Afan Ottenheimer, Enterprise IT Architect, SecDevOps Consultant & DBA
Enterprise IT Architect and SecDevOps Integration specialist with with 29 years of experience being on the cutting edge of technology. Managing challenging and fast-paced projects for large enterprise and mid-tier companies. Outstanding project planning, execution, monitoring and resource balancing skills with ability to take the reins of emerging and complex technology to deliver elegant solutions.
Seasoned professional project manager and educator. Effective at training, motivating and mentoring managers, engineers, developers and technical staff. Adept at bridging the business and technical communications of stakeholders across the enterprise to achieve a successful outcome.
Selected Portfolio by Date
Ottenheimers Inc. 2012-current:
Currently leading the company focusing on long-term, complex projects for enterprise-scale customers needing to implement or upgrade business-critical systems. Some select projects include:
- 2023: Quickbooks Online, Legacy Commerce Site, and Google Suite integration: Client with a legacy commerce application wanted to have automated integration with both Quickbooks Online as well as the Google Suite (forms/sheets/docs). Setup reports/exports in Legacy system, in Quickbooks reports and wrote scripts in Google forms to allow integration across all systems.
- 2021: Enterprise Salesforce CRM Migration/Integration: Client with Legacy .ASP system and a Drupal Commerce front end wanted to migrate the legacy .asp system to Salesforce. Created API for repeated legacy export of data to Salesforce for Sandbox -> Prod testing. Customer wanted to ensure business continuity, so created dual Salesforce->Commerce and Legacy->Commerce feeds which allowed both Legacy and Salesforce to run at the same time for a full QC/QA testing rollout. Built Drupal Commerce API to send sales data to Salesforce and send SOQL commands to Salesforce to bypass Salesforce's limitation of number of records using the standard Salesforce data export. Created reports in Drupal Commerce to allow customers large employee base to allow the employees to access reports without having to also create Salesforce paid accounts.
- 2020: Enterprise Migration: Client with multiple disparate legacy solutions for sales, customer management (CRM), financial records, etc, (ColdFusion, PHP, Microsoft SQL, MySQL, etc), wanted to consolidate to new, fully-integrated system. Helped investigate, evaluate, and negotiate multiple vendor solutions. Presented recommendations with technical, business-continuity, and financial impacts to the board of directors. Led the data migration process which included exports from legacy vendors (including native SQL exports) cleaning, deduplicating and pre-processing for new vendor’s system. New infrastructure included virtualization (VM) of financial systems with binary-safe (rsync) backups, web-accessible archival of full legacy system, a new cloud-based, DEV→ PROD integrated software solution with SAML federation, and PCI certification.
- 2019: Enterprise Scaling and Security: Client had an Nginx/Symfony/MySQL/Memcached/ELK system for “Loyalty Card” application stuck in pre-launch stage because existing staff/vendors couldn’t solve an issue where the system load skyrocketed with more than 0.05% of real-time users per instance. Requirement was for “over 100,000 real-time users” (full userbase not disclosed). Identification of the root cause required a full stack analysis from code to application layer to multiple caching systems. Identified both root cause (caching configurations) and also identified critical PRI security issues. Created working solution on client’s DEV environment. Created instructions for client’s QA/QC/IT teams for DEV→TEST→ PROD → successful launch, without seeing past the DEV environment. Answered questions that IT team passed forward from 3rd party PCI/security audits. Trained staff on updates needed to adhere to best practices for long term maintenance.
- 2017: Migration from physical to Virtual Machine infrastructure: Client had legacy, physical Microsoft Windows Servers that were hosted on the Godaddy rackspace platform and had hardware/software issues where the system was failing and needing replacement. Godaddy recommended replacement but due to the age of the system, Godaddy had no supported migration path. Upgrade needed to be done with a process that preserved existing business-critical applications and could roll-forward any inbound transactions from other servers so no data was lost. Led team that migrated data and code to new versions of a fully virtualized environment with DEV/TEST/PROD VM infrastructure, VM networks, and VM firewalls; created git repository and repository structure for DEV/TEST/PROD revision control. Virtualized system significantly reduced hosting costs with 78% reduction in monthly fees, eliminated hardware/software outages, and maintained a 99.999% uptime. (Window SQL Server, Windows Server, git, qemu/KVM, virtualized pfsense, powershell)
- 2016: Infrastructure as a Service (IAAS) and Application Architecture: Client requested upgrade of a legacy system for an organization that engages potential voters in U.S. elections across dozens of campaigns. Migrated to a full virtualized IAAS microservices architecture with virtual firewalls, virtual LANs, and virtual DEV/TEST/PROD servers. Negotiated contract for service, did load testing to predict needed allocation of resources, and led team for a successful roll-out, and hosted solution. (Apache, PHP, MariaDB, gitolite HaProxy, qemu/KVM, virtualized pfsense).
