Derek McQuay
Staff Security Software Engineer
derekmcquay@gmail.com | 801-822-9194 | LinkedIn | github.com/dmmcquay | derek.mcquay.me
Professional Summary
Staff Security Software Engineer with 10+ years building secure, scalable distributed systems. Technical lead at Apple driving identity and access management initiatives. Former Top 100 Kubernetes contributor with expertise in Go, cloud-native architectures, and zero-trust security. Proven track record architecting solutions and leading cross-functional engineering teams.
Experience
Staff Security Software Engineer – Apple
September 2018 – Present
Technical Lead IAM - ASE
  • IAM - Apple's Identity and Access Management platform for Apple Services Engineering
Security Lead - Simcloud
  • Designed security architecture for batch compute platform
  • Implemented identity, secrets management, and authorization systems
  • Led threat modeling and established security policies and procedures
Technical Lead for IAS and OMA - ACS
  • IAS - Founded Apple Cloud Services' OAuth2/OIDC authentication service
  • OMA - Founded Apple Cloud Services' authorization service (OPA Managed at Apple)
Software Engineer – Tigera
May 2018 – September 2018
  • CNX team member working on a secure application connectivity platform
  • Contributed to open-source Calico project, reviewing PRs and implementing enterprise features
Software Engineer – Mesosphere
March 2017 – May 2018
  • Founding engineer on DC/OS Kubernetes team, delivering product from POC to GA in under a year
  • Designed multi-tenant cluster management system
  • Built CI/CD pipeline and achieved CNCF conformance certification
  • Implemented automated cluster provisioning
Software Engineer – Apprenda
September 2016 – March 2017
  • Top 100 Kubernetes contributor with 75+ commits focused on cluster lifecycle and security
  • Invited by CNCF to create the Certified Kubernetes Administrator (CKA) certification
  • Worked with community experts to develop the domains and competencies for the CKA exam
HPC System Engineer – Lawrence Livermore National Laboratory
May 2015 – September 2016
  • Configured, installed, and maintained HPC systems and developed tools to ease administration of HPC clusters
  • Researched new technologies and determined application for use in HPC workflows, facilitating use for customers on new technology clusters (Big Data, GPU, etc.)
  • Investigated and prototyped Linux containerization (Docker, Kubernetes) to ease maintenance and deployment of infrastructure for HPC workflows
  • Participated in LLNL's Security Task Force to determine potential risks and concerns related to security pertaining to HPC clusters and associated infrastructure
HPC System Engineer – Brigham Young University Fulton Supercomputing Lab
August 2013 – May 2015
  • Worked with faculty and research students to configure, install, and optimize software
  • Aided in building custom software from source (configure, makefile, compiler optimizations, etc.)
  • Performed trainings for users and helped convert their workflows to HPC environment
Education
BS in Computer Engineering
2008 – 2015
Brigham Young University
Minor in Computer Science
2008 – 2015
Brigham Young University
Skills & Proficiency
Languages
Go (primary), Python, Bash/Shell scripting, C/C++
Identity & Access Management
OAuth2/OIDC, SAML, mTLS, zero-trust architecture, identity federation
Authorization & Policy
Open Policy Agent (OPA), RBAC, policy-as-code, authorization services
Cloud Native & Kubernetes
Kubernetes (Top 100 contributor), Docker, Calico, container orchestration, CKA certification creator
Security
Security architecture, threat modeling, secrets management, security task force experience
HPC & Infrastructure
HPC cluster administration, batch compute systems, infrastructure automation, system deployment
Projects
Space Invaders – Implemented Space Invaders on a FPGA with a Microblaze CPU. Driver for NES controller written in VHDL. See video here.
AES Cipher Implementation – A simple (not production ready) implementation of FIPS Publication 197 written in Go. Can encrypt and decrypt for key sizes of 128, 192, and 256 bits.
Scrape – Scrape is a CLI tool to help gather data from github repos about contributions.
Psyfer – Psyfer lets you perform various different ciphers to input strings, like transposition, substitution, vigenere, and AES. It also provides the ability to attempt guesses for certain ciphers.
Color Based Cipher – Color based encryption/decryption program on a FPGA board. Receive (RX) and and Transmit (TX) drivers written in VHDL. See video here.
Languages
English (Native), Portuguese (Native), French (Professional), German (Professional)
Interests
Music, Nature, Hiking, Camping, Video Games