Active U.S. Security Clearance

Sam Howard

Lead Cloud Engineer — Secure, Automated, Cost-Optimized Infrastructure

I design zero-trust, cloud-native systems for environments where the stakes are highest — from DoD networks to production platforms — automating away cost and toil, engineering security in from the start, and leading the teams that keep it all running.

engineer.yaml
# provisioned 2020 · promoted at every role
engineer:
  name: "Sam Howard"
  clearance: "active — details on request"
  domains: [cloud, cybersecurity, devops]
  aws: [EKS, ECS, Lambda, S3, DynamoDB, CloudFront,
        Route 53, API Gateway, IAM, VPC, KMS, SES]
  gcp: [GKE, Cloud Functions, GCS, Cloud KMS, IAM]
  zero_trust: [SPIFFE/SPIRE, mTLS, RMF]
  automation: [Python, GitLab CI/CD, MLOps]
  static_secrets: null  # by design
$120K+
Annual AWS cost savings engineered
~130
DoD installations safeguarded
10
Analysts led as CSSP Technical Lead
5+
Years across IT, cyber & cloud
Professional experience

Promoted into leadership at every role

Apr 2024 — Present
Cloud Engineer II Lead Cloud EngineerPromoted
Deloitte
  • Cloud architecture: Designed automated AWS workflows that scale services and stop/restart resources off-peak — cutting recurring infrastructure costs by more than $120K annually.
  • DevOps & integrations: Engineered and debugged containerized pipelines across EKS, Lambda, S3, and AWS Systems Manager, driving CI/CD through GitLab.
  • ML & data pipelines: Built ETL pipelines and supported ML model implementation across AWS, GCP, Snowflake, and Databricks.
  • Software engineering: Developed Python monitoring tools for government clients (VPN usage, website activity) in both GUI and headless production builds compiled to Windows executables.
  • System modernization: Led transition and decommissioning of Jira, Splunk, and Keycloak into Deloitte-operated environments.
Mar 2022 — Apr 2024
Cyber Analyst I C5ISR CSSP Technical LeadPromoted in 11 months
COLSA
  • Led a team of 10 analysts monitoring network and cloud traffic across ~130 DoD subscriber sites (CONUS and OCONUS) to identify and mitigate cyber threats.
  • Coordinated internal and external teams to bring full CSSP capabilities to subscriber sites — and directly helped them pass Command Cyber Readiness Inspections (CCRIs).
  • Provided technical guidance and training to junior analysts; administered JQR end-of-training certification exams.
  • Conducted network traffic, security log, and ACAS vulnerability analysis; delivered monthly security posture reports in Tableau.
Oct 2020 — Feb 2022
Help Desk Analyst Lead Chat AnalystPromoted in 6 months
Hexagon
  • Promoted within six months from phone support to running online-chat operations solo; trained new analysts and exceeded response-time, quality, and retention targets.
Technical projects

Built end to end, hardened by design

Zero-Trust Workload Identity for Federal Cloud-Native Environments

Georgia Tech Practicum

A SPIFFE/SPIRE zero-trust control plane on Amazon EKS, built to emulate a restricted U.S. Army "Private Only" cloud — replacing long-lived static credentials with short-lived, auto-rotating identity.

IA-2IA-5SC-8AC-6AU-2 NIST 800-207CISA ZTMMOMB M-22-09
Interactive — watch a workload earn its identity
SPIRE Serveridentity authority Kubernetes APItoken validation EC2 node · spire-agentWorkload API socket workload podzero secrets on disk service-bpeer workload
// idle — click Request SVID to run the attestation flow
spiffe://demo.internal/ns/prod/sa/api
serial TTL 4:00:00auto-rotate: armed
Accelerated ≈720× for demo (real TTL: 4 hours). No static secrets were used — that's the point.

Event-Driven Hybrid-Cloud Media Pipeline

emilynovellagalleries.com — in production

A custom photography platform and automated gallery-delivery system that replaced costly SaaS subscriptions and insecure USB handoffs — from a headless Raspberry Pi at the edge to a fully serverless AWS backend.

S3LambdaECSDynamoDBCloudFrontRoute 53GlacierPolly

This Website — Serverless Portfolio on AWS

You're looking at it — view the source on GitLab ↗

The site itself is a working case study: a fully serverless, infrastructure-as-code deployment where every resource is declared in Terraform and every commit ships itself to production through a GitLab pipeline.

TerraformGitLab CI/CD S3 (private + OAC)CloudFrontACMRoute 53API GatewayLambdaDynamoDB
Technical skills

The stack, in depth

Cloud & Infrastructure

AWS · EKSECSLambdaS3DynamoDBRoute 53CloudFrontIAMVPCKMSSystems ManagerGCPAzure

Security & Compliance

Zero-Trust ArchitectureSPIFFE/SPIREmTLSNIST 800-53 / 800-207RMFCISA ZTMMACASTenableKibanaAzure Sentinel

Containers & Orchestration

KubernetesDockerHelmAmazon EKS / ECS

DevOps, Data & Automation

GitLab CI/CDPythonBashLinuxETL pipelinesMLOpsSnowflakeDatabricksTableau
Education & certifications

Credentialed and current

M.S. Cybersecurity

Georgia Institute of Technology · Aug 2023 — Present

B.S. Information Technology, Cum Laude

Liberty University

Certifications

  • CompTIA PenTest+
  • CompTIA Cybersecurity Analyst (CySA+)
  • CompTIA Security+
  • Microsoft Certified: Azure Fundamentals
Contact

Let's talk about your cloud mission

Open to lead cloud engineering, DevOps, and zero-trust architecture roles — cleared, commercial, or anywhere in between.