Resume

William Hearn
Senior Cloud Architect (IT-04)
Government of Canada
Ottawa, Ontario
Security Clearance: Secret (Level II)
Language Profile: BBB

Education

Carleton University

Honours Bachelor of Computer Science

Sep 2006 - Aug 2010

Completed an Honours Bachelor of Computer Science with a minor in Psychology, with academic focus in human-computer interaction and project work in Carleton’s HCI lab.

Algonquin College

Game Development Program

Sep 2004 - Jun 2006

Completed two years of a three-year Game Development program before transferring into the Bachelor of Computer Science program at Carleton University.

Executive Summary

Senior Cloud and Platform Architect (IT-04) with over 15 years of experience designing, securing, and operating large-scale cloud-native platforms across the Government of Canada.

Specializes in Kubernetes, CNCF-aligned technologies, DevSecOps, zero trust networking, platform governance, and secure software supply chain modernization.

Technical lead and contributor to government-wide modernization initiatives, including:

• Aurora: Unified application hosting and Kubernetes platform modernization
• GC Secure Artifacts (GCSA): Secure artifact management and software supply chain modernization
• Chainguard: Hardened container images made available to the entire Government of Canada

Designed and operated secure multi-tenant Kubernetes platforms supporting Government of Canada workloads, including collaboration with cybersecurity teams to achieve Authority to Operate (ATO).

Combines hands-on platform engineering with enterprise governance, developer enablement, procurement support, and interdepartmental delivery.

Areas of Expertise

• Cloud Native Platforms: Kubernetes, OpenShift, k3s, Argo CD (GitOps), Helm, Kubeflow, Kubebuilder, Operator Framework
• Networking and Security: Cilium, eBPF, Tetragon, Istio, Vault
• Platform Tooling: Backstage, Prometheus Operator, Grafana, Loki, cert-manager, trust-manager, Velero
• Infrastructure as Code: Terraform, OpenTofu, configuration-as-code, GitOps-based environment provisioning
• DevSecOps: JFrog Platform, Chainguard, GitHub Actions, GitLab CI/CD, Azure DevOps
• Operating Systems: Linux, Flatcar, Alpine, Debian/Ubuntu, RHEL

Work Experience

Shared Services Canada

Senior Cloud Architect (IT-04)

Sep 2024 - Present

Senior Cloud Architect within GC Cloud One focused on Kubernetes platform engineering, managed Kubernetes offerings, and secure software supply chain initiatives across the Government of Canada.

Provide technical leadership across Aurora, GC Secure Artifacts (GCSA), Chainguard container security adoption, and Kubernetes platform initiatives, including collaboration with DND and the Joint Defence Cloud Program (JDCP).

Aurora Initiative

• Lead contributor to Aurora, a Government of Canada initiative establishing a unified application hosting model across managed Kubernetes offerings and cloud-native environments
• Define platform operating models, governance approaches, and guardrails for secure multi-tenant application hosting across departments
• Design architecture patterns emphasizing GitOps, zero trust networking, workload portability, and platform interoperability
• Design and maintain Aurora platform charts, deployment templates, and Kubernetes abstractions for standardized GitOps-based delivery
• Contribute to roadmap planning, modernization strategies, architectural decision records, onboarding models, and reusable deployment standards
• Provide senior management with technical advice and options analysis on Kubernetes platform architecture and secure software supply chain modernization
• Support integration of core platform services including Argo CD, Cilium, Istio, Vault, Artifactory, GitLab, and observability tooling
• Evaluate CNCF-aligned technologies for interoperability, security, operational maturity, and fit within Government of Canada Kubernetes environments
• Support repeatable Aurora environment provisioning through infrastructure-as-code patterns using Terraform and OpenTofu

Department of National Defence and Joint Defence Cloud Program (JDCP)

