README.md

Ryan Parman • jobs@ryanparman.com

Cloud Engineering Leader • Innovator • Problem Solver; looking for roles in technical leadership and engineering management.

Links: GitHub (personal) • GitHub (side project) • LinkedIn • Stack Overflow • Role-targeted résumés
Format: Web • PDF • Word • OpenDocument

Summary

Cloud engineering leader with a diverse background spanning design, development, security, and innovation. Proven expertise in building scalable infrastructure, driving efficiency, and enhancing user experience. Adept at leading teams, streamlining complex processes, and fostering knowledge-sharing cultures. Passionate about solving real-world problems through technology, security, and strategic thinking.

Key Skills

Cloud Engineering and Infrastructure Security and Compliance

Technical Leadership and Team Building Documentation and Knowledge Sharing

Cost Optimization and Strategic Planning Open Source Development

Work Experience

McGraw Hill — Remote (since COVID), previously Seattle, WA

McGraw Hill is a learning science company which produces textbooks, digital learning tools, and adaptive technology to enhance learning. It is one of the “big three” educational publishers in the U.S.

Principal Engineer, Cloud Center of Excellence (January 2024—October 2024)

• Joined a team whose mission was to provide guidance and support in the cloud journey of the entire organization.
• Started development on v2 of a project which scanned AWS accounts for misconfigurations and vulnerabilities. Goal was to reduce an AWS Well-Architected review from 2 weeks to 2 hours with automated scans, enabling more reviews annually (10 → 100).
• Managed the migration from CentOS to Amazon Linux before the CentOS end-of-life date.
• Proposed best practices, guardrails, and security measures to ensure a secure and efficient cloud environment.
• Identified opportunities to extend the security measures and guardrails devised for AWS to other cloud platforms.

Principal Cloud and Platform Engineer (June 2020—January 2024)

• Led the team who supported all SRE and product engineering teams, scaling core platforms and services as every school in America transitioned to online learning during the COVID-19 lockdowns.
• Authored/edited over 1,800 Confluence documents with the goal of reducing tribal knowledge.
• Partnered with Enterprise Architecture and AWS Professional Services to deploy Control Tower and Identity Center, resulting in lowered costs and improved control over account guardrails.
• Managed the Base AMI program (server disk images). Leveraged insights from CIS, security patching, and internal needs to develop a unified build pipeline integrating best practices. Reduced time-to-boot, and eliminated engineering toil (1 → 10).
• Conducted comprehensive scans of Route 53 to obtain a mapping of the company’s thousands of active websites. Prioritized identifying and remediating misconfigurations, rotating certificates, and increasing visibility.
• Grew and ran a project which evaluated AWS accounts for high-priority misconfigurations and vulnerabilities. Included a high-level score (friendly competition), explanations of the issues (security education), and instructions for fixing (driving forward). Became a trusted tool across the organization (1 → 10).
• Implemented the custom Linux runtime environment used by self-hosted GitHub Actions runners.
• Spearheaded the Artifactory Rebuild project. Ran the project from inception to completion, including the majority of development. Directed effort across ~80 teams and ~300 services to complete the project.
• Enabled continuous token and password rotation for engineering teams by designing and deploying a Token Vending Machine, improving security.
• Adapted the Monitoring-as-Code tooling/methodology to abstract-away the underlying vendor, streamlining a vendor migration (New Relic, Datadog) (1 → 10).
• Resolved all technology blockers preventing migration lower-cost ARM64 CPUs, opening the door for ~$450k/year in cost savings.
• Led dozens of smaller projects, offered guidance to engineers on best practices, and documented knowledge.

Engineering Manager, Site Reliability (October 2018—June 2020)

• Managed a team of four, while working to level-up the team's technical skills and leadership capabilities. Conducted regular 1:1s, performance reviews, and career development discussions.
• Revamped the SRE interview process to prioritize a 70/30 focus on software engineering (Dev) and systems operations (Ops). Emphasized leadership qualities, bias for action, and high curiosity.
• Led the Site Reliability Engineering (SRE) team in addressing macro problems affecting engineering, empowering self-service.
• Established a process for maintaining reusable Terraform modules which teams leveraged to compose infrastructure.
• Customized the Amazon Linux AMIs to comply with Level-2 CIS Guidelines for both Amazon Linux and Docker. Liaised with cybersecurity, operations, and business units to ensure compliance (0 → 1).
• Invented custom security and operational tooling to understand the current posture of AWS accounts where off-the-shelf tools did not meet the needs of the organization (0 → 1).
• Reduced the time to deploy a new service from dozens of weeks to a single meeting by implementing a Monitoring-as-Code methodology, and defining broad-use Service Level Objectives (SLOs) (New Relic, Datadog) (0 → 1).

Staff Software Engineer (October 2016—October 2018)

• Led the development of Tier-1 services within the educational content authoring pipeline, leveraging technologies such as REST, GraphQL, API design, Amazon ECS (similar to Kubernetes), Docker, Terraform, ePubs, and security best practices.
• Led the development of the authoring component of the SmartBook 2.0 product, and the internal system which indexes authored content, builds ePubs, and encodes images/video for the ePub CDN using ffmpeg.
• Established the technical direction of these projects, promoted adoption across the organization, published comprehensive documentation, and offered ongoing integration guidance.
• Accelerated the adoption of CI/CD, rapid deployment practices, and Docker containers, shortening the feedback loop for developers and increasing the reliability of deployments.
• Served as a core resource in adopting Infrastructure-as-Code (IaC) tools such as Terraform and Packer.

