Summary
20+ years in systems and infrastructure. Moves easily from packets and PCAPs through platforms and identity to carrier voice and Kubernetes—domains that rarely sit in one role. DIY by temperament: Verilog and FPGAs on one end, production clusters on the other. Identity, GitOps, observability, and AI-assisted workflows at depth—including when DNS, storage, and identity need to stay in the same pair of hands. Engineering leverage with Cursor and Claude-class workflows—skills, rules, MCP, and tight loops with Git and review—not a stand-in for judgment or ownership. Strong at bridging engineering and customers when problems are messy: pre- and post-sales, escalations, troubleshooting. Linux/FreeBSD since the 90s; IPv6 since 2007.
Career highlights
CircleCI — Staff Support Engineer: Staff escalations with Engineering; mentors teammates and improves triage (e.g., escalation severity). KB and OIDC documentation across Server, cloud identity, and registries; Kubernetes lab on CircleCI Server with deployment parity to customer on-prem for validation, reproduction, and air-gapped QA.
ThinkTel / Distributel: Rebuilt Zazeen IPTV end-to-end (encoding, delivery, DRM); Canada’s first certified Microsoft Teams Direct Routing solution; Think 365 SBC among the first three certified globally for Teams Direct Routing.
CTO, AirSurfer Wireless (WISP): end-to-end ownership of a multi-community rural Alberta fixed-wireless ISP—billing, mail, access, and edge network at real customer scale.
Professional Experience
-
CircleCI
Edmonton, AB (remote)
Staff Support Engineer — September 2024 – present
Runs a Kubernetes lab (KubeVirt, Longhorn, MetalLB) on CircleCI Server for validation, bug reproduction, and air-gapped QA on Server 4 topologies aligned with customer on-prem deployments (VM provisioning, S3, machine executor).
Keeps customer-facing guidance accurate: authors and maintains KB and self-serve content (config validation, migrations, air-gapped support-bundle/crew install, troubleshooting); aligns with Documentation and training stakeholders so external guidance matches product behavior in the field.
Tests and documents OIDC across CircleCI Server, AWS, Hashicorp Vault, Terraform Cloud, GCP Identity pool federation, and NPM registries; collaborates with Product and Engineering on integration behavior and support readiness for new and existing features.
Staff escalation path for Premium Support (Zendesk, PagerDuty): prioritizes near-breach and complex tickets, coordinates research and reproduction with Engineering on cross-service issues, and partners across CE, Product, Engineering, and SRE when incidents touch platform reliability; contributed to escalation severity matrix and broader triage/workflow thinking.
Mentors and pairs with support engineers on Server, Kubernetes, and identity; confirms defects with reproducible steps and collaborates with Engineering on fixes and backports.
DevOps Customer Engineer — January 2023 – January 2024
Customer Success consulting: delivered scoped and recurring engagements with Technical Success Managers to put CircleCI into production on circleci.com and in customer private clouds (Server), including custom integration and runner topologies.
Performed enterprise config and security reviews; led an internal config review workshop and defined a Confluence-based review format; guided server-to-cloud and Server 3→4 migrations; validated OIDC patterns (AWS, Vault, GCP Identity pool federation) for secrets and identity.
Assisted with Kubernetes-oriented private-cloud work—container runner installs, Server incident and support-bundle workflows—and hands-on troubleshooting across OIDC and platform integration.
Delivered and recommended in-depth technical training for customer teams; partnered with advanced and premium accounts on CI/CD efficiency and platform value; channeled customer needs to Product and Engineering as voice of the customer.
-
ThinkTel / Distributel
Edmonton, AB
Solutions Architect — April 2017 – December 2022
Rebuilt acquired Zazeen IPTV from the ground up: custom Dockerized FFmpeg transcoding pipeline and HLS packaging; migrated content acquisition (SRDU → TRDU); deployed Qumulo and Broadpeak for cloud nDVR; replaced middleware and DRM; rebuilt HTTP caching; hand-coded monitoring for live channel delivery. Sustained the rebuilt platform in production through Zazeen decommission (March 2025).
Integrated Open Source and custom components into a certified solution for delivering Canadian PSTN to Microsoft Teams Direct Routing
- Think 365 SBC listed among Microsoft Certified SBC Vendors; among the first three certified globally, alongside Audiocodes and Ribbons.
- First certified Teams Direct Routing solution in Canada.
Moved IPTV and platform delivery onto repeatable automation (Ansible, CircleCI, Docker, Kubernetes)—less one-off operations, faster iteration.
