Hagi Lerman

Founder & Principal Consultant -  CanadaClouds Consulting, Ontario, Canada 

(July 2025 – Present)

• Independent cloud infrastructure and DevOps consulting across AWS, Azure, and GCP, building on a background in enterprise SRE/DevOps in Canadian financial services.

• Building and operating MarginMagic, a production SaaS on AWS (ca-central-1): Terraform-managed infrastructure, OIDC-based CI/CD, and a Postgres backend, with AI-driven automation integrated into the build and deployment workflow.

• Active infrastructure modernization engagement for a clinical psychology practice: Active Directory migration (Windows Server 2012 R2 to 2025), DNS/DHCP/RDS, security hardening, zero-trust network access, and off-site replication.

​

​

Sr. SRE Engineer - RATESDOTCA, Toronto 

(April 2024 – June 2025)

Most senior SRE on the team; acted as technical lead for infrastructure and platform work.

​

• Took ownership of significant AWS configuration drift across ~7 accounts, importing untracked resources into Terraform and re-architecting the remote state backend to bring all infrastructure under version-controlled IaC.

• Drove removal of recurring AWS extended-support costs by leading sequential EKS control-plane and CRD upgrades (v1.22 to v1.31), remediating deprecated APIs to return the platform to supported versions.

• Owned a formal cost-reduction objective: decommissioned neglected resources across regions and accounts and investigated cost anomalies via AWS Cost Management before safely removing unused infrastructure.

• Architected and vetted a new ECS target design and built it in Terraform, initiating decomposition of an inherited PHP/Drupal monolith (~50 servers) toward containers, using Cloudflare reverse proxies to peel off the first services.

• Established Infrastructure-as-Code and GitOps standards in Terraform across AWS, Azure, and Cloudflare, with reusable modules, remote state, and CI/CD-driven plan/apply workflows with approval gates.

• Implemented GitOps-based Kubernetes deployments with ArgoCD, creating Applications and managing declarative Git-driven sync to keep cluster state aligned with version-controlled manifests.

• Defined and enforced a tagging and labelling strategy by reverse-engineering resource ownership and applying tags through CI on each deployment.

• Led security hardening by integrating SAST/DAST scanning into CI, driving vulnerability reduction with developers, and rebuilding container base images with multi-stage builds per OCI best practices.

• Established observability as code in Datadog via Terraform, including SLI/SLO-driven alerting with PagerDuty integration and synthetic monitoring.

• Enabled the data/ML team to move off manual click-ops by automating their AWS deployments and closing account drift with Terraform; provisioned SageMaker resources and migrated their notebook instances to the supported JupyterLab 4 / AL2023 platform ahead of AWS's June 2025 end-of-life.

​

Senior DevOps/Platform Engineer -RBC, Toronto

(April 2022 – October 2023)

​

• Reduced CDP database replication errors by 85% by troubleshooting and fixing the root cause of failed replication automation.

• Cut certificate renewal time by 75% by automating the previously manual renewal process using Ansible and Rundeck.

• Enabled backups for 158 Hadoop applications by building Python automation that integrated the Cohesity API with HDFS, Hive, and ServiceNow request forms.

• Improved monitoring reliability by migrating the department's Splunk Enterprise from physical to VM and upgrading it to the latest version.

• Improved team efficiency and accuracy by revamping outdated process documentation.

​

• Tools: OpenShift, Docker, Jenkins, Python, Bash, RHEL 7/8/9, Splunk, Grafana, Prometheus, Rundeck, Ansible.

​

SRE / SysOps Administrator III -  LoyaltyOne / AIR MILES (Alliance Data, now Bread Financial), Toronto

(February 2020 – April 2022)

​

• Reduced dashboard deployment time by 90% by automating deployment of 80+ SignalFx dashboards using Jenkins, Docker, and Terraform; defined and implemented SLIs/SLOs to improve observability.

• Reduced monitoring tasks by 90% by automating documentation with a Jenkins-run Python/boto3 script that queried AWS and posted to Confluence.

• Reduced API test time by 80% by automating manual API testing with bash scripts and Runscope.

