Ryan Paredes

Engineering and Product leader driving cloud platform strategy, security programs, developer experience, and delivery excellence across cross-functional teams.

LinkedIn GitHub Resume PDF

Skills & Tools

Technical expertise and leadership capabilities — hover for details

Technical

☁️ AWS
GovCloud experience, multi-account architecture (20+), EKS, S3, CloudFront, Route 53, ACM, EC2, IAM
Kubernetes
EKS cluster management, zero-downtime migrations, multi-environment deployments, containerized workloads
🏗️ Terraform
Infrastructure as Code, modular architecture, multi-workspace management (dev/prod), state management
🔄 CI/CD
GitHub Actions, GitLab CI, pipeline design, automated deployments, security scanning (Trivy, gitleaks)
📊 Observability
Grafana, Datadog, SLA/SLO definition, reliability dashboards, platform adoption metrics
🐍 Python
Automation scripting, data pipelines, API integrations
JavaScript
Web development, Astro, Node.js, blockchain/API integrations (DC3.Wiki)
🔒 DevSecOps
Chainguard, Trivy scanning, supply-chain security, secret management, 200+ repo governance

Process & Leadership

📋 Product Management
Roadmap ownership, backlog prioritization, user feedback loops, adoption metrics, KPI definition
🎯 Program Management
Cross-org coordination (100+ engineers), dependency tracking, quarterly planning cycles, executive reporting
🔁 Agile & Scrum
Scrum Master, Agile coaching, Kanban, sprint planning, team velocity optimization, mentoring PMs
🤝 Stakeholder Alignment
Executive presentations, investment tradeoff analysis, cross-functional partnership (Eng/Security/Product)
📝 Change Management
CAB program creation, governance frameworks, approval workflows, ITIL/ITSM, regulatory compliance (healthcare)
📈 Data-Driven Delivery
Velocity/cycle time tracking, delivery dashboards (Jira), release frequency metrics, program-level reporting

Projects

Infrastructure and automation work

PortfolioSite

Live

This site — a fully automated portfolio deployed to AWS via GitHub Actions. Infrastructure managed with Terraform, security scanning with Trivy, and built with Astro + Tailwind CSS.

AWSTerraformGitHub ActionsAstroS3CloudFront
View on GitHub →

DC3.Wiki

Project

A user-facing analytics platform for DC NFT collectors, providing real-time visibility into asset ownership, supply, and transaction activity through blockchain integrations. Built data pipelines to transform on-chain data into intuitive dashboards, iterating on features based on user behavior and feedback.

BlockchainAPIsData PipelinesAnalyticsJavaScriptSmart Contracts
Visit DC3.Wiki →

CI/CD Pipeline

How this site gets built and deployed — fully automated with GitHub Actions

🔍 Lint Terraform fmt + Astro check
🛡️ Scan Trivy IaC & dependency scan
🔨 Build Astro static site build
🚀 Deploy Dev S3 sync to dev bucket
Deploy Prod Approval gate + S3 sync

Pipeline Details

  • Lint: Terraform files validated with terraform fmt -check and site checked with astro check
  • Security Scan: Trivy scans IaC for misconfigurations and dependencies for known CVEs (pinned version to avoid supply-chain risk)
  • Build: Astro generates optimized static HTML/CSS/JS with zero JavaScript shipped to the client by default
  • Deploy Dev: Built artifacts synced to S3 dev bucket automatically on push to main
  • Deploy Prod: GitHub Environment protection rules require manual approval before syncing to the production S3 bucket behind CloudFront
  • Secrets: gitleaks pre-commit hooks + CI scanning prevent accidental credential leaks

Architecture

AWS infrastructure powering this site

┌────────────┐     ┌──────────────┐     ┌────────────┐
│            │     │              │     │            │
│  Route 53  │────▶│  CloudFront  │────▶│  S3 Bucket │
│  (DNS)     │     │  (CDN+TLS)   │     │  (Static)  │
│            │     │              │     │            │
└────────────┘     └──────────────┘     └────────────┘
       │                  │
       │           ┌──────────────┐
       │           │     ACM      │
       └──────────▶│ (TLS Cert)   │
                   └──────────────┘

All infrastructure defined as Terraform modules — see the repo for full source.