Manager, Systems Operations — January 2017 – May 2017
Led team responsible for systems peripheral to nationwide ISP operations (DNS, RADIUS, SQL, etc.).
Scaled internal SBC implementations from monolithic blade servers to multiple VMs and orchestrated containers; accelerated and standardized rollout of dedicated, geo-redundant SBCs via Docker container images.
Developed a "shim" SBC to front-end legacy PBXs and migrate thousands of lines to Metaswitch; protected end-of-life platforms from security vulnerabilities; dynamically routed clients line-by-line.
Operations Manager, Commercial Cloud Services — July 2015 – January 2017
Managed infrastructure for hosted Lync/Skype for Business and Office 365 Cloud Connector; oversaw development and deployment of custom SBC implementations for carrier-grade SIP.
Manager, Sales Engineering — January 2013 – July 2015
Expanded sales engineering beyond carrier SIP into hosted Lync, PBX, and dedicated SBC colocation; grew and mentored team of sales engineering SMEs.
Turned up cross-vendor IPSEC interop with customers to secure VoIP traffic before SIP TLS+SRTP was viable.
Coordinated turn-up of private VoIP paths over private networks, including Alberta SuperNet.
Team Lead, Sales Engineering — May 2011 – January 2013
Mentored junior sales engineers; coordinated technical escalations and complex SIP deployments for carrier accounts.
Sales Engineer — December 2010 – May 2011
Onboarded carrier-grade SIP customers; engineered end-to-end solutions; conquered interoperability and direct peering.
Conducted technical pre-sales; designed and validated SIP trunks, codecs, and peering for carrier and enterprise customers.
-
Generic dot Business Ltd. generic.business
Edmonton, AB
Owner — November 2016 – Present
Technology advisory and integration for small business. Personal liaison enabling adoption of tools and platforms (web development, VoIP, IP networking, Office 365, Linux/FreeBSD) while clients focus on their core business.
Multi-year embedded IT for a promotional marketing firm: greenfield Windows Small Business Server and desktop fleet from first hardware delivery; Asterisk-based VoIP through an office relocation; ongoing desktop operations; Microsoft 365 migration—single accountable relationship through the company’s eventual sale.
Boutique Edmonton real estate brokerage: custom workstation builds; pandemic-era network redesign and VPN for remote agents; backup and email modernization after taking technical ownership from a troubled outsourced arrangement; migrated line-of-business workloads from desktop sprawl to hosted infrastructure—with materially lower recurring IT spend.
Greenfield carrier network for Habu Wireless (habu.ca)—Habu’s rural Alberta fixed-wireless ISP arm: secured ARIN ASN and provider addressing, led technical engagement with Axia Supernet for backbone turn-up, and designed and deployed BGP peering, OSPF core topology, CGNAT, switching, routing, DHCP, and NAT as an end-to-end provider design.
Fixed-term engagement with a Nunavik regional ISP during a wide, multi-community edge migration: remotely redesigned and rebuilt MikroTik infrastructure—RouterOS upgrades and ground-up reprogramming—stabilizing dependable internet access for communities across the region.
Obtained and operate an independent ASN and IPv6 allocation, enabling direct BGP peering and full-stack network control outside traditional ISP constraints.
-
Tera-Byte Dot Com Inc.
Edmonton, AB
Software Developer / System Administrator — April 2008 – November 2010
Reduced WISP provisioning toil across vendors with automation scripts; migration of mail, databases, and financial data during network acquisitions; escalation point for internal tech and customer support.
Deployed and maintained monitoring, patching, and backup systems across acquired and legacy infrastructure.
Built provisioning abstractions for heterogeneous WISP gear; reduced rollout time for new sites and acquired networks.
Consolidated billing and customer data from acquired networks; maintained service continuity through cutovers.
Documented systems and handoff procedures for acquired infrastructure; reduced operational risk during integrations.
-
Triton Networking Solutions Ltd. / AirSurfer Wireless
Edmonton, AB
Chief Technology Officer — July 2002 – April 2008
Ran AirSurfer WISP at operating scale across many rural Alberta communities—small towns, industrial areas, and metro fringe outside the urban core (800+ locations, 1,500+ mail users across 50+ domains). Custom qmail MTA; MySQL/mod_perl billing and ticketing; Nagios/Cricket monitoring; DOCSIS network for 2,800 users; OpenLDAP; Asterisk PBX migration; HotSpot platform; Explorer Hotel (Yellowknife) network design.
