Allan Riddel
Senior Systems & Infrastructure Engineer | Full-Stack Developer | Security Specialist
Professional Summary
35+ years designing, operating, and troubleshooting enterprise infrastructure across manufacturing, financial services, healthcare, insurance, hosting, and telecom.
Most recently: 8+ years as Lead Middleware Engineer at Reinsurance Group of America β senior escalation point for complex distributed failures across mission-critical systems internationally. Architected global observability on Datadog, built CI/CD pipelines with Jenkins and BuildMaster, and kept high-availability infrastructure running across IIS, F5 BIG-IP, Citrix NetScaler, and distributed application tiers.
Currently: architecting, deploying, and operating an independent security infrastructure platform from the ground up β HTTP/3 reverse proxy with hybrid TLS, protocol analysis tooling, WAF, bot detection pipelines, and a forensic document security platform listed in the NIST Computer Forensics Tools & Techniques (CFTT) Catalog. No team, no vendor support β I built and operate the full stack.
Root Cause Analysis & Systems Troubleshooting
Senior escalation across enterprise environments, tracing failures through every layer β application logic, SQL, middleware, authentication, and infrastructure β to the actual cause, not just the symptom, then fixing it at the architecture level so it doesn't recur. At RGA I was the top escalation point for international offices, routinely tracing root causes beyond vendor diagnostics across multi-tier, multi-country systems.
PQCrypta β Built from Scratch, Running in Production
Designed and built PQCrypta end-to-end β a live platform running right now at pqcrypta.com, deployed on infrastructure I set up and maintain. Source at github.com/PQCrypta. Live, verifiable capabilities:
- 31 NIST-aligned post-quantum algorithms (ML-KEM-1024, ML-DSA-87, FN-DSA, SLH-DSA, HQC) with full key-generation β encryption β decryption roundtrip validation
- Memory-safe Rust backend on Axum/Tokio: 500+ REST endpoints, HTTP/3 WebTransport (Quinn), PostgreSQL with Redis caching, OAuth2/WebAuthn/TOTP authentication
- Python ML pipeline for bot and threat detection: TLS/JA3 fingerprinting, behavioral analysis, honeypots, scikit-learn ensemble classification, RAG chatbot (FAISS + BM25 hybrid search)
- Hybrid TLS 1.3 (X25519MLKEM768), custom WAF with OWASP Top 10 coverage and threat-intelligence feeds, automated cron health checks
- Observability stack: structured logging, latency percentiles, SLO tracking with error budgets, and Z-score anomaly detection across the platform's endpoints
Open Source β github.com/PQCrypta
- pqcrypta-proxy β Rust HTTP/3/QUIC reverse proxy: hybrid post-quantum TLS (X25519MLKEM768), JA3/JA4 fingerprinting, HMAC-secured circuit breakers, 6 load-balancing algorithms, GeoIP blocking, WAF, ACME automation, Prometheus metrics
- PQC Binary Format v1.0 β Standardized self-describing binary format for PQC data interchange: 47 algorithms, 6 language bindings (Rust, Python, JS/WASM, Go, C/C++). Published on crates.io, PyPI, and npm
- hmac-circuit-breaker β Security-focused Rust circuit breaker crate: HMAC-SHA256 on-disk state integrity, fail-open tamper semantics, Axum tower::Layer middleware. Published on crates.io
- pqcrypta-collector β Async Rust metrics collector and intelligence layer: multiple log sources, SLO tracking, statistical anomaly detection, disk-backed durable queuing
- secure-pdf-tools β PQPDF backend: 45+ server-side PDF tools. Source: github.com/PQCrypta/secure-pdf-tools
What I'm Good At
- Infrastructure & systems engineering β Linux, Windows Server, IIS, Apache, F5 BIG-IP, Citrix NetScaler
- Observability & monitoring β Datadog, custom telemetry, anomaly detection, real-time dashboards
- High availability & DR β load balancing, failover, disaster recovery design
- Security engineering β TLS, WAF, threat detection, JA3/JA4 fingerprinting, protocol analysis
- DevOps & CI/CD β Jenkins, BuildMaster, deployment automation, reliability engineering
- Root cause analysis β tracing distributed failures through every layer until I find the actual problem
- NOC operations β escalation engineering, 24/7 environments, multi-region coordination
Open to senior roles in systems/infrastructure, SRE, NOC, or security engineering β full-time or contract, remote or hybrid.
