Christian D Wallace
Profile
Senior Platform & Site Reliability Engineer with 10 years bridging production networking and cloud infrastructure at scale. Currently architecting Instructure's multi-region EKS platform that powers Canvas LMS for tens of millions of learners worldwide. Combine deep networking foundations (BGP, IPsec, Cisco ACI, SD-WAN, AWS Transit Gateway mesh design) with modern platform engineering (Kubernetes, GitOps, FinOps, Zero-Trust ZTNA, policy-as-code). Known for owning multi-region migrations end-to-end and building the reusable IaC modules other teams ship on top of.
Work Experience
Senior Site Reliability Engineer / Platform Engineer
- Build and scale Instructure's internal developer platform ("Trigger") that powers Canvas LMS — 40 EKS clusters across 8 production AWS regions, 42 deployment groups, and 433 active service deployments on Akuity-managed ArgoCD GitOps, with Helm/Kustomize manifests and Kyverno policy-as-code; shipped new regional clusters and led migration of production workloads off the legacy Cloudgate/Condor PaaS onto a Node.js/Express + MongoDB deployment API
- Architected and delivered the migration of two parallel AWS Transit Gateway meshes off VyOS-on-EC2, then led a fleet-wide TGW security-group referencing rollout across 34 TGWs in 9 regions with zero customer impact, eliminating thousands of CIDR-based rules; authored reusable TGW Terraform modules and orchestrated CLI-driven workspace applies across Terraform Cloud
- Led company-wide Zero-Trust access modernization: phased AppGate ZTNA rollout replacing Teleport + standalone SSH keys for the entire engineering org, ArgoCD prod Okta SSO via SCIM, and IAM Identity Center SCIM token rotation across multi-account AWS Organizations
- Designed and deployed org-wide cloud security and FinOps tooling: CrowdStrike CSPM across 9 AWS accounts, AWS Config continuous-mode StackSets recording WAFv2/CloudFront/ELBv2 org-wide, CloudZero cost-attribution labels across the EKS fleet, and incident-response AWS WAF tuning during an active post-compromise investigation
- Led the observability migration from Datadog to Observe (OPAL queries, dashboards, alerting) and modernized the Gerrit source-control fleet (NoteDb schema upgrade 3.6.8 → 3.7.8, Classic ELB → NLB+ALB+WAF cutover); shipped Go/Ruby/Python tooling that measurably cut developer deployment toil and cycle time
- Architected network and IAM for new AWS LZA accounts and regions end-to-end (planning → IPAM → routing → production); built the group-based AD/Okta access model used by every engineering team across AWS, ArgoCD, Datadog, Vault, and 1Password
Coach
- Coach and mentor groups of 15–20 athletes in a live performance setting — building communication, adaptive teaching, and on-the-fly decision-making skills that translate directly to leading engineering teams and stakeholder meetings
- Provide individualized coaching and form correction, building strong client relationships and fostering a community that drives retention and referrals
Network Engineer
- Engineered Cisco ASA 5508 AnyConnect VPN split-tunneling during the COVID-19 remote-work transition, cutting corporate bandwidth utilization by 60% overnight and keeping a fully remote financial-services workforce productive from day one of lockdown
- Built centralized network configuration and change-management automation — NetBrain for design and drift detection, RANCID for nightly config tracking, NetBox for IPAM, and Cisco ACI for data-center fabric policy — an early forcing function for treating network state as declarative, version-controlled config
Network Engineer I
- Led migration of 30+ customer Site-to-Site IPsec VPN tunnels from Dell SonicWall to Cisco ASA 5525 for a behavioral-health managed-care client base, coordinating cutover windows, routing changes, and policy translation with external engineering teams across multiple customer environments — direct precursor to the AWS Transit Gateway mesh-migration work I lead today
- Delivered full headquarters network build-out — physical-layer upgrades, licensing, structured cabling, out-of-band management — supporting Cisco SD-WAN and Meraki deployments
Technical Solutions Analyst
- Owned tier-3 production incident response for a 24/7 mission-critical EHR platform serving healthcare providers nationwide, root-causing outages affecting clinician access to patient records and translating complex failure modes into clear remediation steps for non-technical clinical staff
- Hands-on Linux administration, SQL debugging, and production incident response on workloads where downtime had direct patient-care impact — built the operational instincts for treating infrastructure failures with the same urgency as a clinical emergency
Education
Additional