Infrastructure

This project focused on closing gaps in the company’s Payment Card Industry (PCI) compliance before a scheduled audit for a telephony-based product where customers can configure sending entered digits to a third-party payment processor. I led the architectural design and rollout of security enhancements across voice and contact-center systems—implementing robust encryption, stronger access controls, and network segmentation. By isolating voice traffic behind proxy servers and deploying dedicated management systems in a segmented PCI environment, the team remediated all critical findings ahead of schedule. The resulting audit produced zero major findings and ensured that sensitive client data is handled securely. Key contributions Designed the Active Directory structure for the project. Architected outgoing HTTPS traffic flow to be limited and compliant with PCI requirements. Led the implementation of network segmentation and proxy servers to isolate sensitive traffic. Developed and enforced access control policies, including 2FA and restricted access to the PCI environment. Coordinated with application teams to ensure full-path encryption (TLS, SRTP, Secure-SIP) for all relevant communications. Established procedures for secure OS and application updates within the restricted environment. Collaborated with the Security Team and external auditors to validate all remediation measures and achieve PCI-DSS compliance. Highlights All requirements were aligned with Protecting Telephone-Based Payment Card Data v3.0 by the PCI Security Standards Council. Ensured every possible call path between caller and payment processor was fully compliant, eliminating any non-compliant routes. Built an isolated environment with strict access controls, including enforced 2FA and least-privilege principles. Developed a secure and auditable process for OS and application updates, accommodating PCI restrictions and minimizing downtime. Achieved zero major findings in the PCI-DSS audit, demonstrating the effectiveness of the remediation approach. Implementation Conducted a comprehensive design and architecture phase, mapping all data flows and identifying compliance gaps. Built a pre-production environment that mirrored production, enabling thorough validation of TLS, SRTP, and Secure-SIP across all applications and integrations. Deployed a fully isolated production environment with enforced 2FA, implemented the validated design, and integrated with common infrastructure while maintaining PCI boundaries. Established continuous monitoring and alerting for compliance-related events and access attempts. Coordinated with the Security Team and auditors to review, test, and approve all remediation steps, ensuring readiness for the PCI-DSS audit.

When the COVID-19 pandemic triggered an unprecedented shift to remote work, our UCaaS platforms experienced a 300% surge in usage. I led rapid capacity scaling efforts across our AWS infrastructure, deploying dynamic Auto Scaling Groups (ASGs), intelligent heartbeat-based instance monitoring, and cookie-based NGINX load balancing to ensure high availability. ...

To support growth in the Asia‑Pacific region, I spearheaded the rollout of new contact‑center infrastructure in Australia and Japan. By provisioning cloud‑based points of presence and localizing telephony functions such as IVR prompts, text‑to‑speech, and call recording, the team delivered low‑latency service that met regional data‑residency rules. Infrastructure‑as‑code templates allowed us to replicate the North American architecture while making necessary regional adaptations. The expansion reduced latency for local users and enabled new channel partnerships in the APAC market. Highlights Regional Coverage: Established fully operational contact center points-of-presence in Sydney and Tokyo, extending service capabilities across the entire APAC region Latency Reduction: Achieved 85% reduction in voice and data latency for APAC users by moving from North American infrastructure to local deployments Compliance Adherence: Successfully implemented data residency controls meeting both Australian Privacy Act and Japanese APPI regulatory requirements Scalability: Designed infrastructure to handle 300% projected growth over three years without significant architectural changes Time-to-Market: Completed full deployment within 4 months, 2 weeks ahead of schedule, enabling accelerated market entry How It Works The APAC contact center infrastructure operates on a distributed cloud architecture with regional redundancy. Each regional deployment consists of: ...