Charlie Allom - Curriculum Vitae

47 Champion Hill   charlie@evilforbeginners.com  https://github.com/yeled
London,  SE5 8BS   07432154285                   https://www.instagram.com/photosofpickles/
UK                 DOB: 13/10/80                 https://evilforbeginners.com

Personal notes

A senior technical generalist - gregarious, with good people skills and the ability to work on projects independently or with a larger team. Happy to tackle anything from software to customer service, network cabling to project management, debugging BGP to critiquing typeface kerning - an autodidact who takes great pleasure in learning new skills and technologies.

Moved to London in 2006, obtained British citizenship in 2015.

Work Experience

GitHub June, 2017 - June 2024

I was at GitHub leading the network team (always very lean from 2-4 people), migrating an unmanaged flat topology that the old network engineers used to telnet to administer: to an ISIS-SR, segmented, “telemetrized” and fully automated network.

I created both workflows in GitHub to deploy the infrastructure, including GitHub Actions - and an autonomous reactive system which required little human input (like DDOS mitigation for example, using S/RTBH and external signalling to Akamai)

I brought the whole network into a GitHub method of deploying and treating like a group of applications, instead of a tended datacenter with silo’d experts.

• Transformed a static “network engineer” RSVP and BGP network into a dynamic ISIS-SR and BGP design, using BGP for signalling between some applications.
• DDoS mitigation automation. Weathered the highest ever DDOS at the time with automation (cf. Wired Article re: 2Tbps GitHub DDoS)
• Migrated an RSVP-TE network to ISIS-SR.
• Removed A10 and Juniper NAT devices and designed and implemented a horizontally scalable nftables + GRE tunneled SNAT service (including health monitoring)
• Lead the negotiations for Transit, backbone, PNI and for all DCI interconnections
• Designed the DCI ring topology with unlit dark fiber, and using Coriant (now Infinera) G30 DWDM devices to provide Petabits of connectivity.
• 100% coverage on automation config generation for every device in the network.

Yelp 2013 - 2017

Leading the production network team. Bringing Yelp networks from a startup mentality to an enterprise built with modern practices, transparent design and documentation.

• Migrated a legacy environment from static routing, OpenVPN and linux routers into a failover tolerant network with MX routers: building redundant 10G lambdas spanning the USA and Atlantic; connecting 5 AWS regions to datacenters with MPLS for multi-tenancy network growth.
• DDoS mitigation planning and rollout. Identifying risk; going from zero to being able to soak up 99% of volumetric attacks.
• Designed internal and external Anycast solutions for HA services with exabgp and BIRD (DNS, code repositories, puppet, etc.)
• Managed and tracked IRR resources in ARIN and RIPE regions.
• Maintained Operations oncall rota with the rest of the SREs; described as their network-SRE.
• Handled office networks (US and EU) and their uptime requirements. Oncall for corporate network for 1.5 years.
• Led the team to Dockerise and Ansible all systems moving parts (flow and snmp monitoring, configuration management, etc). All network services are HA.
• Instigated peering and culture for better mobile experience; backed with ongoing metrics and reporting.
• Monitoring with RIPE Atlas, Catchpoint, SNMP traps, inhouse systems and live BGP updates fed into sensu, nagios and IRC bots for visibility of moving parts.

Media Service Provider 2007 - present (6 years)

Working to launch a ground-breaking independent music service with restricted capital and strong performance and scalability requirements taught me a lot about working inside a budget and prioritising business critical issues. Working with a small team meant that being a ‘jack of all trades’ was essential, as were taking innovative approaches to get the job done with minimum fuss.

• Built a residential ISP with DPI for tracking licensed P2P content (functional proof of concept, later used by Virgin Media).
• Designed fully redundant white label music service platform for ISP’s (eg. zik.ca now defunct).
• Installed said platform for 100’s of thousands of users, including the day to day operations, runbooks for junior sysadmins and developers, complete DR plans.
• Responsible for edge BGP architecture transitions as the business grew, whilst minimising capex and opex.
• Provisioning of remote branches with Juniper SRX’s and routing protocols and policies for offices.
• Built a 10GE ring network for storage and applications.
• Creation of support procedures for external customers.
• Migrated from legacy PBX to hosted SIP in all offices, using BCP for security and QoS.
• Grew and expanded multi-Petabyte mogilefs storage network across multiple London datacentres.
• Monitored peer traffic, helping management understand their Internet presence and requirements.
• Instigated RIPE LIR membership and PA/PI resourcing.
• Enabled full IPv6 access to all desktops and partially to infrastructure by 2009.
• Documented the network, both L2 and L3. Provided runbooks for troubleshooting by staff.
• Designed multiple virtualisation environments for production and development. Staying abreast of new virtualisation technologies was key to being able to deliver low-cost solutions. First xen hypervisor with NFS backend in 2007.
• Helped a development team understand the benefits of release cycles. Semantic versioning, code review, debian release best-practices.
• Managed music ingestion of 10 million tracks for customers.

Editure (formerly MyInternet) 2006 (6 months)

Working to support a broad range of clients on high-level support issues developed my ability to envisage and model previously unknown complex systems from minimal information. The role required construction of reasonable hypotheses about problem cause, and applicable solutions given incomplete information and ill-defined problems.

• Supported UK educational authorities on their network and application infrastructure from Melbourne, in the same capacity as MyInternet.

Freshtel R&D Holdings 2006 (6 months)

Gained great experience working primarily on cultural rather than technical change during a short stay in this dynamic company.

• Guided sysadmin team in process and management.
• Purchased and deployed “high speed” firewalls for SIP (Checkpoint).
• Implemented VPNs for SIP trunks, and Foundry load balancing.
• Educated and put in place tools to manage infrastructure for highly-patched Asterisk environment.

MyInternet 2002 - 2006 (4 years)

Working together with a team of 8 sysadmins. Graduated to managing the team and performing a technical account manager role for the two largest clients in the company.

• Managed primary customers, on site, interstate and international.
• Supported and designed scalable, failover UNIX farms (Debian and Solaris).
• Integrated in-house Perl and C software into customer and internal systems.
• Followed and advised on QA processes.
• Created, edited and compiled documentation on sysadmin processes.
• Responsible for remote server farms of up to 80 machines per POP.
• Support of peers across entire infrastructure (serving 3 million students and teachers) on a 24x7 basis.

RMIT 2001 - 2002 (2 years)

First introduction to networking and UNIX in a real environment. Supported over 300 (often non-technical) students and staff in a friendly and personal fashion.

• Instigated Mac and PC cloning, remote management and network audits (ARP) for the first time. This streamlined peak use times and allowed easier insight into the budget requirements. This had been done by hand before.
• Deployed squid (v2) proxies for student VLANs on my own understanding of TCP packet loss and “slow web” complaints.
• Accredited Apple repair (well before the ‘Genius’ existed)

RMIT 1998 - 2000 (3 years)

Moved to Melbourne to study design (typography), but soon learnt I was a natural problem solver by nature.

• Graphic Design student

Community projects

Macports 2003 - 2008 (5 years)

Engaged with and gained the respect of the community and core team members to get problems resolved and updated software shipped. A learning experience about gaining consensus between disparate groups of people with varied concerns and technical aptitudes. After serving on the core team for five years this had stopped being a challenge - therefore I moved on to other projects and education with would expand my skill-set further.

• Sat on the “core” for macports as the sysadmin role who helped form policy around our infra
• Participated in remote meetings, and helped steer policy, engaging with the community.
• Was responsible for importing hundreds of Portfiles