With Eyes Unclouded

 
Matt McDougall
Net/Sys Eng. / FLOSS Advocate

Homelab environment featuring XCP-ng hosts, Xen Orchestra (from sources), QNAP NAS, Unifi network, Ubuntu Linux guests, Docker environments (Cloudflare WAN proxy, Traefik reverse proxy, Authentik IdP, Paperless-NGX document archival, ProtonMail Bridge SMTP relay for notifications, etc.), backups at multiple levels (git version control, app config, container volumes, VM disks, offsite to Backblaze)

Supplemental training courses through PluralSight, including git, Docker, Kubernetes, IT management

Working toward further developing leadership skills and training based on works of authors such as Simon Sinek and Kim Scott

5+ years of experience with Vates Virtualization Management Stack (XCP-ng, Xen Orchestra Appliance)

10+ years of experience with Unifi, Cisco, OSI model, Switches, Routers, Firewalls, VPNs, SD-WAN, WiFi Access Points, IP/Internet Protocol, TCP/UDP, ARP, STP/RSTP, VLANs

10+ years of experience with Windows Server, Ubuntu Server, Apache/nginx, DHCP, DNS, RDP, AD/Active Directory/LDAP

10+ years of experience with TrueNAS, QNAP, iSCSI, NFS, SMB, SFTP, RAID/RAIDZ

4+ years of experience with Microsoft 365, including Azure AD/Entra ID, Exchange Online, SharePoint, Office

Other Relevant Concepts: Security Awareness Training, Loss Prevention, Disaster Recovery, Project Management, Inter-departmental communication/collaboration, Technical Documentation

Impact over intent. Prepare for the worst, hope for the best. In my career in IT, I have designed and implemented initiatives to reassess and rebuild entire technical infrastructures primarily with commodity hardware and FLOSS software, implement holistic security approaches (reactive /and/ proactive), streamline interdepartmental processes, and start a training initiative to help current and future IT teams. I have functioned as IT manager, infrastructure engineer, and technical trainer, and with close collaboration between many departments my approaches have equated to significantly improving critical infrastructure and facilitating others to continue to build relationships, internally and externally, with minimal financial cost.

Vates VMS Ignition Technical Certification Trainer
Vates VMS (XCP-ng / Xen Orchestra)2024-2025
  • Conduct online webinar training sessions ensuring trainee mastery of the basics of the XCP-ng hypervisor, as well as proficiency with Xen Orchestra Appliance
  • Instruct trainees on best practices and fundamentals for virtualization management
  • Administer remote training lab environment to ensure each trainee has a smooth training experience
  • Present trainees with certification upon completion of session and labs
  • Further develop training materials
  • Follow-up monthly with trainees by email after training to inquire about their success and to seek any additional questions
Technical Support Engineer
Vates VMS (XCP-ng / Xen Orchestra)2024-2025
  • Provide technical support for the Vates Virtualization Management Stack to professional and enterprise customers
  • Consistently at or near top ticket metrics, including issue resolution
  • Support was communicated through Zammad and performed through customer on-demand secure SSH tunnels directly into the customer’s XCP-ng/XOA infrastructure
Technical Infrastructure Engineer
Central Woodwork and CenWood Appliance2017-2024
  • Within months of starting with the organization, became key in response and remediation of a large ransomware attack. Due to relaxed security in the years prior to my arrival, this attack was almost inevitable.
  • Maintained disparate Netgear switches and WatchGuard firewalls, run new ethernet drops as required, admin Windows Server domain.
  • Built on-prem help desk ticket system for users to submit IT support tickets, as well as production shops to report to maintenance on non-working equipment.
  • Built prototype digital signage for company communications. Deployed in two locations initially. Software later replaced by OptiSigns.
  • Technical lead during transition to Lumen MPLS and Mitel cloud VoIP.
IT Manager (interim)
Central Woodwork and CenWood Appliance2020-2024
  • Began planning several loss prevention and remediation initiatives to counter cyber threats and maintain business continuity.
  • Designed and implemented a distributed, fault-tolerant, private cloud virtualization ecosystem for core business services across five locations using commodity hardware and enterprise-level FLOSS (free, libre, and open-source software) to replace well beyond EOL servers. This approach saved the company $100,000+ initially and several thousand annually, prevented vendor-lock, future-proofed against major software license changes (as with Broadcom and VMware), and provided the technical foundation for countless future technical projects.
  • Replaced aging Netgear switches and SonicWall APs for Unifi switches and APs, and Watchguard firewalls for OPNsense on Protectli Vaults, to simplify, standardize, and make deployment/reconfiguration/troubleshooting much faster.
  • Vastly improved security posture: Network security (Darktrace), foothold detection (Huntress), and Microsoft 365/Exchange/Entra ID (Coro).
  • Developed ongoing proactive security awareness training campaign (with help of KnowBe4), including phishing simulations using Entra ID (previously Azure AD) and direct message injection, video training, automated coaching.
  • Project management, inter-departmental cooperation, training initiative, streamline HR onboarding, asset management (ITAM).
  • Managed transition from Mitel and Lumen to TPx SD-WAN and Vonage.
Payment Switch Analyst
Pilot Flying J2012-2017
  • Provided second shift next-level support and on-call emergency support to the Help Desk, AR, and Install Team, and work closely with various other teams, including: Network Teams, Server Teams, DBA Teams, POS Development, Fuel Technology.
  • Monitored for outage alerts across Postilion Realtime servers between two data centers and over 30 acquirers, alerted all necessary teams, and performed data center failover, if possible. Escalated to internal teams, or external acquirer support, and continued to monitor until resolved.
  • Bulk transaction investigation and reporting, primarily using T-SQL on Postilion Office, for AR and management to determine transaction failure trends and attempted to match to software issues to be either resolved internally or escalated to ACI, the Postilion software vendor.
  • Assisted Tier 2 of the Switch Team with deployments across multiple hundreds of stores, as well as QA regression testing of new software versions and patches for store- and credit server-level.
  • Investigated bank and fleet card transaction failures, using T-SQL and browsing through eSocket and/or acquirer interface host trace logs.
  • Administered store-level eSocket credit software on POS terminals and fuel computers remotely and with T-SQL on Postilion Config.
NSO (New Store Opening) Coordinator
Pilot Flying J2012-2017
  • Built config scripts based on templates provided by the Install Teams containing new store-level eSocket terminal configuration, Postilion Realtime routing and merchant ID configuration, and Postilion Office configuration, for new stores and deployed to all Postilion servers.
  • Communicated with AR to ensure merchant IDs are obtained and activated before the store’s opening date.
  • Supported Install Teams with any eSocket credit software configuration and/or installation problems.
  • Verified Install Team card testing, asking for retest of particular cards with possible fix, or escalated to AR.