WePay — Redwood City, CA

WePay is an online payment service provider which provides “payments for platforms”, where examples of platforms are GoFundMe, Care.com, and Xbox. JPMorgan Chase acquired WePay in October 2017.

DevOps Engineer (April 2015—September 2016)

• Led a cross-company initiative to upgrade the monolithic application from PHP 5.4 to PHP 5.6 (the latest at the time). Facilitated cross-team collaboration among all major engineering teams and QA departments to achieve results.
• Initiated a program to automate the creation of base server images for cloud servers. This allowed new servers to boot and begin serving traffic ~75% faster.
• Invested in monitoring and alerting systems to prevent customer-facing issues (New Relic, Grafana).
• Explored configuration-as-code for cloud infrastructure in Google Cloud Platform to improve reliability and efficiency.

Senior API Engineer (April 2014—April 2015)

• Led the company’s HackerOne security program, coordinating across teams to address security issues.
• Built a local development environment for engineering teams using Vagrant. Eliminated "works on my machine", and reduced new engineer onboarding time from 2 weeks to 1 day (measured by when a new employee could make their first commit).
• Expanded WePay’s payment security offerings by designing MFA-as-a-Service (U.S. patent filing US15042104).

Amazon Web Services — Seattle, WA

Amazon Web Services provides on-demand cloud computing platforms and APIs to individuals, companies, and governments, on a metered, pay-as-you-go basis.

Web Development Engineer II (March 2010—April 2014)

• Created the AWS SDK for PHP, enabling AWS to reach millions of new developers.
• Initiated the creation of AWS SDK for PHP v2 to address changes in the PHP language and growth of AWS services.
• Led one of the first teams to provide reusable UI building blocks for the AWS Management Console, by collaborating directly with the AWS Design team.
• Invested in increased transparency, better communication, and improved tooling for developers. [Examples]

Older roles, side projects

See “Previous experience, side projects” for additional details.

• Northwood Labs — Owner (January 2024—Present)
• PCR Publishing (Side-Project) — Editor, Typesetter, Publisher, Book Producer (April 2021–April 2022)
• Perimeter of Wisdom, LLC (defunct) — Co-Owner, CTO, Producer (February 2015—2018)
• Rearden Commerce (now Deem) — Senior User Experience Developer (July 2008—March 2010)
• WarpShare (defunct) — Co-Founder and Chief Information Officer (September 2006—March 2010)
• Yahoo! — Front-end Developer (Contract), Yahoo! Messenger (November 2007—January 2008)
• Stryker — User Interface Developer (Contract) (May 2005—September 2006)
• Digital Impact (now part of Axciom) — Production Specialist (March 2004—April 2005)

Projects

Proof that I can code, call APIs, interact with SDKs, and build user-facing software. I have live-coding anxiety, so live-coding interviews will always present me at my worst, not my best.

• DevSec Tools: Building a website, CLI tool, and Go library for identifying potential security configuration issues (in-progress).
• Custom Linux Packages: Building a repository of custom Linux packages (in-progress).
• CSP Evaluator: Building a parser and evaluator for Content Security Policy (CSP) directives in Go (in-progress).
• Terraform Provider: Built a custom provider which provides a set of utility functions for use in Terraform/OpenTofu.
• Multi-Platform Docker: Built a downloader for GitHub release assets which simplifies building multi-platform images.
• AWS Organization Security: Built a library + CLI tool which simplifies the hub-and-spoke pattern for multi-account orgs.
• AWS Session Manager: Built a TUI for simplifying connections to SSM-enabled EC2 instances using your Terminal.

Examples of Technical Documentation

Here are examples of my public-facing documentation:

• Setting up macOS for development
• Local AWS Lambda environments (with Go)
• Local development environment (devsec-tools)
• Configuring DataGrip for Valkey (devsec-tools)
• Diagrams of Artifactory infrastructure and software configuration.
• Diagram of a secrets-rotation system.

Recommendations

See a selective list of recommendations from co-workers and peers.

Patents and Notable Open-Source

• U.S. patent filing, “System and Methods for User Authentication across Multiple Domains” (US15042104) (2016)
• U.S. patent filing, “Hive-based Peer-to-Peer Network” (US8103870B2) (2007)
• SimplePie — An RSS parser for PHP; founded in 2004; integrated into WordPress core since 2009. Millions of global users.
• CloudFusion — A PHP SDK for AWS; founded in 2005; later became the official AWS SDK for PHP. Millions of global users.

Skills

This list is not exhaustive, but these are software and hard skills I leveraged in the roles above.

CI/CD, DevOps, DevSecOps, ARM64, AWS Well-Architected, AWS, Amazon Web Services, Ansible, Artifactory, Bash, CIS, CentOS, CircleCI, CloudFormation, CloudWatch, Confluence, Control Tower, Docker, ECS, GitHub Actions, GitHub Enterprise, Git, Go, GraphQL, JWT, JavaScript, Jira, Lambda, Nginx, OpenTelemetry, OpenTofu, PHP, Packer, Python, Redis, SDKs, Terraform, Traefik, Vagrant, twelve-factor applications, agile, architecture, automation, code generation, containerization, coordination, debugging, disaster recovery, distributed, documentation, error budget, kanban, microservices, multi-platform, optimization, organization, performance, platforms, project management, refactoring, reliability, risk mitigation, roadmap management, scalability, scripting, scrum, security, stakeholder management, test-driven development, testing, troubleshooting, uptime, vendor management.

Education

Silicon Valley College (now Carrington College), San Jose, CA. Bachelor of Arts, Design and Visualization