Matt Borja

Quick Look

Summary

My name is Matt Borja. I'm a born again Christian, blacksmith enthusiast, and .NET web application developer with concentrations in Higher Education, Single Sign-On, and DevOps.

I've largely been involved in the development and operations of web-based enterprise software employing Microsoft technology stack since 2013. I ask a lot of questions, demand accountability, and depend on the strategic involvement and collaboration of teachable individuals in order derive the best solution and deliver the largest impact.

You can reach me via email at [email protected]

Skills Overview

  • Full-Stack Web Development
    100%
  • Web Application Security
    100%
  • Single Sign-On
    100%
  • Infrastructure
    80%
  • Systems Analysis & Architecture
    80%
  • Project Management (Software, Multi-)
    60%
  • Technical Support
    100%

Full-Stack Web Application DevelopmentCombined Work Experience (est. 2005)

  • Database: Microsoft SQL Server, MySQL, Oracle, Couchbase
  • Programming: C#, ASP.NET MVC, Entity Framework (Code First), Classic ASP extended with custom COM objects, Node.js, PHP, CodeIgniter, Laravel
  • Client-side: XHTML, CSS, JavaScript, Bootstrap, jQuery
  • HTTP: Cross-Origin Resource Sharing (CORS), Sub-Resource Integrity (SRI), Content Security Policy (CSP), SSL Configuration, HTTP Strict Transport Security (HSTS), proxy, use of appropriate HTTP methods and status codes (REST), and request tracing 
  • Applied web application security: OWASP Top 10, SANS SWAT Checklist, manual penetration testing, applied cryptography, systems analysis and network mapping 
  • Cryptography: Implement procedures and best practices for applied cryptography emphasizing proper use of key derivation functions, salts, initialization vectors, message authentication codes, hashing, and key management 
  • Infrastructure: TCP/UDP load balancing, tuning, and failover (HAProxy, NGINX). Web server configuration (IIS 7.5/10.0, Tomcat), DNS management, firewall management, virtual IP management,SSL termination, clustering, and automation (Puppet). 
  • CI/CD: Git, environment branches, pull requests, branch policies,pre-deployment approval for continuous delivery. Version control repository hosting in Bitbucket, GitHub, and Azure DevOps. 
  • Quality control: Provide mentoring, guidance, and architecture decisions. Develop and maintain standard operating procedures. Review work for compliance, security, and best practices. Coordinate changes for release. 
  • Project management: Gather requirements, evaluate cost, conduct systems analysis, manage expectations, coordinate and direct work. 

Portfolio

College Website RebuildRelease date: July 8, 2019

Facilitated company assumption of vendor-breached contract. Directed in-house website development and CMS rebuild, saving the institution over $40,000 in service fees (FFP) and ensuring timely delivery of the finished product.

Site rebuild on Hannon Hill Cascade CMS implementing quality control using well-defined Data Definitions, Blocks, Formats (Velocity), and tighter access control. 

Designed process for reviewing and approving existing events in 25Live Pro event management system using Custom Attributes.

College Online PortalRelease date: January 8, 2019

Directed planning and development of new mobile-friendly portal in ASP.NET MVC (C#). Demonstrated performance gains approaching 95% faster than the former legacy application written in Classic ASP from which it was ported.

Software Development Life CycleAdopted February 2017

Obtained approval for adoption of Azure DevOps to support onboarding of new developers with version control repositories, training documentation, task tracking, and change management.

Configured continuous integration and delivery for ASP.NET MVC web applications with separate staging and production environments.

Deploy environment configuration, application orchestration, and change management driven by source control and Code Manager (Puppet Enterprise).

Tennis Court Reservation SystemRelease date: October 2, 2014

Built custom online reservation and scheduling system with support for one-time reservations, tennis programs, discounts, credits, passes, and QR codes for order confirmation. Implements numerous OWASP Top 10 principles, delegated payment processing, and account linking.

Access Management SystemSince 2014

Custom web application tailored specifically to achieve compliance with state auditor demands following Maricopa Community Colleges data breach in 2013. Initial planning meeting held Feb. 7, '14 with incremental feature releases through present. Facilitates access management, auditing, and annual reporting to state.

Integrates with Active Directory over LDAPS to provide programmatic management of accounts and security groups, facilitating centralized management of role based access control throughout the enterprise.

