AUTONOMY DIRECTORATE

🏠 Main

πŸ§ͺ Interactive Apps

πŸ“° News

πŸ›‘οΈ PQ Crypta Proxy

πŸ‘€ Account

⟨ QUANTUM ERROR PORTAL ⟩

Navigate the Error Dimensions

Initializing Resume Matrix...
Allan Riddel Allan Riddel

Allan Riddel

Senior Systems & Infrastructure Engineer | Full-Stack Developer | Security Specialist

O'Fallon, Missouri
Quantum Apocalypse Rising
Audio of Allans Resume
35+
Years Experience
3
Live Platforms
5+
Open-Source Repos

Professional Summary

35+ years designing, operating, and troubleshooting enterprise infrastructure across manufacturing, financial services, healthcare, insurance, hosting, and telecom.

Most recently: 8+ years as Lead Middleware Engineer at Reinsurance Group of America β€” senior escalation point for complex distributed failures across mission-critical systems internationally. Architected global observability on Datadog, built CI/CD pipelines with Jenkins and BuildMaster, and kept high-availability infrastructure running across IIS, F5 BIG-IP, Citrix NetScaler, and distributed application tiers.

Currently: architecting, deploying, and operating an independent security infrastructure platform from the ground up β€” HTTP/3 reverse proxy with hybrid TLS, protocol analysis tooling, WAF, bot detection pipelines, and a forensic document security platform listed in the NIST Computer Forensics Tools & Techniques (CFTT) Catalog. No team, no vendor support β€” I built and operate the full stack.

Root Cause Analysis & Systems Troubleshooting

Senior escalation across enterprise environments, tracing failures through every layer β€” application logic, SQL, middleware, authentication, and infrastructure β€” to the actual cause, not just the symptom, then fixing it at the architecture level so it doesn't recur. At RGA I was the top escalation point for international offices, routinely tracing root causes beyond vendor diagnostics across multi-tier, multi-country systems.

PQCrypta β€” Built from Scratch, Running in Production

Designed and built PQCrypta end-to-end β€” a live platform running right now at pqcrypta.com, deployed on infrastructure I set up and maintain. Source at github.com/PQCrypta. Live, verifiable capabilities:

  • 31 NIST-aligned post-quantum algorithms (ML-KEM-1024, ML-DSA-87, FN-DSA, SLH-DSA, HQC) with full key-generation β†’ encryption β†’ decryption roundtrip validation
  • Memory-safe Rust backend on Axum/Tokio: 500+ REST endpoints, HTTP/3 WebTransport (Quinn), PostgreSQL with Redis caching, OAuth2/WebAuthn/TOTP authentication
  • Python ML pipeline for bot and threat detection: TLS/JA3 fingerprinting, behavioral analysis, honeypots, scikit-learn ensemble classification, RAG chatbot (FAISS + BM25 hybrid search)
  • Hybrid TLS 1.3 (X25519MLKEM768), custom WAF with OWASP Top 10 coverage and threat-intelligence feeds, automated cron health checks
  • Observability stack: structured logging, latency percentiles, SLO tracking with error budgets, and Z-score anomaly detection across the platform's endpoints

Open Source β€” github.com/PQCrypta

  • pqcrypta-proxy β€” Rust HTTP/3/QUIC reverse proxy: hybrid post-quantum TLS (X25519MLKEM768), JA3/JA4 fingerprinting, HMAC-secured circuit breakers, 6 load-balancing algorithms, GeoIP blocking, WAF, ACME automation, Prometheus metrics
  • PQC Binary Format v1.0 β€” Standardized self-describing binary format for PQC data interchange: 47 algorithms, 6 language bindings (Rust, Python, JS/WASM, Go, C/C++). Published on crates.io, PyPI, and npm
  • hmac-circuit-breaker β€” Security-focused Rust circuit breaker crate: HMAC-SHA256 on-disk state integrity, fail-open tamper semantics, Axum tower::Layer middleware. Published on crates.io
  • pqcrypta-collector β€” Async Rust metrics collector and intelligence layer: multiple log sources, SLO tracking, statistical anomaly detection, disk-backed durable queuing
  • secure-pdf-tools β€” PQPDF backend: 45+ server-side PDF tools. Source: github.com/PQCrypta/secure-pdf-tools