• Work with DND stakeholders and JDCP teams to align Aurora onboarding and operating models for defence cloud environments
• Support integration planning for Aurora platform architecture within Enterprise Landing Zone (ELSZ) environments across SSC and DND cloud tenants
• Develop onboarding approaches for mission-focused workloads in security-sensitive government environments
• Design and support early Kubeflow-based analytics and AI/ML capabilities, including notebooks, pipelines, and model serving via KServe, for mission-focused workloads within DND tenant environments
• Support early planning and deployment of MapleForge, a DND JFrog Enterprise+ artifact management capability aligned to GC Secure Artifacts (GCSA) patterns
• Collaborate on zero trust networking, GitOps, workload isolation, and platform governance

GC Secure Artifacts

• Contribute to GC Secure Artifacts (GCSA), a centralized Government of Canada DevSecOps initiative for secure artifact management and software supply chain modernization
• Develop enterprise artifact management approaches using JFrog Enterprise+, including Artifactory for container and package repositories, Xray for security scanning, and Curation for policy-based package governance
• Support centralized artifact consumption patterns that reduce departmental duplication and improve traceability across the software development lifecycle
• Provide onboarding guidance, examples, and reusable CI/CD patterns for departments consuming centralized container images and software artifacts
• Support procurement-related technical evaluations covering vulnerability management, provenance, artifact governance, package repository support, curation policies, and container image promotion workflows

Chainguard Container Security Initiative

• Contribute to Government of Canada adoption of Chainguard hardened container images to reduce baseline CVE exposure and improve container security posture
• Participate in procurement-related technical evaluations for hardened container images, licensing considerations, and secure-by-default software supply chain approaches
• Guide departments in evaluating hardened image strategies for Kubernetes workloads, CI/CD pipelines, and platform delivery patterns
• Support integration patterns for consuming Chainguard images through GC Secure Artifacts (GCSA) pull-through repositories

Platform Engineering and Kubernetes Operations

• Operate and maintain Statistics Canada’s Cloud Native Platform (CNP), a production Kubernetes platform supporting SDLC environments and 50+ solution builder workloads since 2018
• Design and maintain Aurora platform charts that orchestrate GitOps-based deployment of platform, application, and management components using Helm, Argo CD Applications, and the Argo CD Operator
• Advance zero trust networking and workload isolation using Cilium, eBPF-based policy enforcement, and Istio service mesh capabilities
• Develop custom Kubernetes operators and controllers using Kubebuilder to extend platform automation and operational workflows
• Guide departments through application modernization involving containerization, CI/CD automation, platform standardization, and Kubernetes operating models

Community Leadership and Interdepartmental Collaboration

• Founded and continue to grow the Aurora cloud-native community across the Government of Canada, connecting platform engineers and solution builder teams across departments
• Organize recurring interdepartmental meetups and technical discussions focused on Kubernetes, platform engineering, zero trust, and secure software supply chain modernization
• Deliver presentations and technical workshops to executive stakeholders, enterprise architects, operational teams, and cloud-native practitioners
• Contribute to public government repositories supporting reusable Kubernetes platform charts, GitOps patterns, and cloud-native platform components

Statistics Canada

Senior Cloud Architect (IT-04)

Nov 2019 - Sep 2024

Senior Cloud Architect with the Cloud Native Solutions (CNS) team, responsible for operating, securing, and modernizing Statistics Canada’s Kubernetes-based Cloud Native Platform (CNP).

Cloud Native Platform Modernization

• Modernized CNP 2.0 across architecture, security, networking, observability, and GitOps delivery
• Worked with the Cyber Security Division (CSD) to obtain Authority to Operate (ATO) for CNP 2.0
• Supported independent security audits, penetration testing, and Security Assessment and Authorization activities
• Led adoption of Argo CD as the platform’s GitOps deployment model
• Strengthened platform networking and workload isolation using Cilium, network policies, and Istio service mesh capabilities
• Supported Kubernetes platform upgrades, component lifecycle management, and operational maintenance across production and SDLC environments
• Supported roadmap planning and backlog prioritization for platform modernization, operational improvements, and solution builder onboarding needs
• Implemented inherited platform controls to reduce security and compliance burden for solution builder teams during SA&A

