~/enjay

Austin, Texas · Electronic Arts

Nilesh Jaiswal

Lead Service Engineer · Platform & Infrastructure

Building scalable cloud platforms, automating infrastructure, advancing zero-trust security — and publishing research that bridges academia and industry.

Portrait of Nilesh Jaiswal
  1. Software Engineer, then
  2. Build Engineer, then
  3. DevOps Engineer, then
  4. Cloud Engineer, then
  5. Platform Engineer, then
  6. Infrastructure Architect, then
  7. SRE, then
  8. Researcher, then
  9. Technology Leader

pipeline: career · 9 stages passed · currently running

About

Two and a half decades of shipping infrastructure

I started my career building and shipping software the hard way — manual releases, customer escalations, midnight fixes. Over 25 years that work evolved through build engineering, DevOps, cloud, and platform engineering at Symantec, Acxiom, Intel, and now Electronic Arts, where I lead service engineering within the Platform, Infrastructure & Engineering organization.

My engineering philosophy is simple: if a human has to do it twice, automate it; if a platform team has to approve it, make it self-service; if security is a gate at the end, move it to the beginning. That philosophy took a 48-hour cluster provisioning runbook to under 2 hours, and it is the thread running through my work on API gateways, certificate automation, and cloud governance.

In recent years the practice turned into research. Four peer-reviewed IEEE papers on zero-trust DevSecOps, shift-left security, agentic-AI identity, and risk-adaptive authorization came directly out of problems I solved in production. I believe the best infrastructure research is written by people who carry a pager.

Views and research published here are my own and do not represent the position of any current or former employer.

# experience
25+ years

# current focus
API gateways · PKI · cloud governance · agentic-AI security

# education
B.E. Computer Technology, Nagpur University
PGP AI/ML, UT Austin McCombs (2021)

# community
IEEE member · awards judge · mentor

Career pipeline

The journey, stage by stage

  1. Early career · Symantec & early roles

    Software / Build Engineer

    Problem
    Enterprise release cycles were slow, manual, and fragile — customer escalations demanded fixes in days, not weeks.
    Solution
    Owned build and sustenance engineering; automated build pipelines and hardened release processes for enterprise customers.
    Impact
    Customer appreciation awards from State Street and UBS for delivering solutions in under two days; Standing Ovation award for sustenance work; two Star Awards.

    ShellBuild systemsRelease engineering

  2. TODO: dates · Acxiom

    DevOps Engineer

    Problem
    Data-platform environments were provisioned by hand, with configuration drift and slow environment turnaround.
    Solution
    Introduced infrastructure-as-code and CI/CD standardization across environments.
    Impact
    Repeatable environments, faster delivery, fewer drift incidents.

    AnsibleJenkinsPythonLinux

  3. TODO: dates · Intel Corporation

    Cloud / Infrastructure Engineer

    Problem
    Large-scale engineering infrastructure needed modernization toward cloud-native patterns without disrupting silicon-development workloads.
    Solution
    Built automation for hybrid infrastructure, observability, and self-service tooling for engineering teams.
    Impact
    Higher infrastructure reliability and developer velocity at scale.

    AWSTerraformKubernetesPrometheus

  4. 2019 → present · Electronic Arts — Platform, Infrastructure & Engineering

    DevOps Engineer III → Lead, Service Engineering

    Problem
    Provisioning a production OpenShift cluster took ~48 hours of manual effort across three datacenters (EU1, IAD1, IAD1-ISO); certificate issuance, API gateways, and cloud-account governance were fragmented.
    Solution
    Led the VMware→OpenShift migration and built an automation framework (Ansible, Terraform, ArgoCD, Helm, Kyverno, GitLab CI). Now leading API gateway modernization on Apache APISIX, a Certificate-as-a-Service platform, and the Cloud Account Registry with group-based RBAC.
    Impact
    Cluster provisioning cut from 48 hours to under 2 hours at 85% automation coverage. Centralized code-signing service analyzed and re-architected for ~1M signing requests/day.

