/Recent content in Home on Arian Svirsky | DevOps EngineeringHugoen/experience/descope/Mon, 01 Jan 0001 00:00:00 +0000/experience/descope/<p><strong>Descope</strong> — identity and authentication infrastructure</p> <p>Part of the platform team behind an auth product that processes millions of requests per day across 4 global regions. My remit is the boring but load-bearing part: the infra stays up, the deploys stay boring, and production never surprises us.</p> <h3 id="scale--surface-area">Scale &amp; surface area</h3> <ul> <li><strong>25+ microservices</strong> in one platform, running simultaneously on <strong>AWS (primary) and GCP</strong></li> <li><strong>4 regions</strong>, each a fully independent production environment</li> <li><strong>Millions of auth requests/day</strong> across customer workloads</li> <li><strong>TypeScript + Pulumi</strong> as the IaC substrate — every cluster, every service, every env</li> </ul> <h3 id="what-i-own-and-drive">What I own and drive</h3> <p><strong>Reliability &amp; observability</strong> — Full Datadog footprint (APM, structured logs, dashboards, SLOs) across every region. I build and maintain the dashboards on-call actually uses, set the SLO targets for services I own, and drive the runbook standard for infra-level incidents. When latency creeps in Singapore, we see it before customers do.</p>/experience/paloalto/Mon, 01 Jan 0001 00:00:00 +0000/experience/paloalto/<p><strong>Palo Alto Networks</strong> (Cortex XSOAR, formerly Demisto) — 6 years</p> <p>Joined Demisto as a DevOps Engineer, stayed through the Palo Alto Networks acquisition, left as <strong>Principal DevOps Engineer</strong>. Led infrastructure architecture and mentored a growing DevOps team through a startup-to-enterprise transition.</p> <h3 id="the-hard-problem-docker-in-docker-on-kubernetes">The hard problem: Docker-in-Docker on Kubernetes</h3> <p>Cortex XSOAR is a SOAR product — it runs customer automation playbooks inside Docker containers. When we moved from EC2 to Kubernetes, I led the design of how to securely run Docker-in-Docker inside Kubernetes pods.</p>/experience/previous/Mon, 01 Jan 0001 00:00:00 +0000/experience/previous/<p><strong>2014–2018</strong> — inManage, Interhost Networks, Calanit</p> <p>Before Kubernetes existed in my vocabulary, I was managing Linux servers, configuring DNS zones, hardening firewalls, and writing Bash scripts that are probably still running somewhere.</p> <p><strong>Interhost Networks</strong> was web hosting infrastructure — hundreds of customer sites, shared servers, the kind of environment where you learn DNS, SSL, and Apache configuration by necessity. When something broke at 2am, there was no Kubernetes self-healing. You SSH&rsquo;d in and fixed it.</p>/about/Mon, 01 Jan 0001 00:00:00 +0000/about/<p><img alt="Arian Svirsky" src="/images/arian.png"></p> <p>Staff-level DevOps / Infrastructure Engineer with 10+ years of hands-on experience. Specialized in Kubernetes, multi-cloud platforms, and production systems at scale. I&rsquo;ve led infrastructure design at two very different companies — a unicorn identity startup and an enterprise security product — and taken both from &ldquo;it works&rdquo; to &ldquo;it scales, it&rsquo;s observable, and it doesn&rsquo;t wake anyone up.&rdquo;</p> <p>Started in tech support in 2014. Moved to Linux administration, then hosting infrastructure, then eCommerce platforms, then Docker, then Kubernetes, then owning multi-cloud platforms end-to-end. Each step was a deliberate climb toward harder problems and more ownership.</p>/projects/this-site/Mon, 01 Jan 0001 00:00:00 +0000/projects/this-site/<p>A personal website that runs on the same infrastructure patterns I use in production — but tuned to cost less than a coffee per month instead of a small car.</p> <h3 id="how-it-works">How it works</h3> <pre tabindex="0"><code> git push → GitHub Actions → Artifact Registry → Cloud Run (lint, test, build) (Docker images) (serverless, scales to zero) </code></pre><p>Push code → GitHub Actions lints + tests + builds Docker images → pushes to Google Artifact Registry → deploys both services to Cloud Run via <code>gcloud run deploy</code>. End-to-end in a few minutes. Auth to GCP is keyless (Workload Identity Federation).</p>/stats/Mon, 01 Jan 0001 00:00:00 +0000/stats//skills/overview/Mon, 01 Jan 0001 00:00:00 +0000/skills/overview/<p>Not a checklist — these are things I actually use in production and have opinions about.</p> <h2 id="kubernetes">Kubernetes</h2> <p>EKS, GKE — I&rsquo;ve run clusters on both. Helm for packages, Kustomize for overlays, ArgoCD for GitOps. Opinions: Autopilot is great until you need node-level access. Managed node groups are the sweet spot for most teams.</p> <h2 id="infrastructure-as-code">Infrastructure as Code</h2> <p>Terraform for cloud resources (modules, remote state, workspaces). Pulumi when the team prefers real programming languages over HCL. I&rsquo;ve used both in production and can argue for either depending on the context.</p>