CI/CD Pipeline Detail

End-to-end automation across three GitHub Actions workflows

                         ┌──────────────────────────────────────┐
                         │          GitHub Repository           │
                         │            (main branch)             │
                         └──────────┬───────────┬───────────────┘
                                    │           │
                    push/PR (site/) │           │ push/PR (infra/)
                                    ▼           ▼
              ┌─────────────────────────┐  ┌─────────────────────────┐
              │   CI Workflow (ci.yml)  │  │  IaC Workflow (iac.yml) │
              │                         │  │                         │
              │  ┌───────┐ ┌─────────┐  │  │  ┌──────────────────┐   │
              │  │ Lint  │ │ Secrets │  │  │  │ Terraform Cloud  │   │
              │  │ Astro │ │gitleaks │  │  │  │  Init / Validate │   │
              │  │ check │ │  scan   │  │  │  │    Plan / Apply  │   │
              │  └───┬───┘ └────┬────┘  │  │  └────────┬─────────┘   │
              │      │          │       │  │           │             │
              │  ┌───┴──────────┴────┐  │  │  ┌────────▼─────────┐   │
              │  │   Trivy Scanner   │  │  │  │ PR Plan Comment  │   │
              │  │ IaC misconfig +   │  │  │  │ (auto-posted)    │   │
              │  │ dependency CVEs   │  │  │  └──────────────────┘   │
              │  └────────┬──────────┘  │  └─────────────────────────┘
              │           │             │
              │  ┌────────▼──────────┐  │
              │  │   Astro Build     │  │
              │  │  (Node 22 + npm)  │  │
              │  └────────┬──────────┘  │
              └───────────┼─────────────┘
                          │
              ┌───────────▼─────────────────────────────────────┐
              │        Deploy Workflow (deploy.yml)              │
              │                                                  │
              │  ┌──────────────┐        ┌───────────────────┐   │
              │  │  Build       │        │  Manual Dispatch   │   │
              │  │  Artifact    │        │  (workflow_dispatch)│  │
              │  └──────┬───────┘        └─────────┬─────────┘   │
              │         │ auto on push             │ manual      │
              │         ▼                          ▼             │
              │  ┌──────────────┐        ┌───────────────────┐   │
              │  │  Deploy Dev  │        │  Deploy Prod      │   │
              │  │              │        │                   │   │
              │  │  AWS Creds   │        │  ┌─────────────┐  │   │
              │  │  (OIDC)      │        │  │  Approval   │  │   │
              │  │      │       │        │  │  Gate       │  │   │
              │  │      ▼       │        │  └──────┬──────┘  │   │
              │  │  S3 Sync     │        │         ▼         │   │
              │  │  (Dev Bucket)│        │  AWS Creds (OIDC) │   │
              │  └──────────────┘        │         │         │   │
              │                          │         ▼         │   │
              │                          │  S3 Sync (Prod)   │   │
              │                          │         │         │   │
              │                          │         ▼         │   │
              │                          │  CloudFront       │   │
              │                          │  Cache Invalidate │   │
              │                          └───────────────────┘   │
              └──────────────────────────────────────────────────┘

AI-Integrated Workflow

AI isn't a novelty in my workflow — it's embedded across engineering, planning, and delivery. Here's how I integrate AI tools daily.

💻

GitHub Copilot

Inline code generation, Terraform module scaffolding, CI/CD workflow authoring, and real-time code review. Used across infrastructure, automation scripts, and frontend development as a daily pair programmer.

🧠

Claude Code

Deep architecture reasoning, security auditing, and complex multi-file refactoring. Used for evaluating design tradeoffs, identifying vulnerabilities, and building out end-to-end features with full codebase context.

Google Gemini

Program and product management workflows — drafting roadmap narratives, synthesizing stakeholder feedback, building executive summaries, and structuring quarterly planning documents. Integrated into everyday process work, not just engineering.

The philosophy: AI accelerates delivery when paired with experienced judgment. I use it to reduce toil, move faster on boilerplate, and focus human attention on decisions that matter — architecture tradeoffs, stakeholder alignment, and system reliability.

See how AI shaped this specific project in AI_DEVELOPMENT.md

Ongoing Security & Maintenance

How this project stays secure and up to date — DevSecOps practices baked in

🔄

Automated Updates

Dependabot monitors three ecosystems weekly: npm packages, Terraform providers, and GitHub Actions versions. PRs are auto-created and must pass CI before merge.

🛡️

Continuous Scanning

Every push runs Trivy for IaC misconfigurations and dependency CVEs, plus gitleaks for secrets detection. Critical and high findings block deployment.

📌

Supply Chain Integrity

All GitHub Actions are pinned to full SHA (not tags). npm uses lockfiles with npm ci for reproducible builds. Trivy is version-pinned to prevent auto-update supply chain attacks.

📋

Review Cadence

Weekly: review Dependabot PRs and security alerts. Quarterly: full manual audit, credential rotation, and tooling version review. All documented in the repo's MAINTENANCE.md.

Resume

Download PDF