Everything Is Live β See It Right Now
PQCrypta, PQPDF, and stlweb.dev are real, maintained platforms running in production β not slide decks. The proxy is handling traffic, the collector is tracking SLOs against real data, and the ML pipeline classifies requests in real time. pqcrypta.com is verifiable evidence: working API endpoints, 31 cryptographic algorithms with full roundtrip validation, a WAF blocking real attacks, and end-to-end observability. When something breaks, I trace it through the stack to root cause and fix it.
What I bring that is hard to find in one person: I can write the backend code, set up and administer the servers it runs on, diagnose why it broke at 2am, build the monitoring that tells you it is breaking, and ship the frontend that lets people use it. I am as comfortable in a Linux shell as in VS Code, as comfortable with SQL schema design as with TLS handshake debugging.
Everything is publicly accessible:
- stlweb.dev: stlweb.dev
- PQPDF Platform: pqpdf.com
- PQPDF Source: github.com/PQCrypta/secure-pdf-tools
- PQCrypta Platform: pqcrypta.com
- HTTP/3 / QUIC / WebTransport Analyzer: pqcrypta.com/http3-quic
- Live Monitoring Dashboard: pqcrypta.com/monitor
- Proxy documentation: pqcrypta.com/pqcproxy/
- GitHub (all repos): github.com/PQCrypta
- pqcrypta-proxy source: github.com/PQCrypta/pqcrypta-proxy
- PQC Binary Format source: github.com/PQCrypta/pqcrypta-community
- HMAC Circuit Breaker source: github.com/PQCrypta/HMAC-protected-circuit-breaker
- PQC Binary Format on crates.io: crates.io/crates/pqc-binary-format
- HMAC Circuit Breaker on crates.io: crates.io/crates/hmac-circuit-breaker
Experience
Over three decades building and operating production systems.
Principal Systems Architect
- Built a production security and infrastructure platform from scratch β no existing codebase, no team, no vendor support. Provisioned all infrastructure, designed the network and protocol architecture, and operate everything end to end.
- Stood up an HTTP/3 / QUIC reverse proxy with hybrid TLS termination, ACME certificate automation, OCSP stapling, JA3/JA4 fingerprinting, GeoIP enforcement, WAF, and circuit breaking β running in production 24/7.
- Designed and operate a REST API platform across 500+ endpoints backed by PostgreSQL and Redis; built observability pipelines monitoring live TLS handshakes, transport behavior, and anomaly signals across the full stack.
- Engineered ML-based bot classification and threat-detection pipelines; operate with no external ops support.
- Forensic document security platform (PQPDF) listed in the NIST Computer Forensics Tools & Techniques (CFTT) Catalog. Open-source infrastructure components published on GitHub.
Lead Middleware Engineer
- Senior escalation engineering lead for mission-critical enterprise systems globally at a global reinsurance company.
- Served as top-tier escalation point for complex infrastructure failures, routinely tracing root causes beyond vendor diagnostics across multi-tier, multi-country distributed systems.
- Architected global observability platform using Datadog: real-time dashboards, distributed tracing, performance baselines, and proactive anomaly alerting.
- Designed and supported SharePoint, SSAS, SSRS, and PowerPivot enterprise platforms; built and maintained automated deployment pipelines using Jenkins and BuildMaster.
- Engineered high-availability web infrastructure on IIS/Apache/Tomcat and F5 BIG-IP: load balancing, failover, disaster recovery, and traffic management.
- Developed infrastructure automation and remediation tooling, reducing manual intervention and improving operational reliability.
- Provided technical leadership across diverse Linux and Windows environments including networking, authentication, and cross-platform integration.
Lead Web & Frameworks Engineer
- Delivered engineering leadership for enterprise middleware and application delivery infrastructure supporting global insurance systems.
- Performed deep root cause analysis across distributed web applications, load balancing layers, and backend services.
- Contributed to observability improvements, deployment automation, and infrastructure reliability across IIS and enterprise application environments.
System Engineer
- Designed and supported high-availability web and application infrastructure: IIS, Tomcat, SQL Server, and Citrix NetScaler for mission-critical financial platforms.
- Architected load-balanced application delivery, database high-availability (HA/DR), and disaster recovery solutions.
- Performance-optimized distributed backend systems supporting trading and financial services operations.
Senior Business Systems Administrator
- Administered enterprise application and database infrastructure: WebSphere, SQL Server, SharePoint, and ERP systems supporting healthcare operations.
