Wesley Tuzza
Design
Auckland, New Zealand
Skills
DevOps
Terraform
AWS (Amazon Web Services)
Docker
About
Wesley Tuzza is a highly skilled Senior Security and DevOps Engineer with 14 years of experience, currently working at Kademi in Auckland. He has been instrumental in driving improvements in security and DevOps domains, leading his team to achieve SOC2 Type II compliance and enhancing deployment workflows. Wesley has expertise in AWS, GitHub, encryption, database security, CI/CD, and SaaS solutions. In his previous roles at Canva and Tuzza Technology Services, he demonstrated his proficiency in infrastructure security, Cloudflare, collaboration, continuous learning, and custom app development.
View more
Acomplishments
A landmark achievement in my career was leading Kademi to attain SOC2 Type II compliance. This rigorous process not only demonstrated our unwavering dedication to security and privacy standards but also reinforced our commitment to transparency. The meticulous documentation and process refinement involved were critical to our success and have set a high bar for security practices within the cloud services sphere.
Another notable accomplishment was the enhancement of Kademi's content delivery network framework to expedite the delivery of large video files directly from S3. This innovation bypassed the need for server calls, delivering a superior user experience. This improvement not only elevated service levels but also showcased my ability to leverage technology for efficiency and performance gains
Work Experience
Software Engineer
Canva
April 2021 - November 2021
- During my tenure at Canva, I was an integral part of the Edge Systems Security department.
- My primary responsibilities and achievements included:
- Infrastructure Security: Spearheaded the configuration and maintenance of security measures at the edge of Canva's infrastructure, ensuring robust protection against potential threats and vulnerabilities.
- Cloudflare Expertise: Gained in-depth knowledge and hands-on experience with Cloudflare's suite of security tools.
- This involved setting up, optimizing, and monitoring firewall rules to safeguard Canva's web assets from malicious activities.
- Cloudflare Workers: Configured and deployed Cloudflare Workers to enhance the performance, resilience, and security of Canva's web applications at the edge.
- This not only improved the user experience but also fortified the security posture of the platform.
- Collaboration & Teamwork: Worked closely with cross-functional teams, including network engineers, application developers, and cybersecurity experts, to ensure a holistic approach to edge security.
- Regularly participated in security reviews, threat modeling sessions, and brainstorming meetings to devise innovative security solutions.
- Continuous Learning: Stayed updated with the latest security trends, threats, and best practices, ensuring that Canva's edge security measures were always a step ahead of potential cyber adversaries.
Software Engineer
Kademi
December 2014 - March 2018
- Kademi is a SaaS platform designed to create an incredible user experience on all fronts while making the platform easy to use and highly customizable.
- The platform is based on Java 8 and uses technologies that include PostgreSQL, Hibernate, Spring, Grizzly and Milton.io. Hosted on Amazon Web Services (AWS) I have gained the skills to design, build and maintain Cloudbased platforms which consist of high available load-balanced servers, these include technologies such as Docker, Shell scripts, Build servers, CI servers and more.
- Achievements: I built several successful platform features including eCommerce, Auctions, Social Interactions and KChat which is a live support feature that uses WebSockets as well as integration with Amazon Web Services that allows users of the platform to manage and buy domains using Route53, Apply SSL/ TLS to their websites, using a free certificate utilising Amazon Certificate Manager and providing a dedicated CDN using CloudFront, all with very little interaction from the user. I designed and implemented a framework in Kademi that will auto-provision a dedicated CDN instance for each website.
- To speed up static content delivery and reduce the load on Kademi infrastructure. Kademi creates a dedicated CDN CloudFront instance for each website that gets created dynamically and is dedicated to that website. This can cache any static content from the website.
Senior Security and DevOps Engineer
Kademi
December 2021 - Present
- In my current role at Kademi, I've been instrumental in driving significant improvements in both security and DevOps domains.
- My key contributions include:
- SOC2 Type II Compliance: Successfully led Kademi to achieve SOC2 Type II compliance, ensuring stringent security and privacy standards for our cloud services.
- Deployment Workflow: Overhauled and streamlined the deployment workflow for enhanced reliability.
- Documented the entire process to empower team members with clear guidelines and procedures. CI/CD Transition: Transitioned from Jenkins to GitHub Actions for continuous integration and deployment, democratizing the QA environment updates for all staff members.
- Principle of Least Privilege: Implemented a "Principle of Least Privilege" approach across the organization, bolstering security by ensuring minimal access rights for tasks.
- Okta Integration: Integrated Okta for Single Sign-On (SSO) across all compatible systems, enhancing security and user experience.
- AWS Access Overhaul: Transitioned AWS access to an SSO-based model, eliminating the need for root account details and enhancing security.
- Email System Migration: Migrated the organization's email system from Fastmail to Google Workspace and integrated it with Okta for seamless and secure access.
- GitHub Enterprise: Transitioned Kademi's GitHub account to a role-based setup using GitHub Enterprise, integrated with Okta for enhanced access control.
- Communication Tools: Migrated from a self-hosted RocketChat to Slack, integrating it with SSO/Okta for a secure and unified communication experience.
- Documentation for Compliance: Diligently documented processes to ensure SOC 2 compliance, reinforcing Kademi's commitment to security and transparency.
- Database Security: Migrated production cluster databases/RDS to an encryption-at-rest model, ensuring data security and compliance with industry best practices.
Owner/Developer/DevOps
Tuzza Technology Services
April 2018 - Present
- Services I provide:
- Creating custom apps in Kademi for clients by collaborating with them and members of the Kademi team, to create a unique, bespoke application that is a tailor-made solution to their problem.
- Customer support and communication
- Dealing with technically challenged clients
- Translating customer requests and queries into a workable design
- Translating technical issues and features into a language that clients understand by perceiving their exact needs and using out of the box thinking to achieve the desired result * Creating custom data imports that import large amounts of data using MapReduce.
- Managing and updating AWS infrastructure.
- Designing and implementing custom platforms using Spring Boot MVC.
- Implementing website designs using HTML5, CSS5, Bootstrap and JQuery.
- Designing and deploying workflows in AWS using CloudFormation, Opsworks, AWS RDS, Docker and Jenkins.
- Researching and configuring vulnerability scanners for up-to-date vulnerability assessments in order to implement better security measures and practises.
- Configuring and implementing various SSO solutions like OAuth2 and OpenID Connect Achievements: I recently made an addition to Kademi's CDN framework. This can now also deliver larger video files from S3 without the delay of having to call the server.
- This has provided superior service to users, thus improving their overall experience.