    OpenShiftKubernetesTerraformAnsibleArgoCDHelmKyvernoAPISIXGoPython

  5. 2021 · UT Austin — McCombs School of Business

    PG Program, AI & Machine Learning

    Problem
    Bridging two decades of infrastructure practice with formal grounding in AI/ML.
    Solution
    Completed post-graduate AI/ML program while working full time.
    Impact
    Foundation for the agentic-AI security research line that followed.

    PythonMLApplied AI

  6. 2026 · IEEE — ICAISET & SoutheastCon

    Published Researcher & Panelist

    Problem
    Industry zero-trust practice and academic research were evolving in parallel with little cross-pollination.
    Solution
    Published four peer-reviewed IEEE papers (SATHOS, shift-left security, identity fabric for agentic AI, risk-adaptive authorization); panelist at ICAISET 2026 in Cairo on building trusted AI-driven infrastructure.
    Impact
    Research grounded in production-scale platforms; pursuing IEEE Senior Member elevation.

    Zero TrustDevSecOpsAgentic AIAuthorization

  7. Now · Electronic Arts · IEEE

    Technology Leader

    Problem
    Platform teams need product-minded leadership that connects infrastructure, security, and developer experience.
    Solution
    Leading engineering across API gateway, certificate, and cloud-governance platforms; serving as awards judge (Stevie Awards) and IEEE volunteer leader.
    Impact
    Platform strategy shaping developer self-service across a global studio network.

    Platform strategySAFeMentorship

Technical expertise

Depth, measured in years

Cloud

  • AWS10y · Expert
  • Azure5y · Advanced
  • GCP4y · Proficient

Containers & Platforms

  • Kubernetes8y · Expert
  • OpenShift6y · Expert
  • Docker9y · Expert

Infrastructure as Code

  • Terraform8y · Expert
  • Ansible9y · Expert
  • Helm6y · Expert

CI/CD & GitOps

  • GitLab CI7y · Expert
  • ArgoCD5y · Expert
  • GitHub Actions4y · Advanced
  • Jenkins8y · Advanced

Programming

  • Python12y · Expert
  • Go5y · Advanced
  • Shell20y · Expert
  • JavaScript/TypeScript6y · Proficient

Observability

  • Prometheus6y · Expert
  • Grafana6y · Expert
  • Splunk / ELK7y · Advanced

Security & DevSecOps

  • Zero-Trust Architecture4y · Expert
  • Policy as Code (Kyverno/OPA)4y · Expert
  • PKI / Certificate Automation5y · Expert
  • IAM / RBAC6y · Advanced

Architecture

  • Platform Engineering7y · Expert
  • API Gateways (APISIX)3y · Advanced
  • Microservices8y · Advanced
  • Agentic AI Security2y · Advanced

Research

Peer-reviewed publications

Papers
4
Citations
0
h-index
1
i10-index
0
2026IEEE ICAISET 2026 · IEEE

SATHOS: Self-Adaptive Trust-Hierarchical Orchestration for Zero-Trust DevSecOps Pipelines

Modern DevSecOps pipelines execute workloads across heterogeneous environments, including cloud runners, on-premises agents, and ephemeral containers, yet orchestration frameworks assume pre-trusted execution agents and rely on static policy gates. This assumption fails under agent compromise, configuration drift, and trust asymmetry between cloud and on-premises zones. We present SATHOS (Self-Adaptive Trust-Hierarchical Orchestration System), a zero-trust orchestration framework that models CI/CD pipelines as trust-governed directed acyclic graphs (DAGs) where each node's execution is conditioned on dynamically evolving four-dimensional trust vectors covering identity, platform, behavioral, and contextual evidence. SATHOS introduces a distributed trust negotiation protocol over mutual TLS with replay protection and cryptographic transcript verification, combined with a self-adaptive trust evolution mechanism that adjusts trust scores based on execution outcomes without requiring policy redeployment. Evaluated on a Kubernetes-based testbed with three pipeline topologies (3-5 nodes), three experimental conditions, and three random seeds (27 runs), SATHOS blocks 100% of compromised agent execution requests with zero false positives (p < 0.001, Fisher's exact test). The five-message trust negotiation protocol adds a median per-node latency of 4.73 ms (p50), and the Wilcoxon signed-rank test confirms bounded overhead (p = 0.065, one-sided). The system achieves zero false allows and zero false denies across all trial configurations.

