Google Cloud Armor and DDoS team help protect Google's production infrastructure and your Google Cloud deployments from multiple types of threats, including distributed denial-of-service (DDoS) attacks and application attacks like cross-site scripting (XSS) and SQL injection (SQLi).

Highlights:

• Per-client rate limiting / throttling

• Machine learning-based Adaptive Protection

• Network-based threat intelligence

• Bot management with reCAPTCHA Enterprise

• WAF protection featuring preconfigured OWASP and custom rules

Our Project Shield is a free service that defends news, human rights, and elections-related sites from DDoS attacks. See https://projectshield.withgoogle.com for more information.

Our team in the news:

• https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps

• https://cloud.google.com/blog/products/identity-security/how-google-cloud-blocked-largest-layer-7-ddos-attack-at-46-million-rps

• https://www.kmu.gov.ua/en/news/mihajlo-fedorov-vruchiv-pershu-vidznaku-miru-kompaniyi-google

Engineering lead for software load-balancing / traffic management in Apple Pay. Engineering lead on HSE app migration from bare-metal to managed containers. Delivered several WWDC and launch tentpole features, including Apple Card, Identity, Transit, and Access verticals as Cloud Infrastructure DRI (lead)

Highlights:

• To modernize infrastructure and maximize capacity, lead internal cloud initiative using Nomad/Consul/Docker in all ApplePay owned datacenters/HSEs., built docker base and app image build pipelines, secrets management, deployment orchestration, and migrated workloads in first two datacenters. Achieved >300% increase in capacity, and deferred new HSE stand-up more than 2 years.

• Built side project into org-wide traffic strategy to replace Netscaler fleet with Envoy to addressin launch observability gaps, long/complicated deployments, and porous security policies. Encompassing web- and app-tier LBs, L4 and L7 egress proxies, and several worldwide production services in Go, including control plane, perimeter auth, identity, and security services for all traffic, API Services used by SRE org, and extensive telemetry. Provided foundation for 2021 tentpole features, reduced deployment times from hours to nominal, and drastically reduced MTTD and MTTR on application and infrastructure issues in all environments.

• Built out traffic infrastructure from part time resource to dedicated team, hired 1 manager, 3 FTE hires, and 10 dedicated contractors across three geo centers. Operate all traffic concerns related to WPC, from Envoy and Netscaler fleets to IP allocation, DNS, GSLB, WAF, and ACLs across HSEs in all global datacenters,

• As Cloud Engineering DRI, improved velocity across 400+ person WPC engineering org, lead programs for platform images, JDK11 upgrade, open-telemetry adoption, protobuf standardization, and started Technology Dependency Council. Saved $MMs in legal/licensing requirements and reduced new application onboarding from months to days.

Worked on, lead, and owned several large-scale production services within Apple Maps. Initially worked on real-time vehicle traffic data ingest and distribution. Engineering lead for tentpole initiative to build Vehicle ETA service, which ultimately provided foundation of Traffic team’s ML-based services. Built initial versions of several other Traffic projects, including Apple- owned Incidents service.

Highlights:

• To improve Maps customers’ service quality using Traffic Routing feature, built Traffic ETA Service, a high-volume very- low latency route evaluation service written in Java/Scala, and companion ML/data Spark model pipelines. Achieved ability to run extensive user experimentation and reduced customer latency worldwide from off-heap memory management for large runtime datasets on JVMs, ultimately improving ETA quality between 5% and 8%.

• Engineering DRI (lead) and/or product owner for several Maps projects, including traffic incidents, real-time location ingress, real-time traffic data infrastructure, and extensive work (including co-development) with Apple business partners in EU and China, resulting in successful product delivery (including Apple-owned Maps and indoor maps), global expansion to 42 countries, and service SLAs met/exceeded throughout my tenure.

• Now public! (as of 2024): built initial version of Apple's Offline Maps support.

Senior staff engineer with eBay/Paypal's Global Platform and Infrastructure group (GPI) based out of Paypal head office in San Jose. Engineering and design lead for software load-balancing in eBay and PayPal. Responsible for architecting and building eBay’s next generation of traffic-management, platform stack and perimeter services within the Global Platform and Infrastructure (GPI) division.

Our award winning team is responsible for next-generation PaaS, provisioning, deployment, and cloud engineering services for eBay Inc., Marketplaces, Paypal, and members of the extended eBay family, and are building out the next generation of cloud technologies for both companies going forward.

As engineering lead - software load balancing - I work with some of the best researchers and engineers from around the world to enable dynamic, scalable traffic management and engineering agility.

I built the Neutrino software load balancer (open-sourced 2016). It was fun but please use Envoy - it's great!!!

I'm a member of the eBay/Paypal Global Platform Framework Group at our main campus in San Jose.

My current focus is on large-scale asynchronous platform components using Scala, Akka, Spray, and ZeroMQ.

Our elite team is building out the next generation of eBay's global technology platform, including:

• Large-scale and distributed caching systems

• High performance configuration management

• Resource aggregation and optimization frameworks

• Adoption and operationalization of polyglot systems, most notably Node.js, Scala, Python, Go, and PHP.