Version-controlled qmail patch tree (CVS); integrated community and custom patches for feature-competitive mail hosting.
Wrote the full billing and ops stack: Perl/MySQL backend, customer web portal with real-time bandwidth monitoring, BSD-level traffic capture, and DOCSIS provisioning. One hand-rolled codebase tying billing, ticketing, and self-service together.
-
OA Group Inc.
Edmonton, AB
Retail Sales — January 2001 – July 2002
White-box PC retailer (OA Computers). Sold and spec'd custom systems and components, averaged ~$100K/month in parts and builds.
Designed desktop configurations to customer requirements; retail arm of OA Group's ISP and technical-products operation.
Expertise
Skills
Bottom-up understanding: from instruction encoding to protocol stacks. Digs through PCAPs with Wireshark and tshark; uses debuggers and tools such as objdump to inspect binaries; ARM/x86-64 ASM (ARM strongest; x86-64 enough to frame questions and chase answers). Comfortable reading disassembly, tracing memory layout, and debugging at the metal.
Full-stack fluency, from systems to application layer. Bridges networking, VoIP, and platform tooling.
Hands-on: validates in production-like lab environments; debugs in context, not just theory.
Carrier and WISP era: LDAP, Kerberos, and RADIUS AAA (including classic AD-style deployments) from AirSurfer, Tera-Byte, and nationwide ISP operations; broad VPN experience across generations—IPsec, SSL VPNs, WireGuard, OpenVPN, L2TP, GRE, DMVPN, and typical site-to-site and remote-access designs.
Identity and cluster security: Authentik IdP with OIDC and short-lived credentials; 1Password (since 2008) with the Kubernetes operator and
opCLI so secrets land in-cluster alongside GitOps; Calico CNI, adopting network policy toward microsegmentation of services.AI-assisted engineering: Cursor (skills, rules, MCP servers), Claude-class workflows; Ollama on a GPU host, OpenWebUI on Kubernetes, IaC, Ansible, Docker, and Kubernetes; GitOps with Flux CD and Terraform DNS—maintained with Cursor.
Edge stack and observability: Traefik ingress, cert-manager TLS, Prometheus/Grafana stack, Argo Rollouts; KubeVirt with CDI for VM image and disk import.
- AI / ML / LLM
- Ollama, OpenWebUI, Docker (GPU host); Cursor (skills, rules, MCP); Claude
- Architecture
- Computer architecture; ARM/x86-64 instruction encoding; memory (stack, heap, virtual); LLDB/GDB; disassembly; PCAP analysis (Wireshark, tshark); binary inspection (objdump, debuggers)
- DevOps
- Kubernetes, K3S, KubeVirt, CDI, Longhorn, SeaweedFS (S3-compatible), Docker, Podman, CircleCI, Terraform, Flux CD, AWS Route 53, Nomad, Ansible, WireGuard, Helm, Hashicorp Vault, EKS, MetalLB, Traefik, cert-manager, Prometheus, Grafana, Argo Rollouts
- Identity & security
- LDAP, Kerberos, RADIUS; Authentik IdP, OIDC, short-lived credentials; 1Password (since 2008), op CLI, 1Password Kubernetes operator; adopting Calico NetworkPolicy toward microsegmentation
- Languages
- Python, Go, Perl, PHP, C/C++, JavaScript, HTML/CSS, ASM (ARM, x86-64)
- Networking
- IPv6, BGP, OSPF, BIRD, Quagga, BIND, NGINX, Apache, MySQL, OpenLDAP, FreeRADIUS, Samba, Calico; VPNs (IPsec, SSL VPN, WireGuard, OpenVPN, L2TP, GRE, DMVPN, site-to-site and remote access)
- Platforms
- Linux, FreeBSD, Mac OS X, Windows, Cisco PIX/ASA, Junos, MikroTik
- VoIP
- SIP, RTP, Metaswitch, OpenSIPS, Asterisk, Microsoft Teams, Lync/SfB
Education & Training
- LFCE
- Linux Foundation Certified Engineer — The Linux Foundation · 2015
- IPv6 Silver (CNE6-1)
- IPv6 Forum Network Engineer — Nephos6 / GoGo6 · 2014
- Data Privacy, GDPR
- Information Security V2 — Professional Development · 2022
- SSCA
- Sip School Certified Associate — The SIP School · 2012
- MCITP Lync
- Lync Server 2010 Administrator — Global Knowledge · 2012
- IPv6 Sage
- IPv6 Certification — Hurricane Electric · 2009
References
References available upon request.