Framework grounded in production experience automating enterprise Kubernetes/OpenShift delivery at scale.

zero trustDevSecOpsCI/CD securitysupply chain

0 citations
2026IEEE SoutheastCon 2026 · IEEE

Policy-Driven Shift-Left Security for Hybrid OpenShift CI/CD Pipelines

This paper presented a policy-driven shift-left security framework for hybrid OpenShift CI/CD pipelines that integrates container vulnerability scanning (Trivy), Kubernetes policy enforcement (OPA/Rego with eight denial rules), and governance tag validation into a unified pre-deployment gate. Through a controlled experiment of 50 pipeline builds per configuration, the framework detected and blocked all 15 insecure builds (8 vulnerable images, 5 policy violations, 2 governance violations) while allowing all 35 compliant builds to deploy, achieving a 100% detection rate with zero false positives. The shift-left pipeline introduces a mean overhead of 28.3 seconds per build, with container scanning accounting for 82.2% of the added time. The results demonstrate that early-stage, automated security enforcement can prevent insecure artifacts from reaching production environments without disrupting legitimate workloads. The layered three-gate architecture provides defense in depth across image vulnerabilities, deployment misconfigurations, and governance metadata, addressing a gap in existing CI/CD security research that has focused on individual controls in isolation.

shift-leftpolicy as codeOpenShiftOPA/Regocontainer security

0 citations
2026IEEE ICAISET 2026 · IEEE

Future-Proofing Identity Security for Agentic AI Systems: Design, Implementation, and Evaluation of an Identity Fabric

Agentic AI systems composed of dynamically instantiated, tool-enabled agents operating across trust boundaries introduce identity failures that exceed the assumptions of existing identity and access management frameworks. This paper identifies five identity gaps in agentic AI systems and introduces six composable security primitives that address ephemeral identity, delegation integrity, capability-level control, cross-domain trust, behavioral assurance, and content provenance: Ephemeral Attested Agent Identity (EAAI), Intent-Bound Delegation Tokens (IBDT), Identity-Constrained Capability Sandboxes, Decentralized Agent Identity Registries (DAIR), Continuous Behavioral Attestation, and Content Provenance Binding. We implement the architecture on Kubernetes using SPIFFE/SPIRE workload identity and mutual TLS for all inter-service communication. Across 33 mTLS test cases (n=100 per operation), the system achieved 100% delegation fidelity (20/20 narrowing tests), sub-25 ms mean latency for credential issuance and delegation, and 6/6 abuse-resistance rejections. In an end-to-end pipeline with Claude Sonnet, total identity overhead was 203 ms, representing 2.6% of inference latency.

agentic AIidentityIAMSPIFFE/SPIREworkload attestation

0 citations
2026IEEE SoutheastCon 2026 · IEEE

Risk-Adaptive Authorization for Agentic AI Systems

Agentic AI systems deploy autonomous agents that execute transactions with delegated authority, yet existing authorization mechanisms rely on static role-based policies that are inadequate for contexts varying in risk. Authentication protocols for ephemeral agents include SPIFFE, OAuth Token Exchange, and DPoP, addressing the question of "who is the agent?" This paper extends that foundation to address "what should the agent be allowed to do?" We present an authorization flow combining workload identity (SPIFFE/SPIRE), token exchange (RFC 8693), policy evaluation (Open Policy Agent), AI-based risk scoring, sender-constrained tokens (DPoP), and CIBA-inspired human approval for high-risk transactions. The architecture implements a three-tier authorization model: Tier 1 transactions receive automatic approval, Tier 2 transactions require supervisor-agent approval, and Tier 3 transactions trigger human-in-the-loop verification. We validate the approach through a retail exchange scenario. Measurements across 120 authorization requests show cold-path latency of 32.7 ms (SD = 18.5 ms) and warm-path latency of 4.7 ms (SD = 2.3 ms), a 7x speedup with token caching. Delegation narrowing enforcement blocks all invalid privilege escalation attempts across 20 test cases. The results indicate that risk-adaptive authorization adds acceptable overhead for agentic systems while enabling contextual policy decisions and human oversight for high-risk operations.

