Gagan Sapkota | Portfolio

Introduction

I am a software engineer specializing in distributed systems architecture and high-throughput data orchestration.

Currently, I am building cloud-native security infrastructure at Aviatrix. My work focuses on the design of declarative APIs and orchestration layers using Go and gRPC, specifically managing the control plane for network traffic inspection and protection.

My approach to engineering is defined by the logical rigor of my academic training. I specialize in navigating the complex trade-offs of distributed architectures, prioritizing systemic integrity and precision in environments where 'approximate' solutions are insufficient.

I enjoy exploring epistemic boundaries of LLMs: testing their coherence and reasoning capabilities in environments defined by scant or contradictory evidence.

PhD in Philosophy & BSc in Mathematics.
Expertise: Distributed State, Go, Concurrency, API Design.

Work History

Aviatrix

Oct 2024 — Present Platform-as-a-Service
Network security for on-prem and cloud environments.

Led the design of a declarative API and an orchestration layer to provide inspection and protection for egress and lateral traffic, unlocking a key enterprise customer acquisition (Go, gRPC, Protobuf, Temporal).
Designed and built a pipeline to ingest up to a week of flow logs and DNS logs (with a limit set to 100GB to process within an hour) for a security assessment pipeline (Go, gRPC, Kafka, Clickhouse, Temporal, S3).
Collaborated with AWS IAM team to engineer the delegated onboarding workflow (OAuth-like) that simplified account onboarding for customers, replacing the CloudFormation-based onboarding (Go, SNS, SQS, IAM).
Resolved systemic release delays by building a lightweight feature flag system to decouple release cycles from feature completion, brokering a compromise between budget constraints and engineering velocity.
Improved the reliability of L7 proxy service by identifying and resolving a locking bottleneck in the caching layer and adding automated retries on credential expiration.

Illumio

Jul 2023 — Oct 2024 Zero-Trust Segmentation
Security solutions to prevent lateral movement.

Designed and developed the flow service pipeline, responsible for fetching, aggregating, storing, and querying for flows from AZURE and AWS. Added telemetry data to track the processing stats for each sequence in the workflow. (Go, gRPC, Azure, SQL, Prometheus, Grafana, Observe).
Developed and deployed critical API endpoints that power the aggregator service to efficiently collect diverse resources from multiple data planes and aggregate them to provide insightful visibility into the traffic associated with the cloud resources.
Led the initiative to optimize and scale the flow pipeline to handle high-volume data processing, resulting in the ability to process ~500GB of flow logs per hour.
Reduced the search API latency from 20 seconds to ~6 seconds through a combination of optimized caching and prefetching techniques.

Skopos

Jan 2022 — Sep 2023 API Monitoring Tool

Designed the data model optimized for read-heavy access patterns making judicious use of indexes (Typescript, Prisma, PostgreSQL)
Containerized application and horizontally scaled it using AWS load balancer to enable parallel execution resulting in 10 times faster execution of the tests (Docker, ECS, EC2)

Selected Projects

Skopos

Open Source API Monitoring
Testing multi-step workflows in sequence and parallel.

Skopos is an API monitoring tool designed for testing multi-step API workflows in sequence and independent workflows in parallel.

Define tests for execution on demand or on schedule.

Automated failure notifications for critical flows.

Read the Case Study ↗

Other Projects

WireSnoop

A RequestBin clone for debugging webhooks. Built with NginX, Node.js, PostgreSQL, MongoDB, and React.