top of page
Laptop

HELLO! I’M GRAHAM WELLS

Home: Welcome

EXPERIENCE

Work History

SR. SITE RELIABILITY ENGINEER, IDENTITY PLATFORM

COINBASE, INC.

March 2022 - January 2023

  • Led effort for U2F deprecation in Duo and adoption of WebAuthn across all MFA integrations

  • Owned functional relationship of Workday to Okta integration for user sourcing

  • Enabled greater observability in Slack for “interesting” Okta security events

  • Designed PoC offboarding framework for greater account and licensing hygiene and maintenance; partnered with stakeholders to identify top areas for automation and streamlining

SYSTEMS ENGINEER III (IT)
THE ROCKET SCIENCE GROUP, INC.

(MAILCHIMP)

November 2016 - February 2022

  • Moved entire “on-prem” Jamf Pro stack (MySQL, Tomcat) to Google Cloud Platform (GCP); utilized instance groups, load balancers with health check for fault tolerance and self-healing

  • Deployed Hashicorp Vault instance to GCP for CrashPlan key storage/retrieval

  • Carried out deployment of Okta and Slack to all users; utilized public APIs for data true-up and naming standards

  • Led technical effort for HR-as-a-source for account provisioning in Okta

  • Created full Zero Touch workflow for new laptop provisioning for new hires and existing employee refreshes

  • Authored Golang app to parse AV logs to check files against VirusTotal API to reduce false positives; also, tabulate incidence rate of each file, device containing the file, etc. to mimic Carbon Black-style file reporting

  • See Projects below for more accomplishments

SR. SYSTEMS ENGINEER

THE HOME DEPOT, INC.

February 2016 - November 2016

  • Engineered top-to-bottom path for migrating over 1000 Macs to Jamf Pro from Airwatch using Bash

  • Created and designed self-guided build process for all new Macs, integrating software installs and AD certificate installs for 802.1x and NAC; significantly reduced time to customer delivery for newly purchased Macs

  • Partnered with Infrastructure team for complete JSS build out for four physical sites plus DMZ presence

  • Built-out Mac Mini caching servers to better service Apple Software Updates from local resources

DESKTOP ARCHITECT 


THOMPSON TECHNOLOGIES STAFFING

(ASSIGNED TO CHICK-FIL-A, INC.)

July 2013 - February 2016

  • Designed and provisioned additional development Bit9 Application Whitelisting environment

  • Increased security update compliance from less than 50% to over 85% for all corporate Macs using Jamf Pro

  • Created and implemented plan for moving JSS to hosted Windows VM from consumer-grade Mac server

  • Successfully audited data backups across restaurant back-office PCs to ensure franchisee/operator data integrity

  • Proposed and updated build process for all newly deployed Macs

SR. SYSTEMS ADMINISTRATOR


CLICKSQUARED, INC.

June 2012 - July 2013

  • Built out Adaxes AD Management solution (PoC) to delegate Tier I tasks without elevating AD privileges

  • Reduced overall documentation requirements for change management while enhancing compliance and logging

  • Replaced and repaired hardware at remote and on-site data center

  • Created PowerShell solution for bulk client-specific group creation across multiple AD forests and OU structures

  • Pioneered on-call After Action requirement for future issue mitigation and ongoing problem tracking

SYSTEMS ADMINISTRATOR


ENDGAME SYSTEMS, INC.

August 2011 - April 2012

  • Deployed/supported all new laptops (Linux/Windows/Mac) for growing workforce with diverse requirements

  • Integrated scripted solution for consolidated account and email creation

  • Implemented institutionally managed decryption key for facilitated data recovery for employee workstations

  • Fully installed and configured test Exchange and Active Directory infrastructure for application developers

  • Handled all other company IT needs, including phone/PBX, VPN, wireless, networking, mobile devices, etc. as part of a three-person team

VARIOUS


EMORY UNIVERSITY

  • Enterprise Messaging Administrator

  • Computing Specialist

  • This was a long time ago

June 2007 - August 2011

Home: Experience

BIO

"Elevator Pitch"

As a born-and-raised Apple fanboy, I have been continuously driven to make Macs a first-class citizen in the modern workplace. As companies grow and scale, my particular area of expertise revolves around tying multiple cloud environments together and marrying information across all platforms, from workstation to cloud identity.

I enjoy a "show your work" approach where I can showcase how I got to a particular result and teach/mentor more junior members to learn how to do the same. There are no tightly held secrets in my professional world, and I can't wait to share my Legos with anyone who wants to build.

Home: About Me

ACADEMICS

Learning and Living

August 2002 - May 2007

BS CHEMISTRY

BA MUSIC

EMORY UNIVERSITY

Including study abroad - University of Lancaster, UK (Fall 2004)

May 2017

CASPER CERTIFIED EXPERT - CCE

JAMF SOFTWARE

Completion of the in-person training course which is equivalent to Jamf 400 today.

Home: Education

SKILLS

Professional Competencies

CLOUD IDENTITY / IAM

Okta + Workflows

All things related to Okta identity and management and Okta Workflows

CLOUD PROVIDERS

Google Cloud Platform
AWS
Azure

Primarily compute-related services as part of self-hosted Jamf Pro stack

DESKTOP OS

macOS
Windows

Primary area of expertise is macOS and Mac management, including workstation provisioning and zero-touch deployment.

SCRIPTING

Bash/shell
PowerShell
Python

Bash used primarily for file/text manipulation on macOS endpoints or ad hoc API calls from a local data source.

PowerShell used almost exclusively for Windows and Windows server management (AD, DHCP, etc.).

Python used extensively for data parsing and normalizing, retrieval, and larger workflows/tasks requiring API calls.

NETWORKING

Office Networking
Subnets
VLANs
DHCP

I have an excellent grasp of office networking concepts, but you probably want to have a different network admin than me.

CONTENT MANAGEMENT

Jamf Pro (MDM)

Years of experience as a Jamf Pro subject matter expert. I can spin up a fully functioning instance from scratch and do just about anything that is supported via the Jamf Pro API to manage your Mac/iOS fleet.

DIRECTORY SERVICES

Active Directory (AD)
LDAP

Primarily in use in Windows environments, I know enough to get things done with AD but do not do much in my day-to-day.

WEB SERVICES

Apache Tomcat
IIS

Extensive experience tweaking and troubleshooting Tomcat as part of a Jamf Pro service offering (on Linux); familiar with IIS and standing up services, but not used much in my current role.

Home: Skills

PROJECT SHOWCASE

Home: Projects
Data Cloud

JAMF PRO IN GOOGLE CLOUD

Fault tolerance 

Instance groups for scaling up/self-healing (via healthcheck, load balancing, etc.)

Image-free build process

Ephemeral nodes that build from “vanilla” Linux images using a fine-tuned configuration startup script, including secrets stored in Google Secret Manager

Highly Available Fileshare 

Cloud fileshare in AWS using CloudFront


Logging/Monitoring

Jamf Pro and Tomcat logs shipped to Google Pub/Sub for ingestion into on-prem ELK stack


Security

Use Google Cloud SQL Proxy for management of secure channel and key rotation


Scalability

Reduced product upgrade runbook to eight gcloud commands for scaling down, backing up database, updating installer in cloud storage, and rebuilding the member nodes

LET’S CONNECT

Thanks for submitting!

Home: Contact

©2021 by Graham Wells. Proudly created with Wix.com

bottom of page