• Improved alerting by integrating CloudWatch with PagerDuty, and monitored production with PagerDuty, Runscope, CloudWatch, and Splunk.

• Managed S3 object operations across AWS accounts via the AWS CLI, and maintained application runbooks.

• Snowflake: implemented RBAC policies, managed user onboarding/offboarding to security and compliance standards, and configured databases, schemas, and roles for data governance.

• Databricks: administered compute infrastructure and job configurations, optimized job execution through resource tuning and execution-role management, and automated job deployment to improve reliability.

Work environment AWS services - EC2, S3, EBS, VPC, ELB, EFS, SNS, SES, RDS, IAM, Route 53, Lambda, ECS Autoscaling, Cloud Watch, Security Groups, CloudFormation, Elastic Container Service, SQS. GitHub, 1Password, Opswise, Databricks, Snowflake

​

DevOps Engineer — Coin Change Financial, Toronto

(May 2019 – February 2020)

http://coinchange.ca

Coin Change Financial provides services for people and companies navigating the digital asset economy, including a digital OTC desk, security token funding advisory, and a market data division.

​

• Designed and deployed Coin Change's AWS infrastructure following the Well-Architected Framework, covering operational excellence, reliability (multi-AZ, backup snapshots, AMI images), security (subnets, security groups, network ACLs, route tables, IAM roles, WAF), performance efficiency, and cost optimization.

• Implemented Infrastructure as Code using GitLab CI/CD pipelines and Terraform.

• Set up monitoring and alarms with Datadog and CloudWatch for system health, APM, and cost control.

• Supported developers in deploying Django web applications to AWS ECS + Fargate, integrated with RDS Aurora PostgreSQL.

• Work environment: AWS (EC2, ECS, Fargate, S3, RDS Aurora PostgreSQL, CloudFormation, CloudWatch, WAF, Shield), Terraform, GitLab, Nginx, Docker, Python, Django, Twilio.

 

System Administrator /University of Toronto - ( contract )

 http://daniels.utoronto.com

01/2019 - 03/2019

​

► Upgrade and configured enterprise-level equipment - 10GB fibre switches and routers 
► Troubleshoot wireless related issues with Rokus controller 
► Deployed fibre cables and implanted cable management, mapped AP’s 
► Installed and configured production Citrix Xen servers from barebone state to working VDI 
► Created documentation for the current infrastructure 
► Supported students and employees 

 

System Engineer & Predictive Data Interpreter /My Blue Umbrella

(contract)

https://www.mbu.ca

 

10/2017 - 03/2018

 

 ► Systems Engineer (Linux and Windows)
► Led proof of concept process for backup systems
► Deployed, configured, maintained, and automated backups for 100 + servers using Azure Backup Services and Asigra
► Deployed, configured, and managed PC's, Servers (Windows and Linux), Switches, and Routers using SolarWinds N-Able

IoT

► Led proof of concept for the Internet of Things in the verticals of hospitality & recreation, agriculture, transportation, and logistics
► Installed and configured sensors and wireless gateways
► Managed and troubleshot networking connectivity issues for edge devices using Cisco Jasper
► Designed and improvised creative deployment solutions

 

IT System Administrator/Cox Automotive (contract)

 http://coxautoinc.ca/

 

10/2016 - 09/2017

 

 ► Set up and maintained accounts within Active Directory
► Configured and deployed VOIP phones, workstations, laptops, and related hardware
► Addressed hardware and software related problems and questions
► Maintained up-to-date image and patches for desktops and laptops via WDS SCCM
► Troubleshoot remote connection issues
► Assisted with all IT-related projects
► Provided reporting of troubleshooting activities within the ticketing system
► Installed Hypervisor and configured virtual machines on production servers using (VMWare ESXi -6.5, vSphere)
► Diagnosed system hardware and software problems using advanced root-cause analysis
► Upgraded and expanded network systems and their components using Cisco collaboration switches and routers
► Kept up-to-date on new developments in computer and network vulnerabilities, data hiding, and encryption

​

Technology Consultant/Staples.ca

 www.staples.ca

 

1/2016 - 10/2016

 

 ► PC Technician- hardware repair
► Performed follow up calls to solicit feedback on sales, promote additional products, and services where applicable
► Identified and communicated suggestions for improvements in all areas of business
► Developed and reinforce the selling culture, leverage customer relationships to drive      sales, and maintained high merchandising standards
► Increased team sale by 10% on a weekly basis

 

Independent System administrator + IT Consultant

Work as an independent System administrator for several clients including the IT consulting company East Coast IT Solutions (http://www.eastcoastitsolutions.com), and the restaurant chain Tov Li (http://www.tov-li.com).

