Chris Wage

Handled identity and access management for GitHub’s workforce, coordinating closely with HR, Legal, IT, and incident response teams.

• Managed the company-wide entitlements platform and maintained security across countless internal and external services.
• Pushed for disaster recovery on identity (LDAP) infrastructure that had been neglected for years, built an interim backup, and got management buy-in. The formalized DR plan was eventually built after I left, based on this groundwork.
• Built custom ruby tooling (a JIT LDAP provisioner for temporary access, chatops integrations, etc) to make day-to-day security operations less painful.
• Built tarball-based deployment paths for critical tooling, eliminating a circular dependency on GitHub’s own availability during outages.
• Migrated ~8 years of accumulated security operations code and docs during a major reorg, mostly without anyone noticing.
• Moved 100+ repositories from legacy Jenkins to GitHub Actions.
• Coordinated employee offboarding with HR and Legal, and was on the critical path for incident response – emergency access revocation, secrets rotation, urgent action.

Managed SRE/devops and a small Data Services team for a non-profit CRM SaaS platform in GCP.

• Set up on-call rotation and a statuspage so the support team would stop learning about outages from customers.
• Completed a long-overdue major Postgres upgrade on production.
• Built tooling to automate the Data Services team’s manual import and sanitization work – tedious, error-prone stuff that had been done by hand.

Modernized infrastructure and cleaned up security for an Alibaba-backed e-commerce platform with a small team spread across the US and Romania.

• Migrated the production stack from leased baremetal to Alibaba Cloud, introducing terraform and modernizing configuration management throughout, despite limitations of both terraform and alibabacloud. Shut down the on-premises datacenter afterward. Saved them a ton of money, I think.
• Fixed critical security gaps left by previous operations: unsegmented network tunnels between offices and production, unauthenticated database access, passwordless root credentials scattered around the environment.
• Replaced a flaky hardware SSL VPN with OpenVPN, bringing VPN management into infrastructure-as-code and letting the distributed team self-serve access.
• Built properly segmented VPCs for production, development, and intranet – network isolation that simply hadn’t existed before.
• Pivoted from what i was originally hired to do (security-focused mandate) to the infrastructure overhaul the company actually needed (helping fix, modernize and secure things from basically all angles)

Operated a web and application development agency (30-50 employees, ~$3-5M revenue).

• Built and ran a managed anti-spam/email filtering service as a standalone product. Operated profitably before being wound-down due to increasing competition/changing market.
• Built the agency’s web development practice, making pragmatic technology calls across a landscape that wouldn’t stop shifting (PHP, Rails, early mobile) – balancing reliable delivery against evolving client needs.
• Pushed the agency from fixed-bid pricing to a billable-services model, eliminating the chronic budget fights that come with pretending you can predict what development work will cost.
• Ran the business side as COO: P&L, financial reporting, contracts, forecasting, scheduling, and a small operations team.

Sole systems engineer for a state-wide K-12 network supporting over 250,000 computers and one million users, driving Linux adoption and building tooling for a team of 12+ network engineers.

• Migrated 60,000+ email accounts from a legacy DEC Alpha OpenVMS system to a modern Linux-based stack, designing and deploying the full replacement (MTA, LDAP, IMAP) solo.
• Designed and deployed a redundant, anycast DNS infrastructure for nearly 500 domains, and built an early CI/CD-style workflow around CVS with automated validation hooks so network engineers could self-serve DNS changes safely.
• Automated router provisioning and configuration management across the state-wide network – version control for infrastructure before that was a term of art.