DevOps Engineer | Serverless Architect | Infrastructure Automation
U.S. Army Master Sergeant (E-8) turned self-taught full-stack developer with TS/SCI clearance. Proven at leading teams and delivering data-driven results under extreme pressure. Now channeling that discipline into AWS, Terraform, serverless, and AI tooling — shipping real solutions like the BusBuddy C# app that cut operational errors 30%.
Wiley, Colorado 719-640-2230 bigessfour@gmail.com LinkedIn
Production site for townofwiley.gov — SPA on AWS Amplify with AppSync CMS and serverless Lambdas.
Live site →Municipal finance workspace — Blazor WebAssembly on AWS Amplify with Aurora, thin API, and Syncfusion UI.
Live app →Real-time reporting app — 30% error reduction in district transportation.
This portfolio — agent-assisted build (context rules, MCP, CI-gated deploy), serverless visitor counter, EJ2 UI, and IaC on GitHub Actions.
View stack →React + Flask + Ollama behind an ALB with private-subnet ASGs.
Live demo →4 credentials
Taking my past experiences, developing new tech skills to bring meaningful tools to existing problems
Projects
Production municipal website for Wiley, Colorado — Angular SPA hosted on AWS Amplify with Amplify Studio / AppSync CMS, bilingual EN/ES, document hub, NWS weather proxy, severe-weather alert signup, contact-update workflows, SES email alias routing, and Paystar payment integration scaffold.
Wiley Widget for AWS — hosted Blazor WebAssembly municipal finance workspace with Syncfusion panel-first UI, Aurora PostgreSQL, thin API on App Runner, Cognito auth, QuickBooks import pipeline, and Jarvis AI recommendations via xAI/Grok integration.
Production transportation reporting application integrating with SQL databases — delivered measurable operational improvements including a 30% reduction in errors.
This site — glassmorphism UI, live visitor counter, IaC-managed infrastructure, and CI/CD deployment pipeline. Built with context-first agent workflows and automated quality gates before every production release.
Full-stack AI chat — React SPA, Flask API, and Ollama (gemma:2b) behind an ALB with private-subnet Auto Scaling Groups, Terraform IaC, and GHCR container delivery.
Experience
Education
Colorado State University, Fort Collins, CO
Associate-level: Management (24 SH), Health Sciences (21 SH), Logistics (18 SH)
Vocational: Motor Transport (15 SH), Supply Chain (12 SH)
Skills
Visual Studio, GitHub, Microsoft Access/Excel (VBA/Pivot), SharePoint, Flask, React (Code Platoon — Bedrock module), Amazon SageMaker & Bedrock consoles
Windows, macOS
C# (.NET), SQL, Python & Flask, VBA, HTML/CSS basics
Tools: SQL, Tableau, Python, Microsoft Excel & Google Sheets, Kaggle, presentation tools (Google Slides / PowerPoint)
Practice: ask data-driven questions; prepare, clean, and process datasets; exploratory analysis; dashboards and stakeholder visualizations; recommendations from analysis; capstone case study
AI for analytics: data cleaning and structuring, complex formulas, analysis prep, and visualization planning (per Google Data Analytics Certificate curriculum)
Agile/Scrum, Data Pipelines, Remote Dev Environments, Unix/CLI & shell workflows, Terraform (IaC, modules, remote state), GitHub Actions CI/CD, AWS deployments & networking fundamentals, Kubernetes, LangChain, Amazon SageMaker (ML pipelines), Amazon Bedrock (RAG, agents & flows), Amazon Lex, prompt engineering & production AI evaluation
Code Platoon (Echo): aico-echo curriculum → · program overview →
Workflow: context-first agent development — repository rules for static EJ2, Syncfusion MCP for component guidance, plan-then-implement prompts, and scoped follow-ups (markup, theme, controls, CI, deploy).
Governance: human review before merge; ESLint, HTMLHint, and Prettier in CI; deploy pipeline blocks committed secrets and generates runtime config at release.
Delivered: mockup-aligned landing, OIDC GitHub Actions → S3/CloudFront, visitor API wiring, and iterative portfolio updates on a static CDN stack.
AWS serverless stack deployed with Terraform and GitHub Actions OIDC — see the AWS Resources section for challenge progress and live infrastructure inventory.
Cloud Resume Challenge
Progress against the official AWS challenge and the Terraform-managed services running this portfolio. Full architecture diagram and runbook live in the infra repo.
GET /visitors endpoint with CORS for the resume site
CRC steps 7–9
visitor_counter.tf →Lambda execution logs with 14-day retention
Ops / observability
visitor_counter.tf →Documented protections from AWS security guidance. Paid services (WAF, Shield Advanced, GuardDuty) are intentionally not used. No account IDs, role ARNs, or alert emails are published here.
Managed DDoS protection at the CloudFront and Route 53 edge — included for all AWS customers.
AWS docs →All four block-public settings, SSE-S3 (AES256), versioning, and bucket-owner enforced ownership.
AWS docs → storage.tf →Origin Access Control for private S3 reads plus DenyInsecureTransport on the bucket policy.
AWS docs → cdn.tf →CloudFront policy adds HSTS, XSS protection, frame deny, and referrer policy on every response.
AWS docs → cdn.tf →CI/CD uses short-lived STS credentials — no long-lived AWS access keys in GitHub.
AWS docs → bootstrap/main.tf →IAM trust policy allows only the infra and frontend repos on the main branch to assume the deploy role.
AWS docs → bootstrap/main.tf →HTTP API stage rate and burst limits return 429 when traffic exceeds configured thresholds.
AWS docs → visitor_counter.tf →Visitor API accepts browser requests only from production site origins (plus localhost for local dev).
AWS docs → visitor_counter.tf →Execution role grants DynamoDB GetItem and UpdateItem on the visitor counter table only.
AWS docs → visitor_counter.tf →Reserved concurrency limits parallel executions to reduce runaway cost during abuse.
AWS docs → visitor_counter.tf →External-access analyzer monitors for unintended public or cross-account resource access.
AWS docs → security.tf →Monthly cost budget notifies the account owner on forecast and actual spend — alert email set in private tfvars only.
AWS docs → budgets.tf →Standard Lambda metrics trigger alarms on errors and unusually high daily invocations.
AWS docs → security.tf →GitHub supply chain: branch protection, secret scanning, Dependabot, and manual approval on infra prod deploys (repo settings). Secrets and license keys are injected at deploy — never committed to source control.
Remote state storage for infrastructure versioning
CRC step 12
bootstrap/main.tf →Terraform state locking — prevents concurrent applies
CRC step 12
bootstrap/main.tf →GitHub Actions federation — no long-lived AWS keys in CI
CRC steps 14–15
bootstrap/main.tf →Scoped permissions for Terraform apply and S3 deploy
CRC steps 14–15
bootstrap/main.tf →js/config.js
Credentials
Amazon Web Services Training and Certification
Verify credential →
Coursera · Google
Verify credential →AI Cloud & DevOps Engineering · Echo Platoon
View aico-echo curriculum →The Manufacturing Institute · 25+ Foundational Badges
Open Map My Future →Recognition
Contact