Application Migration and Platform Adoption

• Managed migration of 50+ applications to CNP 2.0 across production and SDLC environments
• Supported migration of high-profile Statistics Canada services, including the main website and business-critical application workloads, onto CNP
• Identified application network flows and produced supporting network architecture diagrams
• Completed Workload Intake Forms (WIFs), change requests, and migration planning documentation
• Managed multi-layer firewall and network policy changes using configuration-as-code patterns across Kubernetes and Fortigate environments
• Coordinated deployment updates, migration readiness, and post-migration validation with solution builder teams
• Provided platform support and advisory services to solution builder teams using CNP for application delivery

Advanced Analytics and Kubeflow

• Built an advanced analytics environment on CNP using Kubeflow deployed through Argo CD
• Created custom container images for SAS, RStudio, Jupyter Notebook, and analytics workloads
• Developed custom controllers to extend Kubeflow and support machine learning automation workflows

Developer Experience and Platform Services

• Standardized onboarding patterns for solution builder teams adopting Kubernetes, GitOps, and DevSecOps practices
• Contributed to product and service definition for CNP, including support models, onboarding expectations, platform responsibilities, and shared responsibility guidance
• Improved CI/CD and GitOps workflows using GitLab CI, Argo CD, Helm, and Artifactory
• Integrated platform services including Artifactory, Vault, GitLab CI, Argo CD, and observability tooling
• Evaluated Backstage as a potential internal developer portal to improve self-service onboarding
• Provided technical guidance on solution design, containerization, deployment patterns, and platform guardrails

Cloud Architect (IT-03)

Jun 2018 - Dec 2019

Cloud Architect with the Enterprise Cloud Services Division (ECSD), focused on establishing Kubernetes and CNCF-aligned technologies as a secure application hosting model for Statistics Canada.

Cloud Native Platform Foundation

• Built an enterprise Protected B Cloud Native Platform using Kubernetes and CNCF-aligned technologies
• Worked with the Cyber Security Division (CSD) to obtain interim Authority to Operate (iATO)
• Completed Security Assessment and Authorization evidence, including security control responses and platform documentation
• Created a Concept of Operations document describing platform operations, support, governance, onboarding, and shared responsibility
• Designed, deployed, secured, and operated Kubernetes clusters across SDLC environments
• Used infrastructure-as-code and configuration-as-code practices to support repeatable platform operations

Platform Services and Application Onboarding

• Deployed and maintained horizontal platform services including Artifactory, Argo CD, GitLab CI, Jira, Confluence, and Vault
• Supported solution builder teams adopting containerization, DevSecOps, and distributed application patterns
• Created onboarding guidance, reusable templates, and deployment examples across multiple technology stacks
• Assisted teams with application deployment using Helm, Kustomize, GitLab CI, and Kubernetes manifests

Knowledge Sharing and Open Source

• Presented cloud-native platform work at Government of Canada events including Stratosphere
• Delivered cloud-native training through the Canada School of Public Service Digital Academy
• Open sourced reusable platform work through GC Accelerators and Statistics Canada GitHub organizations
• Supported interdepartmental knowledge sharing on Kubernetes, DevSecOps, and cloud-native application delivery

Senior Web Developer / Technical Architect (IT-03)

Jun 2011 - Jun 2018

Technical Architect within the Statistics Canada WCMS team, focused on open source web platforms, Drupal, search, content delivery, and Government of Canada web standards.

• Contributed to the Government of Canada Open Data platform at open.canada.ca and Drupal WxT, a government-wide Drupal distribution used across federal web properties
• Integrated Drupal with Solr, Views, CKAN, REST services, and GIS mapping capabilities to support search, data discovery, and content integration
• Supported development of the New Dissemination Model for statcan.gc.ca, improving user experience, information architecture, and access to statistical information
• Led and supported migration of Statistics Canada’s main website to Drupal and later Drupal 8, including migration and cleansing of 100,000+ HTML pages
• Implemented secure content staging patterns using REST, UUIDs, and structured deployment workflows
• Maintained WCAG 2.0 AA compliance, Government of Canada web standards, multilingual support, GitLab CI workflows, security updates, root cause analysis, and production issue resolution

Open Plus

Technical Consultant

Sep 2010 - Present

Part-time consultant with Open Plus, supporting Drupal-based service delivery platforms, Kubernetes/OpenShift deployments, GitOps workflows, CI/CD automation, and secure artifact management for government and enterprise clients.

