Mathew Fleisch

San Francisco · (415) 497-9412 · · resume.pdf

My name is Mathew Fleisch, I am a Full Stack Senior DevOps Engineer from San Francisco and I love working on new projects and features. Often times, this means fixing and retrofitting existing products first. Every development team I have worked for, from non-profits to Apple, have all had a finite amount of resources, whether that is infrastructure or developer time. Throughout my career, I have lived by Larry Wall's philosophy and will automate as much as possible, adopting DevOps principles before there was such a title/role. I will try to automate any task, if myself, or another coworker must repeat that task more than once. If a task requires human input, I will create a tool or UI that can allow someone closer to the data, to maintain it. This philosophy frees up developer time and reduces the amount of communication necessary to complete common tasks within the organization. I am also a firm believer that building stable CI/CD pipelines increases developer velocity and coupled with adequate testing coverage, can increase confidence in secure, scalable production code.


Senior DevOps Infrastructure Engineer

Sysdig · Feb 2020 - Present
I work on developer tools in the infrastructure team at Sysdig, to increase developer velocity. I like to focus on pipelines, automation and integrating tools into chatOps. Recently, I have been working on creating on-demand cloud environments.

Senior DevOps Infrastructure Engineer

Eaze · August 2019 - Jan 2020
While on the infrastructure team, we built reusable terraform to replace the legacy, snowflake dev/stage/prod environments. This allowed us to create on-demand environments for the developers to have their own personal sandboxes. These on-demand environments are decorated with tools and tests, to simulate load conditions, and have the controls/levers that operations staff would use in production. Developers are able to provision, destroy, and deploy branches, to their own environments, using the chatops bot I wrote (read more about BashBot). The bot triggers a circleci job, that builds the infrastructure via terraform in about an hour. Before I left, I was in the process of training my team to port the exiting codedeploy/ec2 portion of our pipeline, to kubernetes/helm.

DevOps Infrastructure Engineer

Eaze · November 2018 - August 2019

I had been writing tools for other engineers, while on the back-end team at Eaze, and made the transition to the infrastructure team in November of 2018. In that time I have developed many tools for the engineering department. Focusing on CI/CD pipelines, load testing, and personal development environments, as well as immersing myself into the AWS ecosystem. The technologies I have been using on this team: bash, awscli, boto3, python, javascript, chef, github-actions, circleci, buildkite, artifactory, ec2, elb/alb, s3, ecs, codedeploy, cloudwatch, cloudformation, terraform, vault, consul, helm and kubernetes.

Back-End Services Developer

Eaze · March 2018 - November 2018

Working for a start-up means constantly adapting to shifting requirements while making forward progress. In the back-end services team, I have been able to create tools to automate business tasks and help to retrofit a young application to scale efficiently.

Full Stack Developer

Apple (marketing) · May 2017 - March 2018

I was hired to work in the marketing department to maintain a sunsetting web application that was being rebuilt by another team. I made modifications to make the application more stable, secure and added logging for debugging purposes. I also expanded my role to help maintain an internal content management system.

Javascript Developer

Hitachi America · February 2017 - May 2017

I was hired for a short contract to work on an IoT analytics platform, using Javascript, NodeJS and Node Red. I wrote a user-interface in NodeJS to integrate an internal tool with Node Red to allow analytics information to be displayed about sensors and device status.

Full Stack Developer

Apple (finance) · September 2015 - October 2016

The Global Finance department at Apple created and maintained internal websites, to help facilitate secure communication and document sharing. The small team of developers primarily used LAMP Stack CodeIgniter, with some NodeJS/Grunt/Gulp/Sass optimization, for most projects, and Drupal CMS for others. Apart from other responsibilities, I wrote parallelized scripts to recover lost data for another team.

Back-End Developer

United Business Media (UBM) · November 2011 - 2015

UBM is a parent company of many conferences like Black Hat and The Game Developer's Conference. While at UBM, I developed an application to allow conference attendees to view the speaker schedule and save a personal itinerary. The Schedule Builder application is still being used by many conferences at UBM.

Staff Programmer

The Buck Institute for Research on Aging · June 2009 - 2012

Working with bioinformaticians gave me exposure to big data, automation pipelines and creating user interfaces that are easy to understand. I created web interfaces to enter large lists of genes, and various reports are displayed, based on research done at the Buck Institute.