What I'm Good At

  • Infrastructure & systems engineering β€” Linux, Windows Server, IIS, Apache, F5 BIG-IP, Citrix NetScaler
  • Observability & monitoring β€” Datadog, custom telemetry, anomaly detection, real-time dashboards
  • High availability & DR β€” load balancing, failover, disaster recovery design
  • Security engineering β€” TLS, WAF, threat detection, JA3/JA4 fingerprinting, protocol analysis
  • DevOps & CI/CD β€” Jenkins, BuildMaster, deployment automation, reliability engineering
  • Root cause analysis β€” tracing distributed failures through every layer until I find the actual problem
  • NOC operations β€” escalation engineering, 24/7 environments, multi-region coordination

Open to senior roles in systems/infrastructure, SRE, NOC, or security engineering β€” full-time or contract, remote or hybrid.

Everything Is Live β€” See It Right Now

PQCrypta, PQPDF, and stlweb.dev are real, maintained platforms running in production β€” not slide decks. The proxy is handling traffic, the collector is tracking SLOs against real data, and the ML pipeline classifies requests in real time. pqcrypta.com is verifiable evidence: working API endpoints, 31 cryptographic algorithms with full roundtrip validation, a WAF blocking real attacks, and end-to-end observability. When something breaks, I trace it through the stack to root cause and fix it.

What I bring that is hard to find in one person: I can write the backend code, set up and administer the servers it runs on, diagnose why it broke at 2am, build the monitoring that tells you it is breaking, and ship the frontend that lets people use it. I am as comfortable in a Linux shell as in VS Code, as comfortable with SQL schema design as with TLS handshake debugging.

Everything is publicly accessible:

Experience

Over three decades building and operating production systems.

Principal Systems Architect

PQCrypta / Independent • Full-time
Jul 2024 – Present · 2 yrs · Remote
  • Built a production security and infrastructure platform from scratch β€” no existing codebase, no team, no vendor support. Provisioned all infrastructure, designed the network and protocol architecture, and operate everything end to end.
  • Stood up an HTTP/3 / QUIC reverse proxy with hybrid TLS termination, ACME certificate automation, OCSP stapling, JA3/JA4 fingerprinting, GeoIP enforcement, WAF, and circuit breaking β€” running in production 24/7.
  • Designed and operate a REST API platform across 500+ endpoints backed by PostgreSQL and Redis; built observability pipelines monitoring live TLS handshakes, transport behavior, and anomaly signals across the full stack.
  • Engineered ML-based bot classification and threat-detection pipelines; operate with no external ops support.
  • Forensic document security platform (PQPDF) listed in the NIST Computer Forensics Tools & Techniques (CFTT) Catalog. Open-source infrastructure components published on GitHub.

Lead Middleware Engineer

Reinsurance Group of America
Mar 2017 – Oct 2025 · 8 yrs 8 mos · St. Louis, MO · Remote
  • Senior escalation engineering lead for mission-critical enterprise systems globally at a global reinsurance company.
  • Served as top-tier escalation point for complex infrastructure failures, routinely tracing root causes beyond vendor diagnostics across multi-tier, multi-country distributed systems.
  • Architected global observability platform using Datadog: real-time dashboards, distributed tracing, performance baselines, and proactive anomaly alerting.
  • Designed and supported SharePoint, SSAS, SSRS, and PowerPivot enterprise platforms; built and maintained automated deployment pipelines using Jenkins and BuildMaster.
  • Engineered high-availability web infrastructure on IIS/Apache/Tomcat and F5 BIG-IP: load balancing, failover, disaster recovery, and traffic management.
  • Developed infrastructure automation and remediation tooling, reducing manual intervention and improving operational reliability.
  • Provided technical leadership across diverse Linux and Windows environments including networking, authentication, and cross-platform integration.