- Designed and implemented high-availability clustering, VMware virtualization, and enterprise backup/recovery systems.
- Led infrastructure improvements across application, database, and network layers.
Director of Operations
- Directed infrastructure operations and architecture for hosted enterprise platforms serving 75,000+ users across multiple client environments.
- Designed hosted Exchange, CRM, and SharePoint systems, and built virtualized and physical data center environments supporting multi-tenant workloads.
- Led technical teams and infrastructure engineering efforts, strengthening expertise in large-scale hosting environments and service reliability.
IT Manager
- Architected and administered enterprise IT infrastructure across multiple financial organizations, including Active Directory, Exchange, Citrix, and SQL Server systems.
- Designed secure network infrastructure, VPN connectivity, and custom data replication solutions supporting business continuity and disaster recovery.
- Developed deep expertise in network protocols, system integration, and enterprise platform reliability.
IT Manager
- Led engineering teams delivering enterprise infrastructure and security solutions across multiple organizations.
- Architected secure multi-organization IPSec VPN infrastructure enabling encrypted inter-company connectivity.
- Designed and deployed metropolitan-scale LAN/WAN network infrastructure across diverse enterprise environments.
- Developed proprietary real-time data replication and monitoring software.
- Engineered event-scale infrastructure supporting mission-critical operations.
- Directed 24/7 network operations center, monitoring, incident response, and infrastructure reliability.
Hosting TAC Engineer
- Provided operational engineering support for global hosting infrastructure spanning US, UK, and Japan data centers.
- Executed zero-downtime infrastructure migrations across large-scale production environments.
- Performed deep system-level troubleshooting, performance analysis, and reliability engineering.
- Supported enterprise hosting platforms and distributed systems.
Senior Systems Engineer / Project Manager
- Led municipal government infrastructure modernization across multi-site distributed environments including public safety and city administration systems.
- Architected and executed enterprise directory migration and identity infrastructure transformation.
- Engineered hybrid fiber and Ethernet network architecture with redundancy and high availability.
- Administered enterprise messaging, database, and terminal services platforms.
- Provided multi-tier infrastructure support and incident management.
Senior Consultant
- Administered enterprise network and server environments across multi-client infrastructure including messaging systems, directory services, and backup platforms.
- Engineered and deployed server, network, and storage infrastructure supporting business-critical operations.
- Developed internal tooling and web-based service management platforms.
- Provided full-stack infrastructure troubleshooting, incident response, and root-cause analysis.
IT Manager / Senior Developer
- Directed a 20-engineer Network Operations Center supporting 10,000+ broadband subscribers, overseeing distributed infrastructure, network reliability, and large-scale service delivery.
- Architected and developed a custom back-office operations platform integrating provisioning, monitoring, and customer management systems across heterogeneous infrastructure.
- Engineered telecommunications and IP network infrastructure including routing, NAT, DNS, firewalling, and secure connectivity across multi-protocol environments.
- Developed database-driven operational software using Visual Basic and SQL Server supporting real-time service management and operational automation.
- Led full infrastructure lifecycle including deployment, monitoring, troubleshooting, incident response, and operational scaling.
- Managed technical hiring, training, and engineering leadership for systems and network teams.
Technical Skills
Backend, infrastructure, security, and data β with tier reflecting genuine depth, not breadth.
π Drag to rotate β’ Scroll to zoom β’ Hover to highlight
π¬ Post-Quantum Cryptography & Security
π€ AI/ML & Advanced Analytics
β‘ Systems Programming & Performance
π Frontend & 3D Graphics
ποΈ Enterprise Infrastructure & Middleware
π DevOps & CI/CD
πΎ Database & Data Management
π Network & Security
π Monitoring & Observability
π Business Intelligence
π§ Compression & Optimization
π Leadership & Management
π‘οΈ Compliance, Safety & Regulatory
Professional Certifications & Training
Vendor certifications across infrastructure, middleware, and application-delivery platforms, plus ongoing work in post-quantum cryptography.
Healthcare Compliance
HIPAA regulatory training & certification
Workplace Health & Safety
OSHA occupational safety training & certification
Enterprise Infrastructure
Professional certifications
Network & Application Delivery
Application delivery controller and load balancing platform certification
Applied Research & Specializations
Areas where I've gone deep β implemented in production code that runs today, not just studied.
Post-Quantum Cryptography
The implementation work behind PQCrypta β building and operating real PQC infrastructure, not just reading the specs.