- 2015: Pen Testing and Application Architecture: Asked to do a blind attack on a custom system as part of a company’s compliance requirements for leasing usage of the system to enterprise customers. No information given prior to attack other than access to a copy of the production system. Successfully breached system and then provided detailed report on all software vulnerabilities found. (RedHat, PHP, Java, bash, MySQL, tcpdump)
2012-current: Security forensics, Hardening, Integration, Application Architecture: Client had security concerns regarding a custom Windows .NET application that was an online store, a CRM system, an enterprise shipping/printing management system, and an employee management system. Identified key issues, stopped ongoing attacks, assisted with reports to legal teams/law enforcement. Worked with legacy system code/server and client’s IT team to identify weaknesses in system to stop ongoing attacks. Led teams in multi-year process to modularize and replace legacy infrastructure without impacting business continuity. Upgrades included: PCI compliance, revision-control systems, virtualization of servers, firewalls, and networks with a full DEV(N)-TEST-PROD architecture, and seamless integration with hubspot (a 3rd party marketing program). Was then asked to take over lead for client’s mobile project. Upgrades include: re-coded project, automated integration of mobile application into sales portal via SAML. (Drupal 7, Windows Server, .NET, MariaDB, HaProxy, SAML, MicrosoftSQL, qemu/KVM, gitolite, Javascript, Python, MongoDB)
Learning Tree International: Consultant/Instructor 2000 to 2006 and 2023-Current:
- Instructor for courses on emerging, enterprise-grade, technologies: Linux, LAMP, Apache, PHP, databases ( e.g MySQL), DEVOPS, etc. Consistently rated as a top instructor.
- Built custom courses and taught courses for government and enterprise-scale clients with on-site training. Examples of custom content include Perl, Drupal, PHP, Linux/Network Security, and PGP Encryption.
TrafficCast: Director of IT, Enterprise Architect/DBA. 2007-2012:
Hired as an IT Architect to help company go through round B financing, save an existing stalled customer project, and re-architect entire IT infrastructure. Eventually asked to be Director of all IT and Software departments. Some accomplishments below:
- 2011: Project Lead, Enterprise Architecture: Designed system and led team in Sprint process to build a functioning demo for GM showing a real-time, in-vehicle, voice-activated application integrating voice (VXML), traffic via a mobile application . Based on successful demo, led a Stage-two multi-million dollar project required integrating software teams, DB teams, security teams, testing groups, business groups, in-vehicle software teams, marketing groups, design teams, and operations teams across 5+ companies. Required implementing API services that handled communication between many proprietary systems for a web-application environment capable of handling millions of users. Final solution integrated SAML 2.0 (shibboleth), Drupal-6 (authenticated via SAML2), Java, XML-RPC (for Java integration), Oracle, MySQL replication, MySQL encryption at rest, real-time failover, Geocoding, and REST (for 3rd party voice & hardware integration).
- 2010: Project Lead, Enterprise Architecture: Investigated technologies and led team in Sprint process to build Drupal based system to sell access to DOT customers for displaying real-time traffic from roadside Bluetooth sensors. Led team that built a system used to manage the deployment, monitoring, reporting, calculations, and real-time displaying of data from RTOS roadside sensors. Led team to optimize algorithms, add MySQL replication and setup a microservices architecture to scale system that easily supported absorbing 1 million probe points per day. Helped to secure patent for system and listed as inventor.
- 2009: Network/Server Architecture: Re-built hosted environment to support Virtual Machines and real-time failover with 2N redundancy in network and servers. Investigated multiple vendors for new hosting facilities and negotiated contracts.
- Migration resulted in lowered IT expenses of over 30%, while adding full redundancy and doubling network capacity.