Single Sign-On (SSO)Since 2013

Support emerging SSO requirements involving SAML-based service providers including Canvas, Zoom, Office 365, BEIS SSO Manager (Ellucian), etc. with the research and implementation of delegated authentication, attribute filter & release, metadata, remote endpoint strategy, LDAPS integration, InCommon Federation, deep-linking, account provisioning, custom development, etc.

Replaced native CAS Service Management Webapp with a more rigorous change management process. Employs Azure DevOps to implement continuous integration and delivery pipelines, enforce MFA policies, ensure proper JSON syntax, provide environment testing, and facilitate release management. Production release: Sep. 21, '18.

Built custom SSO solution for Azure products (including Office 365) using delegated authentication (on-premise CAS). Combines custom SAML 2.0 IdP development in .NET with appropriate configuration of secondary ADFS claims provider. Production release: Oct. 9, '17.

Employed cryptography research & development experience to debug, report, and provide vendor (Apereo, previously Jasig) with fix for CAS-1386 ("Fix IV handling for ClearPass in clustered environments"). Merged into master: Dec 1, '13.

Custom Work

Developed comprehensive code library for enterprise use and extend Classic ASP with custom COM objects and .NET applications to add support for language deficiencies including, but not limited to, modern cryptography (AES-256), secure random, key derivation functions (PBKDF2), hashing (bcrypt, scrypt, SHA512), HMAC, Base64 and hex encoding, Microsoft Web Protection Library, ESAPI Encoding, etc. 

Professional Develompent

Azure DevOps for Project Managers / Analyst (Oct. 2019, Udemy)

Web App Penetration Testing and Ethical Hacking (Apr. 2016, SEC542, SANS)

End-to-End Web Application with ASP.NET MVC5 (Dec. 2014, DEV500, Interface Technical Training

Penetration Testing: A Hands-On Introduction to Hacking (ISBN-13: 978-1593275648)

Work History

Sr. Web Application DeveloperYavapai College (September 2013 - Present)

Develop and maintain enterprise web applications (modern and legacy) with support for Active Directory, Microsoft SQL Server, Oracle, single sign-on (CAS, Shibboleth), payment gateways (TouchNet), SIS (Banner), telecommunications (Twilio), CRM (Salesforce), and learning management systems (Canvas)

Build and manage identity provider solutions for Single Sign-On

Build and manage infrastructure solutions including load balancing, high availability, distributed caching, web application servers, and automation (Puppet)

Facilitate regulatory (i.e. PCI, proper handling of user information, etc.) and state audit compliance and ensure quality control via software development life cycle, systems analysis, applied web application security & industry best practices, mentoring, supervising work, and project management

Adjunct FacultyYavapai College (Fall 2015, Fall 2016)

Fall 2016 (1 course): Beginning ASP.NET in C# and VB (ISBN-13: 978-1118846773). Augmented course with newly recorded screencasts, modern coding patterns, best practices, additional online resources and supplementary training material and exercises.

Fall 2015 (1 course): Sams Teach Yourself ASP.NET 4 in 24 Hours (ISBN-13: 978-0672333057). Augmented course with screencasts and supplementary training material.

Lead Web Developer & IT AdministratorBisnow Media (June 2011 - August 2013)

Use LAMP stack to develop and maintain custom web applications solutions and integrations to support business processes including ad exchange (OpenX), marketing automation (Eloqua), content management (WordPress), publishing workflow (Adobe Contribute, Adobe Dreamweaver, WordPress) and payment processing (First Data, Authorize.net)

Linux server administration and cloud services management (Rackspace, Google Suite, cPanel)

Web application firewall management (SecureLive)

Technical support (Windows, Mac OS X, Microsoft Office, Adobe)

Self-EmployedContract Work (July 2010 - October 2012)

Supplemental income derived from contract work involving consultation, website development & maintenance, security auditing & patching, technical support, third party service integration, web hosting, professional development, and mentoring.

Web Design TeacherChino Valley Unified School District #51 (2008 - 2010)

Subjects taught: Business Math, Web Design & Development, Career Prep

Student organization: Future Business Leaders of America

Certification: Provisional, Arizona Educator Proficiency Assessment (AEPA) for #91 - Professional Knowledge, Structured English Immersion (SEI), ongoing professional development required to maintain certification

Technology SpecialistChino Valley Unified School District #51 (2005 - 2008)

Facilitate annual provisioning and management of student accounts and security groups in Active Directory using Schoolmaster SIS (scripted)

School district website development and security, networking, and content filtering (Websense)

Email management and spam filtering (IpSwitch, FirstClass) Desktop & printer support, imaging (Altiris), and inventory