 

2016 - 2017

 

 ► Worked as an independent system administrator for several clients including the IT consulting company East Coast IT Solutions (http://www.eastcoastitsolutions.com) and the restaurant chain Tov Li (http://www.tov-li.com)

 ► Configured  server maintenance and backups

 ► Remote sites management  

 ► Supported point of sale (POS) systems

 ► Supported and maintained security cameras

 ► Experience with sharing knowledge of procedures to train staff and clients

 Work Environments: Win Server 2k8 R2

 

System Administrator Windows/Linux /Seetech.

 http://www.seetech.co.il/

 

1/2015 - 6/2015

 

 ► Administrated and supported 700 user clients using windows server 2008 R2 and 2012 R2- Active Directory, OU GPO, Exchange, Office 365
► Deployed and installed infrastructure for servers: building racks, installing patch panels, and applying cable management solutions
► Remotely managed and administrated sites using RDP, TeamViewer, Showmypc, VNC, FortiClient VPN, Checkpoint VPN
► Deployed and applied backups to servers and machines using Shadow Copies and 3rd party software backup solutions: Symantec Backup. Exec, Acronis Backup, Replication, Ctera Server backup, Cetra EndPoint, QNAP, IBM NAS
► Applied images via Windows Deployment Services, Norton Ghost, Clonezilla, Acronis Universal
► Managed and administrated virtual server environments using ESXi, VSphere, Hyper V, VMWare
► Defined security requirements for computer systems, including mainframe, workstations, and personal computers
► Completed remote repairs involving software solutions and hardware repairs

 

IT Technician and Support Professional /Shiran Communications Ltd

 www.shirannet.co.il

 

2012 - 2014

 

 ► Responsible for managing all networks and computers for Givat Shemuel Municipality School System covering over 800 computers and thousands of users. 
► Site Manager for several additional customers using multiple network configurations and technologies.
► Special project Deploying and installing infrastructure LAN: CAT 6, 7 RJ-45, RJ-59, Patch panel’s, switches, AP, Security cameras.
► Work environments: Win 7, 8, 8.1, 2008 R2/2012 R2: exchange, AD, Acronis, Clonezilla, Ctera

 

IT Help Desk Manager/Anyoption (Binary options)

www.anyoption.com

 

2011 - 2012

 

 ► Managed and maintained computers and solved technical problems
► Responsible for hardware purchasing using knowledge and experience of business procurement
► Established a catalogue-aiding infrastructure that assists in managing licensing and passwords
► Managed and maintained blog infrastructure built on WordPress for the purpose of SEO

 

Technical Support/Technician. Roseman Engineering Ltd.

(Monitoring and software solutions to gas stations and vehicle fleets)

http://www.roseman.co.il/

 

2010 - 2011

 

 ► Configured and installed RFC 2500 /2500 a mobile gas pump controller for remote operations
► Monitored and solved problems related to fuel controller systems
► Installed and Configured POS (Point Of Sale) in gas stations
► Installed and configured servers on remote site locations 
► Provided support for software and hardware issues including wireless fuel systems and vehicle feet controller 
► Worked with various remote-access programs such as Teamviewer, VNC, NetOp, RDP, LogMeIn

 

Technical Support. 012 Smile Communication Ltd. 

(Leading international communication company)

http://www.012.net.

 

2008 - 2009

 

 ► Supported and configured VPN dialers, routers, VOIP phone, Email clients 
► Provided support to international customers 
► Work environments: Windows XP/Vista/Mac OS, CRM, Windows NT