- 2008: SQL renormalization, optimization: Identified multiple issues (Oracle SQL query optimization, DB re-normalization, code flow, memory management, etc.) with existing legacy systems. Overhaul changed system loads (uptime) from 150% to 1% without needing to purchase additional hardware/memory. Solved multiple issues with existing legacy Java systems preventing scalability of processing GPS probe points. Overhauled framework and DB system with multi-master replication allowing easily processing 500,000,000 GPS probe points per day. Led the software team in migrating from Oracle to MySQL.
- 2007: IT Operations, Health Monitoring: Introduced and implemented automated monitoring, reports and alerts of all servers, applications and systems. Was a key deliverable helping to win TomTom and GM bids which required reporting and 99.999% Service Level Agreements. Was key in discussions with Google and helped with diagnosis of Tier 1 issues in network routing. Built out of open-source systems (Nagios/Cacti/Puppet).
2007: Security/Network Architecture: Upgraded from unmanaged to managed network, implemented VPN allowing remote access. Deployed office-wide, anti-virus management system. Deployed intrusion detections systems on edge firewalls with automated anomaly reporting.
University of Wisconsin Medical Foundation: Programmer/Sysadmin. 2006 to 2007:
Hired by the UWMF to be one of the three programmers responsible for rollout/customization of new EPIC software, interfacing to a Peoplesoft system, and replacement/maintenance of legacy IDX system using M/Caché/SQL. Some interesting projects include:
- Automated an EPIC rollout process that was taking 15 hours per system. Freed up staff which previously had to sit and click “next” and help the project take days instead of weeks of rollout time. Turned over system to EPIC for their future usage.
- Wrote migration scripts to import patient data from old IDX system into new EPIC system when EPIC ran into difficulties.
- Programmed EPIC software to automate and customize financial reports, and collections processes.
- Replaced legacy task/ticketing system with login tied to corporate AD/LDAP using Drupal-5.
- Introduced migration of non-relational Intersystems Caché to SQL DB for complex reports. Reports took minutes to script and run instead of hours.
Built web front end for Peoplesoft/Oracle system allowing management of parking permissions. Set up server and system + Oracle integration libraries.
Ottenheimers Inc: Founder and CEO. 1994 to 2006:
Founded a web-marketing, programming and security consulting company with hundreds of customers. Introduced e-commerce and credit card processing at the onset of the SSL technologies. Helped to develop dozens of disruptive open source products, practices and frameworks that became the new and current standards. Some select projects include:
- Project Mangement, IT Architecture, DBA (2004): Large, complex, social-media, householding, web-application for elections
Created bid, closed contract, set up deliverables and timeline. Lead developer and DBA. Managed a team that was able to meet an incredible two-week deadline for basic functionality (a process Google Ventures calls “the Sprint”) and three week deadline for production. Led database re-optimization/normalization to be able to process system capable of handling 200 million entries with a user base in the tens of thousands. Organization reported it was the most effective tool used to date. - Integration specialist, DBA and SE lead (2001): Sport Recruiting Management System: Designed and led building of web service for company which resold application to colleges across the country for NCAA compliance. System was designed to integrate seamlessly and securely into colleges' student databases and allow coaches and recruiters to adhere to strict recruiting and reporting requirements. Negotiated contracts with rack space providers, set up system and managed the staff who designed and programmed the system.
- DB and SE Architect (1999): Web-based, billing, accounting, and facility management system for condominium association management group.
Created bid, deliverables, and timeline for third party as sub-contracting-company. Was the lead DBA, the lead programmer, and was the project manager, working closely with client to meet complex goals set by outside designers, the compliance group, and the finance group. Trained the client’s designer on web-based HTML and design criteria. Learned accrual-based accounting and accounting methodology/terminology for successful client-programming team discussions. DB and SE Architect (1998): Created and hosted a multi-year multi-hospital orthopaedic study for meaningful statistics on tibial-plafond fractures. The application integrated, patient records from 6 Hospitals (Univ. of Iowa, Univ. of New Mexico, Univ. of Virginia, Wake Medical Center, Univ. of Tennessee - Knoxville, OHSU). Converted all relevant medical forms (SF36, MFA, SMFA, Pain Scale, Xray data, etc.) to HTML or PDF and set up program to color-code patient results by hospital, by forms completion, and to indicate if follow up visits/forms were done at the proper times.
Researched tibial plafond fracture variants in order to create the medical-statistical analysis package allowing the research staff to do the data analysis within the application.
Emerging technology PHP (v2) did not have a suitable graphics utility for making charts. Created and released PHPLOT which became the 6th most popular opensource software download in the world.