Government Web Platform Modernization

• Operate and support containerized government web platforms, including Recalls Canada / RSAMS and Canadian Air Transport Security Authority (CATSA) environments
• Supported development and modernization of Drupal-based web platform solutions for BC Government and Alberta Health Services environments
• Guide containerization and Kubernetes/OpenShift deployment patterns for Drupal-based public sector services
• Support Helm-based application delivery, CI/CD modernization, GitOps workflows, and platform reliability improvements
• Troubleshoot production and pre-production issues across application containers, ingress, PHP-FPM, NGINX, PostgreSQL, Solr, and Kubernetes platform dependencies

OpenShift and GitOps Delivery

• Support application onboarding and deployment patterns across BC Government and Alberta Health Services OpenShift environments
• Develop GitOps delivery models using the OpenShift GitOps Operator / Argo CD, Helm, Kustomize, and tenant-managed GitOps repositories
• Configure GitOpsTeam-based access patterns and tenant GitOps repository workflows for OpenShift project sets
• Create and refine Argo CD Application manifests for Helm-based application deployments across the SDLC
• Adapt application charts and containers for OpenShift requirements, including network policies, security contexts, ingress patterns, and unprivileged container execution

DevSecOps and Platform Integration

• Configure artifact management patterns using BC Gov Artifactory project resources, Docker repositories, and Helm/OCI repository workflows
• Support secure software delivery practices involving container image publishing, dependency management, CI/CD workflows, artifact traceability, and GitOps-based change management
• Support operator-based platform integration patterns, including PostgreSQL database services using the Crunchy Data PostgreSQL Operator in OpenShift environments
• Implement secret management patterns using Vault Agent Injector for Kubernetes/OpenShift workloads

Advisory and Enablement

• Provide Kubernetes, OpenShift, GitOps, CI/CD, secure artifact management, and DevSecOps guidance to public sector clients
• Help teams improve application onboarding, deployment consistency, maintainability, and operational maturity
• Translate lessons learned from Statistics Canada, BC Government, and other public sector Kubernetes environments into practical implementation guidance
• Produce implementation documentation covering OpenShift, GitOps, artifact management, container, and Helm chart configuration patterns

Awards and Recognition

• Excellence in Service Delivery Award — 2021: Received as part of the Cloud Team for outstanding service contributing to Statistics Canada’s work and reputation.
• Employee Recognition Award — 2019: Received as part of the Cloud Team for contributions to moving major production workloads, including Statistics Canada’s main website, to cloud hosting environments.
• Public Service Excellence Award — 2014: Received from the Governor General in the Excellence in Citizen-Focused Service Delivery category for contributions to the Government of Canada Open Data platform.
• Team of the Year Award — 2014: Received at Statistics Canada for team contributions to the Open Data platform and Statistics Canada’s main website.
• GTEC Award Winner — 2014: Recognized for Excellence in Public Service Delivery for the Next Generation Open Data Portal, a joint submission between Statistics Canada and the Treasury Board Secretariat.
• GTEC Honoree — 2013: Honoree nomination for collaboration on a web content management framework for government and public institutions.
• Merit Award — 2013: Received at Statistics Canada for exceptional contribution to departmental effectiveness.

Portfolio

Selected public code and platform work:

• sylus
  • dotfiles
• gccloudone
  • gcds-hugo
  • artifacts-artefacts
• gccloudone-aurora
  • aurora-platform-charts
  • project-aurora-template
  • kubeflow-manifests
  • bootstrap-terraform
• gccloudone-aurora-iac
  • aurora-azure-environment
  • aurora-private-cloud-environment
• wxt
  • Docker Scaffold
  • Helm Chart for Drupal

References

Available upon request.