Tools / Technologies
  • AWS (ec2, elb, asg, iam, s3,
    ecs, rds, elasticache, route53)
  • docker
  • kubernetes
  • helm
  • circleci
  • buildkite
  • codedeploy
  • chef
  • jenkins
Programming Languages
  • bash
  • python
  • golang
  • javascript
  • php
  • perl
  • html
  • css
Databases / Caches
  • Postgres
  • MySql
  • MsSql
  • NoSql
  • SQLite
  • Redis
  • memcache

Open-Source Examples

  • BashBot (GoLang) · source
    BashBot uses a json configuration file to define custom commands. Written in golang, it uses slack's real-time-messaging api to parse each message via regular expression. If a command is detected and matched to an entry in the configuration file, bash commands are executed pertaining to that entry. Sensitive commands are restricted to private channels, within the configuration file, and members of that private channel can activate that restricted command. This allows my team to quickly port bash/python scripts/tools that we build for the organization into slack commands, and use slack private channels to restrict access to only members. A particularly useful command was set up to quickly and securely activate maintenance mode, when necessary. `bashbot maintenance up` and `bashbot maintenance down` Typing these keywords into the right private channel triggers the awscli commands to redirect traffic via cloudfront to a maintenance page.

  • Timelapse Pipeline (Bash) · source
    This idea came from a hackathon project I started at Eaze with a Raspberry Pi+camera. The SF Eaze office currently looks over the ferry terminal, on the Embarcadero and I thought the fog and boats would be cool to see as a time lapse. Images are captured at 1fps and stored in an s3 bucket, using the date/timestamp as the filename. A processing pipeline pulls the images down in a circleci container, runs ffmpeg to make a video, and then speeds it up to match a random mp3.YouTube Channel

  • Tetris (python) · source · mp4
    One of the unique aspects of the DEF CON conference is third-party badges that are essentially circuit boards with LEDs and screens on them. One badge has an LED matrix and an accelerometer sensor. I used the on-board interface via a serial connection to port the game Tetris to that platform in Python. This video shows Tetris in action.

  • Hak5's BashBunny Payloads (bash) · GitBunnyGit source · TwoStageMac source
    A video podcast I've subscribed to for over ten years also sells penetration testing equipment through their website. One of their products, BashBunny, combines a keyboard simulator with an arm chip running linux via USB. This allows penetration testers to script the kind of intrusion and/or exfiltration attacks, with physical access to a target computer. I have written two payloads for this device: GitBunnyGit and TwoStageMac. GitBunnyGit streamlines the process of installing and updating all other open-source payloads, by running git commands directly on the device. The TwoStageMac payload utilizes the BashBunny's ability to copy files to the target computer to run a malicious script. The sample second stage payload does some basic profiling and is intended to be swapped out for the penetration tester's own second stage.

Programming Challenges
  • html crawler -> api -> ui (javascript) · source · demo
    This project was sparked by attending DEF CON and not liking the given interface for the conference schedule. I wrote this tool to scrape the conference website for data, and then display that data in a more effecient way.

  • NPM Top X Package Downloader (javascript) · source
    This programming challenge was to scrape a website, and download packages based on data, found on the pages.

  • Secure URL Shortener (php) · source
    This programming challenge was to create a link shortener, like The added hurdle was to pass links through the api. It comes with a vagrant environment, and runs apache workbench load tests.

  • Morse Code Game (arduino/c) · source
    This program uses Sparkfun's ProtoSnap board or other Arduino board with a button, buzzer, and rgb led attached to the specified pins. The concept of the program is to input morse code via a button, have a function encode, then decode a sequence of 1-5 button presses into an english character. The letter is then printed to the serial monitor and a green light blips, if a character is correctly identified; a red light blips and an error is printed to the serial monitor, if no match was found. To make game around only using the board, a user can spell "hello world" and a different tone will play, as well as a chromatic- like tone-blips as each letter is spelled correctly. If the user spells the target word (target because you the programmer, can change "hello world" to any other string of chars) incorrectly, they have to start at the beginning of the game, with the first letter.


When I am not messing with computers in some way, I like to play music, read sci-fi/fantasy, travel and eat great food.

Music: I grew up playing music and have played in performing bands most of my life. Most recently I played piano and saxophone in the skunk pop band Our Vinyl Vows

Science Fiction/Fantasy: My favorite Authors are Robert Jordan, Brandon Sanderson, John Scalzi, Orson Scott Card, Daniel Suarez, James S.A. Corey, and Neal Stephenson. GoodReads Profile

Travel: I have visited half of the united states and went on safari in Tanzania with my wife.

Food: Whether we are in town or abroad, my wife and I love to eat delicious food. We will go to restaurants or cook various dishes inspired from our families and our travels.