Set up secure system that de-identified patients before HIPAA standards were enacted.
Clients were elated with results and client used the successful first year as the basis for winning a 5-year, multi-million dollar research grant. Managed numerous upgrades over 6 years across numerous OS upgrades, numerous DB migrations, and PHP software version upgrades.
- DB and SE Architect: (1996) Distributed, web-based billing/accounting system and patient management software for associated network of doctors across Iowa. One of the first web-based professional accounting and electronic medical billing/records (EMR) systems ever created. Allowed doctors to securely record records and managed insurance payments by only allowing specific coding by patient interaction. Software automatically created PDFs reports in formats required by the State’s regulatory agencies, automating staff reports. Managed system for over 4 years over numerous OS upgrades, DB migrations, and core software updates/upgrades.
- DB and LAMP Architect: (1996) Web-based Orthopaedic patient/schedule management system. Allowed orthopaedic physicians to track patient statistics, CMEs, meetings, and allowed staff to provide physicians with needed documents as they traveled to worldwide conferences.
Created bid, deliverables, and timeline for third party as sub-contractor. Lead DBA, hired additional programming staff for project, trained them in web-database programming, and managed project from inception to completion. Project was found to be so popular that many other physicians in the office requested the same service.
U of Iowa: Graduate Research Assistant, Department of Physics and Astronomy. 1993 to 1995
- Responsible for various Solaris/SunOS servers, networks and clusters used by research team and other groups.
- Introduced “the web” to University of Iowa. On the leading edge of creating some of the first websites worldwide (NCAA server)
- Set up 32 node computational cluster using astronomy lab workstations. Used networked cluster for parallel dust-in-plasma computational simulations so that thesis computational simulations took days instead of months.
Technologies
Fluent Languages
| PHP, Python, Perl, Perl DBI/DBD, msql-perl, C, SQL, SOSQL, UNIX Shell (awk, sed, sh, bash, ksh, csh), FORTRAN, FoxPro, Paradox, Cisco IRP, iptables/ipchains |
Semi-Fluent Languages | R, Java, Ruby, C#, C++, Visual Basic, COBOL, SASGraph |
Operating Systems | Linux, Solaris, BSD, SunOS, IRIX, HPUX, Microsoft Server, Cisco IOS, Flowpoint OS |
Software | HAproxy, MariaDB, MySQL, Oracle, Microsoft SQL, SAMBA, Apache, Apache-mod_ssl,, Zimbra, Postfix, Sendmail, DNS/BIND, Hylafax, Drupal Commerce, git, svn, rsync, |
Other | Database Programming, Application Service Programming, Internet Firewalls and Security, Server Performance Tuning, Server load distribution, LAN and WAN networking, TCP/IP, HTML, XML, JSON, REST, SOAP, Sprints, Management of Design Teams |
Education
- Masters with Thesis (Computational Analysis of Dust in Plasmas), Theoretical Plasma Physics, University of Iowa, 1995
- Passed PhD Comprehensive Exam, University of Iowa, 1994
- B.A. Physics / High Honors and Thesis (Pulsar DMs using Millisecond Dual-frequency Oberservations at Arecibo Radio Telescope), Oberlin College, Oberlin, OH, 1992
Endorsements
"Afan is one of the most intelligent and honest people I know. He is always learning and pushing the edge of technology and business models. He is an incredibly hard worker, and is a great father as well. He lives and breaths database technology, security technology, and the Internet. I depend on Afan for all of my Internet related questions and issues." - Mike Bennett
"Afan has not only a great technical mind, but he balances the techological with a strong business acumen. His ongoing contribution to my business is incalculable" Mike Karr
"Afan is a very creative and energetic problem solver. He identifies high-value ideas that are focused and practical and he is able to quickly deliver solutions. He's a great asset to any dynamic, fast-growing organization. He's intelligent, wonderfully warm in spirit, & honest. He is a well-respected instructor, always willing to share his energy and ideas." Davi Ottenheimer
Certifications
DevOps Foundation® Certification | |
SecDevOps Foundation® Certification | |
* | CAE - Certified Apache Educator |
* | CMPE - Certified MySQL/PHP Educator |
* | HPPEC - Human Participation Protection Education Certified (via NIH) |
* | HPPEC - Human Participation Protection Education Certified (via NIH) |
* | CMLA - Certified Master Linux Administrator |