authorizationrisk-adaptiveagentic AISPIFFE/SPIREzero trust

0 citations

Analytics

Growth, charted

Publications by year

Average depth by domain (years)

Selected work

Platforms shipped

OpenShift Cluster Automation Framework

Infrastructure

End-to-end automation for provisioning production OpenShift clusters across three datacenters, replacing a 48-hour manual runbook.

  • 48h → <2h provisioning
  • 85% automation coverage
  • EU1 / IAD1 / IAD1-ISO

AnsibleTerraformArgoCDHelmKyvernoGitLab CI

API Gateway Modernization (Apache APISIX)

Platform

Engineering lead and de facto product owner for EA's next-generation API gateway platform, replacing legacy gateway infrastructure.

  • Gateway-as-a-service model
  • Declarative route management

APISIXKubernetesGoGitOps

Certificate-as-a-Service Platform

Security

Headless certificate lifecycle platform with API-first issuance; includes latency analysis and phased re-architecture of a centralized code-signing service handling ~1M requests/day.

  • ~1M signing requests/day analyzed
  • Conduit provisioning integration

Venafi TPPCloud HSMcert-managerEKS

Cloud Account Registry

Governance

Registry and governance layer for cloud accounts with group-based edit permissions and RBAC via a central IAM platform.

  • Group-based permissions model
  • MVP co-led with platform architects

PythonRBACIAM

Custom Terraform Providers

Open Source / IaC

Upgraded and maintained custom Terraform providers for Device42, MAAS, and Infoblox — SDK migrations, linting, and CI/CD pipeline hardening.

  • Three providers maintained
  • SDKv2 migration

GoTerraform Plugin SDKGitLab CI

Slack → JIRA Automation Bot

Developer Experience

Slack bot (Bolt framework) for automated JIRA ticket creation with YAML-driven forms, Redis state, back-navigation, and status cascade logic.

  • YAML-configurable forms
  • Zero-touch ticket routing

PythonSlack BoltRedisJIRA API

VM Tag Management & Chargeback

Observability

vROPs/aROPs tag management system with chargeback reporting, Prometheus metrics export, and Grafana dashboards; NetApp Active IQ alert automation.

  • Automated chargeback reporting
  • Fleet-wide tagging compliance

PythonPrometheusGrafanavROpsNetApp

Professional impact

Measured, not claimed

48h → <2h
OpenShift cluster provisioning time
85%
Automation coverage across cluster lifecycle
~1M/day
Code-signing requests analyzed & re-architected
3
Datacenters migrated (EU1 · IAD1 · IAD1-ISO)
4
Peer-reviewed IEEE papers, 2026
25+
Years in enterprise infrastructure

Speaking · Awards · Credentials

Beyond the terminal

Speaking

  • Building Trusted AI-Driven Infrastructure

    IEEE ICAISET 2026 — Panel · Cairo, Egypt · 2026

Memberships

  • IEEE Member #102178087 — Senior Member elevation in progress
  • IEEE awards judging & volunteer leadership

Awards & recognition

  • Stevie Awards — Judging Panel

    Stevie Awards · 2026

  • Customer Appreciation Award (State Street & UBS)

    Symantec

  • Standing Ovation Award — Sustenance Engineering

    Symantec

  • Star Award (×2)

    Symantec

Certifications & education

  • PG Program in AI & Machine Learning

    UT Austin — McCombs · 2021

    PythonMLApplied AI

  • SAFe PO/PM (in progress)

    Scaled Agile · 2026 (planned)

    Product ownershipAgile at scale

Contact

Let's talk platforms or papers

Open to speaking invitations, research collaboration, peer review, and conversations about platform engineering, zero-trust architecture, and agentic-AI security.