Marcello Barnaba¶

Production Engineer · Rome, Italy · vjt@openssl.it

Profile¶

Tech Lead with 26+ years of experience delivering resilient distributed systems, leading cross-functional teams, and architecting critical infrastructure at scale. Passionate generalist, mentor, and open source contributor.

Core skills: Distributed Systems · Tech Leadership · CI/CD · Rust, Python · Linux Internals · Infrastructure Automation · Incident Response · Security Hardening · Cross-functional Collaboration

Experience¶

Meta Platforms — Production Engineer¶

December 2021 – Present · 4+ years

Bootstrap / MetalOS (2023–present) — bare-metal OS powering millions of servers globally. Part of the Datacenter Automation org; EMEA team owns the net-booting infrastructure.

Halved re-provisioning cycles across the fleet, reducing downtime and hardware churn
Designed and rolled out hardware identification mechanisms for early OS imaging
Implemented sandboxing for hermetic configuration generators
Led deprecation of legacy net-booting systems, migrating to newer building blocks
Negotiated technical trade-offs across multiple teams for secure server lifecycle automation

Unprovisioning (2021–2023) — asset decommissioning and secure erasure before hardware exits company premises.

Led deprecation and migration off legacy unprovisioning systems
Developed and rolled out next-generation unprovisioning workflows
Worked cross-functionally with DC ops to ensure secure erasure and physical destruction
Mentored junior engineers across multiple time zones

IFAD (United Nations) — Tech Lead¶

February 2016 – November 2021 · 5 years

Led the technical side of a critical financial system implementing electronic disbursement of IFAD financings to borrower countries.

Reviewed technical proposals, authored documentation, interviewed and hired engineers
Acted as liaison between internal stakeholders, external vendors, and suppliers
Led full infrastructure automation (example), persuaded its re-use across existing line-of-business applications
Oversaw security design, delegated vulnerability assessments and hardening

IFAD (United Nations) — Software Engineer & Sysadmin¶

January 2011 – January 2016 · 5 years

Architected and developed multiple line-of-business applications: DMS, CRMs, BPM workflows, authorization, webcasting
Built temporal versioning into the data layer, enabling full audit history across financial applications
Built, secured and maintained dev/staging/prod environments for 30+ Ruby applications
Established shared framework libraries, releasing as open source where possible (data-confirm-modal, ChronoModel, Eaco)
Set up DNS, routing, software distribution, monitoring and alerting infrastructure

Mind2Mind — Web Developer & Sysadmin¶

September 2009 – December 2010

Panmind was a collaborative platform for sharing and organizing knowledge, built with Ruby, Javascript and Erlang. Refactored and architected both front-end and back-end. Built a SPA framework, event-driven analytics pipeline, and cross-language session system that anticipated patterns adopted industry-wide years later. Designed and secured the production environment. Evangelised open source through component extraction and conference presentations.

Lime5 — Web Developer & Sysadmin¶

February 2008 – November 2009

Designed and implemented multiple projects: tourism platform (Visita CSA), social music platform (Myousica) with audio streaming on Engine Yard, enterprise knowledge-sharing system (Agorà).

Softmedia — Web Developer & Sysadmin¶

December 1999 – December 2007 · 8 years

First professional role. Built and maintained UNIX/Windows server infrastructure, site-to-site VPNs, mail systems (Exchange, Zimbra, Postfix), and web applications in PHP and Ruby on Rails.

Open Source & Community¶

Recent projects — github.com/vjt

ha-verisure-italy — Home Assistant integration for Verisure Italy. GraphQL API client, typed with Pydantic, 165 tests, pyright strict.
openwrt-ha-presence — WiFi-based room presence detection for Home Assistant via OpenWrt and MQTT; paired with a mesh dethrash analyzer.
quectel-5g-tools — Parser and monitor for Quectel 5G modems cell information.
mfsroot-geli-dropbear — FreeBSD initial RAM disk for remote GELI-encrypted ZFS unlock over SSH; full init/PAM/reroot environment, not a shell hack.

Community roots

Antifork.ORG (2007–present) — Maintaining the legacy infrastructure and code of this group of hackers/friends from the early 2000s.
Azzurra IRC Network (2002–2005) — Forked the Bahamut IRCd for Italy’s largest IRC network: IPv6, SSL, hostname cloaking. Added SSL to the irssi client. Wrote IRC services from scratch.

Quotes I Live By¶

Keep looking up — Neil DeGrasse Tyson
Computer science is no more about computers than astronomy is about telescopes — Dijkstra
A name indicates what we seek. An address indicates where it is. A route indicates how we get there — Jon Postel
Be liberal in what you accept, be conservative in what you send — Jon Postel

🇬🇧 PDF 🇮🇹 PDF