Lead Web & Frameworks Engineer

Randstad Technologies (Contracted to Reinsurance Group of America)
Apr 2016 – Mar 2017 · 1 yr · St. Louis, MO · On-site
  • Delivered engineering leadership for enterprise middleware and application delivery infrastructure supporting global insurance systems.
  • Performed deep root cause analysis across distributed web applications, load balancing layers, and backend services.
  • Contributed to observability improvements, deployment automation, and infrastructure reliability across IIS and enterprise application environments.

System Engineer

Stifel Nicolaus
Dec 2012 – Apr 2016 · 3 yrs 5 mos · St. Louis, MO · On-site
  • Designed and supported high-availability web and application infrastructure: IIS, Tomcat, SQL Server, and Citrix NetScaler for mission-critical financial platforms.
  • Architected load-balanced application delivery, database high-availability (HA/DR), and disaster recovery solutions.
  • Performance-optimized distributed backend systems supporting trading and financial services operations.

Senior Business Systems Administrator

Essence Healthcare
Nov 2008 – Dec 2012 · 4 yrs 2 mos · Maryland Heights, MO · On-site
  • Administered enterprise application and database infrastructure: WebSphere, SQL Server, SharePoint, and ERP systems supporting healthcare operations.
  • Designed and implemented high-availability clustering, VMware virtualization, and enterprise backup/recovery systems.
  • Led infrastructure improvements across application, database, and network layers.

Director of Operations

AMP Technology
Nov 2007 – Sep 2008 · 11 mos · On-site
  • Directed infrastructure operations and architecture for hosted enterprise platforms serving 75,000+ users across multiple client environments.
  • Designed hosted Exchange, CRM, and SharePoint systems, and built virtualized and physical data center environments supporting multi-tenant workloads.
  • Led technical teams and infrastructure engineering efforts, strengthening expertise in large-scale hosting environments and service reliability.

IT Manager

USA Mortgage
Jul 2005 – Dec 2007 · 2 yrs 6 mos · St. Louis, MO · On-site
  • Architected and administered enterprise IT infrastructure across multiple financial organizations, including Active Directory, Exchange, Citrix, and SQL Server systems.
  • Designed secure network infrastructure, VPN connectivity, and custom data replication solutions supporting business continuity and disaster recovery.
  • Developed deep expertise in network protocols, system integration, and enterprise platform reliability.

IT Manager

Tecvar
Jun 2003 – May 2005 · 2 yrs · St. Louis, MO · On-site
  • Led engineering teams delivering enterprise infrastructure and security solutions across multiple organizations.
  • Architected secure multi-organization IPSec VPN infrastructure enabling encrypted inter-company connectivity.
  • Designed and deployed metropolitan-scale LAN/WAN network infrastructure across diverse enterprise environments.
  • Developed proprietary real-time data replication and monitoring software.
  • Engineered event-scale infrastructure supporting mission-critical operations.
  • Directed 24/7 network operations center, monitoring, incident response, and infrastructure reliability.

Hosting TAC Engineer

SAVVIS Communications
Dec 2002 – Apr 2003 · 5 mos · St. Louis, MO · On-site
  • Provided operational engineering support for global hosting infrastructure spanning US, UK, and Japan data centers.
  • Executed zero-downtime infrastructure migrations across large-scale production environments.
  • Performed deep system-level troubleshooting, performance analysis, and reliability engineering.
  • Supported enterprise hosting platforms and distributed systems.

Senior Systems Engineer / Project Manager

CDS Office Technologies
Jan 2002 – Nov 2002 · 11 mos · Earth City, MO · On-site
  • Led municipal government infrastructure modernization across multi-site distributed environments including public safety and city administration systems.
  • Architected and executed enterprise directory migration and identity infrastructure transformation.
  • Engineered hybrid fiber and Ethernet network architecture with redundancy and high availability.
  • Administered enterprise messaging, database, and terminal services platforms.
  • Provided multi-tier infrastructure support and incident management.

