under which we hired some consultants focused in implementing open source solutions in an infrastructure context. As a technical coordinator of this program, I was responsible for overseeing projects metrics, managing team tasks, reports and also working as a developer, integrator and systems administrator. Some highlights of the projects include:

  • Company wide network revamp, implementing network segmentation with VLANs and authentication based on freeRadius and development of custom tools for radius management;
  • Implementation of an open source backup solution based on Bacula;
  • Enhancements to the previously existing squid web proxies, implementing a ticket solution to speedup whitelisting of websites based on user input, proxy cluster management and configuration;
  • Implementation of an high availability FreeBSD based firewall cluster using PF as the filtering engine and CARP for network state replication;
  • Implementation of open source Security information and Event Management (SIEM) Solution based on AlienVault;
  • A reverse proxy infrastructure integrated with a open source web application firewall and integrated to the SIEM solution;
  • Implementation of asset and services monitoring using zabbix and implementation of a data integration and visualization tool for NOC style visualization;
  • Planning and executing a datacenter migration with less than 4 hours downtime;

In 2013, after the cooperation agreement's end, we hired a new team via public contest, aka, an open selection with a series of tests. I became the main responsible for training the new fourteen person team. We new resources, we reorganized the IT infrastructure management unit, dividing it into more specialized teams, and I became the leader of the Operating Systems and Security Team. Among the team responsibilities are software integration and development, Datacenter management, software architecture and systems troubleshooting. Some recent projects as the leader of the new team include

  • ConabApps, a self hosted "Google Apps for your Domain" alternative, offering mobile services such as email, cloud storage and web based office suite (in beta), build with open source software and keeping all data on premise;
  • ConabLive, a Live video delivery network, for bandwidth optimization
  • A Campus wide open source wireless controller, using FreeRadius and dd-wrt on Common off the shelf access points;
  • Development of a Container architecture for microservice based applications and migration of legacy applications developed on premise;
  • Migrating company wide desktop authentication from a system based on OpenLDAP+Samba3 to Samba4, with a syncronization system based on LSC to support legacy application authentication;
  • Implementing a new build and continous integration system for our Java (Tomcat) and PHP (Apache running on docker containers) applications;

Physics Institute Scientific Computation Lab

While studying as an undergrad at the physics institute of Universidade de Brasilia, worked as an intern under Professor Felipe Beaklini, from 2003 to 2005. During those years, I had some unique opportunities, as a research institution usually allows for rich and varied experiences. Beyond the usual expected activities for an intern, I had the chance to work with interesting people and develop cool tech. One of the first tasks on the lab was the migration from the old Windows NT/Windows 2000 domain and workstations to Slackware Linux for the student facilites.

The Lab core computation services for researchers were provided by UNIX workstations (HP-UX, SunOS and IRIX). As most of those systems were quite old and had no more security updates for some years, my team implemented some security resources based on OpenBSD, including a transparent proxy (aka a proxy without NAT) and web filtering software based on Squid and Dansguardian. On the network front, we reorganized the network, providing new authentication services, an student dedicated email service and developed a web based printing and quota controling printing tool.

With the acquisition of new hardware for the lab in 2004, I had the opportunity to work on the conversion of the user facing workstation into a High Performance Cluster for Scientific Computing using OpenMosix. This cluster was mainly used by masters/phd students to run physics simulations. As I have always somewhat interested in embedded development and operating systems, this presented as a chance to build my own OS. Using the Linux From Scratch manual and peeking at the build system for Slackware (Slackbuilds), I build a custom made kernel and userland for the cluster, booting from the network as a initramfs. This custom operating system only had the bare minimum of libraries to support running static build programs for the cluster, and as such was contained in mere 5Mb (3Mb for the userland+2Mb for the Linux/OpenMosix kernel).

Research

International Center for Condensed Matter Physics

I am currently a associated researcher in the International Center for Condensed Matter Physics (ICCMP) in Universidade de Brasília, Brasilia-DF. Part of my obligations include researching Complex Systems and emergent behaviour in surface growth of systems belonging to the KPZ universality class via the use of computational models of such systems and methods for simulation data analysis for higher dimension (6 + 1) surfaces. Currently co-advising a PhD student (COLOCAR CURRICULO DO RAMONES).

Proteomics Lab, Biology Institute

As an undergrad, form 2005 to 2006, I did also work in a undergraduate research internship, as a part of a Research initiation program, or PIBIC, in the Biology Institute Proteomics Lab under Professor Wagner Fontes. The main idea was to build a high performance computing cluster for Proteomics research and to port various software packages to work on said cluster architecture.

The cluster building was a success, as I had previous experience with high performance computing, with the second part was partial, as the idea was to speedup various proteomics data analysis tools, and some of those used system access methods incompatible with both OpenMosix and the more common beowulf cluster, based on queue management tools like maui. We were only capable of running the opensource packages, as those were relatively easy to tweak to run in a distributed manner.

Published Works

Oral Presentations

2011: Rodrigues, E. A.; Montenegro T. S. Creation of a free software virtualization management plattform. (International Free Software Forum).

2011: Izawa, M. M. ; Lapas, L. C. ; F. A. Oliveira ; Moraes, B. S. ; Rodrigues, E. A. ; Izawa, S. M. . Complex network Analysis of the urban transportation system of Distrito Federal (Brazil). 18th Brazilian Transit and Transportation Congress.

Languages

Portuguese: First language

English: Advanced Conversationally fluent

Spanish: Intermediate

^