Deep / Engineering Portfolio
Case study · 01 of 03

FedRAMP High migration.

Role Head of Engineering
Duration 14 months · 2024—2025
Team 5 engineers + 1 security
Status Authorized · ATO granted
In one paragraph

Drove Epsilon3's FedRAMP High authorization. Migrated the primary store from CouchDB to Postgres under live customer load, wrote the SSP from scratch, and shipped tenant isolation, audit retention, and the boundary work needed to pass 3PAO. Zero customer downtime. Eleven federal customers unlocked.

01
01 The mandate

No FedRAMP, no contract.

Federal and defense customers wouldn't route real telemetry through Epsilon3 without HIGH-tier authorization. Sales had a pipeline. The boundary was the gate.

Mid-tier wasn't enough — customers operating mission systems needed the full HIGH controls. The work had to land before the next enterprise renewal cycle.

02
02 The starting point

Where the platform stood.

Single CouchDB cluster. Sync-conflict prone at scale. No real tenant isolation primitive. Audit logs were best-effort and retention was thin. A control review would have surfaced a dozen findings.

03
03 Approach

Six decisions that defined it.

01
Migrate primary store from CouchDB to Postgres. Single source of truth, mature operational tooling, real transactional guarantees.
02
Per-tenant schema isolation on a shared connection pool. Hard isolation without per-tenant infra cost.
03
Write the SSP from scratch, not from a template. The audit goes faster when the document matches the system.
04
Immutable audit log with 730-day retention. Append-only, no escape hatch, single export path.
05
Dual-write during migration. Both stores live until backfill verification passes, then read flip.
06
One security engineer paired with me through the whole audit. No handoffs, no translation layer between control and code.
04
04 Execution

Five phases. No surprises.

Q4 '24 Postgres dual-write online 8 weeks
Q1 '25 Backfill + row-level verification 10 weeks
Q2 '25 Cutover under load, zero downtime 1 weekend
Q3 '25 SSP final, 3PAO assessment 12 weeks
Q4 '25 ATO granted · HIGH authorized Authorized
05
05 Outcome

The numbers that mattered.

0
Customer-visible
downtime
94%
Sync conflict
reduction
3.2M
Procedures
migrated
11
Federal customers
unlocked
06
06 Downstream

What it unlocked.

01 Federal civilian contracts that required HIGH boundary.
02 Defense customer onboarding without compensating controls.
03 Doubled ARR within 12 months of ATO.
04 A schema and audit posture every subsequent feature inherits.
Next case study →
Real-time telemetry pipeline