Senior Consultant

Xerox Connect
Jun 2001 – Jan 2002 · 8 mos · St. Louis, MO · On-site
  • Administered enterprise network and server environments across multi-client infrastructure including messaging systems, directory services, and backup platforms.
  • Engineered and deployed server, network, and storage infrastructure supporting business-critical operations.
  • Developed internal tooling and web-based service management platforms.
  • Provided full-stack infrastructure troubleshooting, incident response, and root-cause analysis.

IT Manager / Senior Developer

Phoenix Networks
Feb 1999 – Apr 2001 · 2 yrs 3 mos · St. Louis, MO
  • Directed a 20-engineer Network Operations Center supporting 10,000+ broadband subscribers, overseeing distributed infrastructure, network reliability, and large-scale service delivery.
  • Architected and developed a custom back-office operations platform integrating provisioning, monitoring, and customer management systems across heterogeneous infrastructure.
  • Engineered telecommunications and IP network infrastructure including routing, NAT, DNS, firewalling, and secure connectivity across multi-protocol environments.
  • Developed database-driven operational software using Visual Basic and SQL Server supporting real-time service management and operational automation.
  • Led full infrastructure lifecycle including deployment, monitoring, troubleshooting, incident response, and operational scaling.
  • Managed technical hiring, training, and engineering leadership for systems and network teams.

Technical Skills

Backend, infrastructure, security, and data β€” with tier reflecting genuine depth, not breadth.

🌐 Drag to rotate β€’ Scroll to zoom β€’ Hover to highlight

πŸ” Skills Search (Real-time filter)
Showing all 0 skills
Popular searches:
Functional Skill Groups (Click to filter)
All Skills
Security/Cryptography
AI/ML
Systems Programming
Frontend/UI
Infrastructure
DevOps/CI-CD
Database/Data
Networking
Monitoring
Business Intelligence
Optimization
Leadership
Compliance/Safety

Professional Certifications & Training

Vendor certifications across infrastructure, middleware, and application-delivery platforms, plus ongoing work in post-quantum cryptography.

πŸ₯

Healthcare Compliance

HIPAA regulatory training & certification

HIPAA Exams (360training) HIPAA for Business Associates Issued Jun 2026 Β· Expires Jun 2027 Β· Credential ID 000042221756 View certificate β†’ Verify credential β†’
🦺

Workplace Health & Safety

OSHA occupational safety training & certification

OSHA (360training) OSHA 10 Hour Outreach Training Program β€” General Industry Completed Jun 2026 Β· 10.00 credit hours Β· 1.0 IACET CEU View certificate β†’
πŸ—οΈ

Enterprise Infrastructure

Professional certifications

SharePoint 20331 Core Solutions Architect
Neverfail NCSE/NCSP/NCA/NCIE Certified
WebFocus Server & Security Administration
Dell Hardware Certified Specialist
🌐

Network & Application Delivery

Application delivery controller and load balancing platform certification

Citrix NetScaler CNS-205 Essentials Certified

Applied Research & Specializations

Areas where I've gone deep β€” implemented in production code that runs today, not just studied.

πŸ”¬

Post-Quantum Cryptography

The implementation work behind PQCrypta β€” building and operating real PQC infrastructure, not just reading the specs.

NIST FIPS 203/204/205 β€” ML-KEM, ML-DSA and SLH-DSA implemented in memory-safe Rust with constant-time operations 31-algorithm suite β€” lattice, code-based (HQC) and hash-based schemes validated by full key-gen β†’ encrypt β†’ decrypt roundtrips Hybrid TLS 1.3 β€” X25519MLKEM768 key exchange terminated at a Rust HTTP/3 reverse proxy Zero-knowledge proofs β€” Groth16 and PLONK proof systems PQC Binary Format v1.0 β€” self-describing interchange container, published to crates.io / PyPI / npm
πŸ€–

AI/ML in Production

Machine learning shipped into live services β€” threat scoring, retrieval and inference running against real traffic.

ML threat detection β€” scikit-learn ensembles (Isolation Forest, Random Forest, LightGBM) with SHAP feature attribution RAG retrieval β€” FAISS vector search with BM25 hybrid retrieval and cross-encoder re-ranking LLM integration β€” Google Gemini 2.5 Flash, served through PyO3 Rust↔Python Persistent learning β€” analyst feedback auto-labels samples for continuous model retraining
πŸ“„

PDF Forensics & Document Security

PQPDF's 47-engine forensic scanner β€” original research into how PDFs are weaponized and how to detect it where commercial tools can't.