AI/ML in Production
Machine learning shipped into live services β threat scoring, retrieval and inference running against real traffic.
PDF Forensics & Document Security
PQPDF's 47-engine forensic scanner β original research into how PDFs are weaponized and how to detect it where commercial tools can't.
Open Source Projects
Open-source tools and libraries I author and maintain.
PQC Binary Format
Creator & MaintainerA self-describing binary container for post-quantum cryptography data interchange. Tackles the interoperability gap where PQC implementations can't read each other's output because of proprietary formats. The algorithm-agnostic container supports 47 cryptographic algorithms, including the NIST FIPS 203/204/205 standards (ML-KEM, ML-DSA, SLH-DSA) plus HQC. Self-describing metadata supports long-term archival β data encrypted today stays decryptable later without external documentation β and crypto-agility allows algorithm migration as standards evolve. Native bindings published across 6 languages (Rust, Python, JavaScript/WASM, Go, C, C++) on crates.io, PyPI, and npm, so data encrypted in one language decrypts in another.
Published Packages
PQCrypta Proxy
Creator & MaintainerThe only HTTP/3 reverse proxy with integrated Post-Quantum Cryptography TLS. Combines cutting-edge protocols (HTTP/3, QUIC, WebTransport) with hybrid PQC key exchange (X25519MLKEM768, NIST Level 3) in a single production-ready binary with 130 passing tests. Solves the corporate NAT problemβwhere thousands of users share one gateway IPβusing JA3/JA4 TLS fingerprinting to identify individual clients before TLS handshake completes, enabling early blocking of malicious actors. Features multi-dimensional rate limiting with composite keys (IP + JA3 + JWT + Path) and ML-inspired adaptive baseline anomaly detection that learns normal traffic patterns. Single unified UDP listener handles both HTTP/3 and WebTransport sessions. Implements RFC 9218 Priority Hints, 103 Early Hints, request coalescing, six load balancing algorithms with slow start/connection draining, and complete ACME/OCSP automation. Three TLS modes (Terminate, Re-encrypt with mTLS, SNI Passthrough) configurable per-route.
Technology Stack
HMAC Circuit Breaker
Creator & MaintainerSecurity-focused Rust circuit breaker crate with HMAC-SHA256 protected on-disk state. Addresses the question most circuit breaker libraries never ask: what happens if someone writes a plausible-looking state file with every circuit tripped? This crate adds HMAC-SHA256 integrity to persisted state and makes a deliberate security decision: fail-open (clear all circuits) rather than fail-closed (block all traffic) on tamper detection. That single choice prevents an attacker from weaponizing the circuit breaker as a denial-of-service amplifier. Includes Axum tower::Layer middleware for per-service circuit enforcement at the request boundary. Designed for security-sensitive services where the state file is on shared or world-writable storage, or where a separate health-check process writes state. Published on crates.io and docs.rs.
Published Packages
PQCrypta Collector
Creator & MaintainerAsync Rust metrics collector, log ingestion engine, and intelligence layer for production infrastructure. Single-binary Rust service that scrapes system, process, application, and database metrics on configurable intervals; ingests logs from 13 sources with structured parsing; writes everything to PostgreSQL with batched inserts; performs time-series aggregation and retention; runs statistical anomaly detection with SLO tracking and actionable recommendations; and provides disk-backed durable queuing with cardinality protection. Runs as a systemd service monitoring 570+ endpoints. Architecture: six concurrent ticks (sys, app, log, intel, agg, watchdog) coordinated via tokio::select! event hub with 10-second to 5-minute intervals. Includes a health-check binary that performs full cryptographic workflow validation (key generation, encryption, decryption) for all 31 algorithms on every run.
wtransport-patched
Upstream Bug Fix ContributionPatched build of wtransport 0.7.0 fixing a close_reason() race condition panic in WebTransport connections. Diagnosed a race condition in the upstream wtransport crate where concurrent close operations on a WebTransport session could trigger a panic in close_reason(). Published a patched version for immediate production use while contributing the fix back upstream. Demonstrates ability to diagnose and resolve race conditions in async Rust concurrency code at the library level β not just using libraries but fixing them when they have correctness bugs in production.
Get in Touch
Open to senior/staff backend, systems/infrastructure, DevOps, or security roles. Remote preferred.
Phone
(636) xxx-xxxxLocation
St Paul, Missouri 63366