47-engine pipeline β€” structural, dynamic, ML and behavioural analysis culminating in an AI synthesis stage that produces a MITRE ATT&CK-mapped verdict Sandbox detonation β€” 6 PDF renderers under 4-layer Linux namespace isolation with strace syscall capture (no VM, no external network) JavaScript deobfuscation β€” Acorn AST analysis plus an instrumented Node VM with an Acrobat API stub to defeat sandbox evasion Structural forensics β€” XFA FormCalc analysis, shadow-document (post-signature) detection and differential 6-parser consensus Local threat intelligence β€” ~6M malware / URL indicators in PostgreSQL with zero external upload, plus YARA and ClamAV

Open Source Projects

Open-source tools and libraries I author and maintain.

πŸ”’

HMAC Circuit Breaker

Creator & Maintainer

Security-focused Rust circuit breaker crate with HMAC-SHA256 protected on-disk state. Addresses the question most circuit breaker libraries never ask: what happens if someone writes a plausible-looking state file with every circuit tripped? This crate adds HMAC-SHA256 integrity to persisted state and makes a deliberate security decision: fail-open (clear all circuits) rather than fail-closed (block all traffic) on tamper detection. That single choice prevents an attacker from weaponizing the circuit breaker as a denial-of-service amplifier. Includes Axum tower::Layer middleware for per-service circuit enforcement at the request boundary. Designed for security-sensitive services where the state file is on shared or world-writable storage, or where a separate health-check process writes state. Published on crates.io and docs.rs.

HMAC-SHA256 State Integrity
Fail-Open Security Decision
Axum tower::Layer
crates.io Published
Atomic Writes
Rust 1.75+
πŸ“Š

PQCrypta Collector

Creator & Maintainer

Async Rust metrics collector, log ingestion engine, and intelligence layer for production infrastructure. Single-binary Rust service that scrapes system, process, application, and database metrics on configurable intervals; ingests logs from 13 sources with structured parsing; writes everything to PostgreSQL with batched inserts; performs time-series aggregation and retention; runs statistical anomaly detection with SLO tracking and actionable recommendations; and provides disk-backed durable queuing with cardinality protection. Runs as a systemd service monitoring 570+ endpoints. Architecture: six concurrent ticks (sys, app, log, intel, agg, watchdog) coordinated via tokio::select! event hub with 10-second to 5-minute intervals. Includes a health-check binary that performs full cryptographic workflow validation (key generation, encryption, decryption) for all 31 algorithms on every run.

Async Rust / Tokio
13 Log Sources
SLO Tracking
570+ Endpoints
Anomaly Detection
Disk-Backed Queue
🌐

wtransport-patched

Upstream Bug Fix Contribution

Patched build of wtransport 0.7.0 fixing a close_reason() race condition panic in WebTransport connections. Diagnosed a race condition in the upstream wtransport crate where concurrent close operations on a WebTransport session could trigger a panic in close_reason(). Published a patched version for immediate production use while contributing the fix back upstream. Demonstrates ability to diagnose and resolve race conditions in async Rust concurrency code at the library level β€” not just using libraries but fixing them when they have correctness bugs in production.

Async Rust
Race Condition Fix
WebTransport
Upstream Contribution
QUIC / HTTP/3

Get in Touch

Open to senior/staff backend, systems/infrastructure, DevOps, or security roles. Remote preferred.

πŸ“§

Email

allan@pqcrypta.com
πŸ“±

Phone

(636) xxx-xxxx
πŸ“

Location

** ******* *** **
St Paul, Missouri 63366
πŸ’Ό

LinkedIn

Allan R
🌐

stlweb.dev

Infrastructure-First Web Platform
πŸ“„

PQPDF

Server-Side PDF Platform
πŸ€–

Contact Form

AI Human Validation
Submit Message
Available for new opportunities