About Me

Having extensive application & infrastructure experience in the IT industry across the full software lifecycle most significantly in integration, development and deployment in International environments and most recently DevOps CI/CD in agile UK government.

A cross-skilled hands-on technical all-rounder working seamlessly across multi-disciplined, geographically dispersed customer internal and supplier teams, quickly establishing confidence and trust for implementing complex IT solutions.

Keen to learn new skills and technologies, such as, NodeJS & MongoDB, and as demonstrated through recently attaining AWS Certified Developer Associate, yet blending with the traditional tried and tested.

Results focussed with agility, having a proven track record for delivering high quality solutions that focus on real business & user benefit using strong analytical & creative reasoning to overcome problems as they arise, all the while embracing change for continuous improvement.

More than just a vocation, promotes IT enablement at work and home. Computing is both a profession and a hobby, keeping abreast of latest technology and supporting talent progression at work and more personally as STEMnet Ambassador & Code Club mentor.

Contact Details

Warren Edward Ayling
jobs@anglo-dutch.me.uk

Last Updated

23rd October 2019

Sept 2016 - present

WOZiTech Ltd

wozitech-logo

Xmas 2019

Personal Development

Extended private (bare metal) kubernetes cluster including:

  • Installed kubernetes dashboard, with "LoadBalancer" service to present with IP and port NAT through gateway firewall.
  • Kubernetes secret for local private Nexus docker repo.
  • Deployed into cluster (own namespace), dockerised WOZiTech CMS (nodejs app and postgresDB pod using manual kubernetes manifest.

November 2019 to present

Platform Engineer (AWS/node.js/kubernetes) - News UK

Contracted to News UK, to design, build and maintain an microservice (node.js) Audio Platform hosted primarily on Kubernetes (private EC2 clusters with VPC peeering) with complementary AWS services, viz. S3 with Cloudfront (CDN, Certificates/Route53 and DocumentDB. Build and deployment primarly Circle CI, with some legacy Jenkins.

This is an agile (fortnightly scrum) project, with all the usual ceremonies including, daily stands up, weekly refinements, planning, showcases and retrospectives.

Primarily a linux/Mac development environment, introduced Windows for development. First challenge was to update the project documents using Microsoft Docker Desktop with Kubernetes enabled, to get the microservices running on Windows, including skaffold and kustomize.

Introduced AWS tags on all resources across all environments, to allow for the reporting of resources on a shared AWS account. This was simply a case of updating the terraform configuration across mulitple terraform projects in a single repo in a consistent and easily maintainable manner. Introduced to Circle CI and the gated generate, inspect and deployment terraform plans across dev, staging, UAT and in to production.

Following on from AWS tagging, a quick spike to get the detail on how to "tag" (label) the kubernetes cluster. Updated kustomize configuration (bases and environments) to use kustomize commonLabels and metadata.labels, expressed using Kubernetes recommended label structure. Used kubectl describe to check local deployment and updated jest static tests on generated target environment manifests (dev, uat and prod).

Updated shared Kong hosting environments to use jwt plugin to provided route based Auth0 JWT authentication against Graph API microservice. Demonstrated operation locally by running Kong (with postgresDB) via docker-compose, deployed using in-house (custom) python scripts with all microservices via kubernetes against Auth0. Demonstrated both authentication (Auth0 Server Resource/APIs and Application requested "access tokens") and authorisation (Auth0 scopes) within the GraphAPI microservice.

Updated the in-house Java cumcumber integration test scripts to request access token and demonstrate various combinations of no token, expired token and invalid token.

Deployed Kong changes using Jenkins across dev, si, uat, staging and production.

November 2019

In between Contracts

Whilst in-between contracts, rebuilt office KVM/vagrant/ansible "enterprise" network including:

  • nginx proxy - named servers using DDNS subdomains (CNAMES) and letsencrypt SSl certificates.
  • Nexus docker private repository - with authorised public access via DDNS CNAME.
  • Migrated wiki using latest (beta) wikijs - using docker container and linked postgres container. Public access via DDNC CNAME.
  • Built new headless (API) CMS, using strapi. Dockerised and deployed with public access via DDNS CNAME.
  • Created a kubernetes two node (plus master) private cluster.

October 2019

In between Contracts

Whilst in-between contracts, took some MongoDB Univesity training in preparation for MongoDB Developer Associate Certicication:

December 2018 to September 2019

Backend API Engineer (node.js) - Sopra Steria

Contracted to Sopra Steria, to design & build a backend API to an Anglular frontend application. An agile scrum project; fortnightly scrums cycles.

API built on node.js, using Express V4.x. framework, using sequelize V4.x with data stored in postgres V11 database. Both application servers (containers) and database (AWS RDS) hosted on UK Gov PaaS.

Full ownership impacting the required APIs from application requirements (stories & epics), defining and maintaining the API namespace and methods, implementing the endpoints (code and test), documenting the endpoints, supporting the frontend developers on use of the API, supporting DevOps on CI/CD of the API through dev, test, preprod and production.

From the given alpha (demo) code, immediately introduced transaction handling for multiple writes, API HTTP 40x/50x error responses and an endpoint integration test suite using jest, supertest and faker.Introduced a local proxy allowing the frontend developers to work autonomously consuming the API already deployed into the controlled dev environment.

When it came time for enduser authentication, introduced JWT for stateless authorisation on each API endpoint, implementing the endpoint authentication and authorisation framework to generate/renew the JWT and validate the JWT using middleware and well crafted API namespace, supporting a colleague with their implementation of brcypt (hashless) authentication logic.

That, with the set of new API endpoints for updating and retrieving rich form data, with the project DevOps and DBA, setup and deployed the beta application release into new Gov PaaS preprod and production hosting environments. Introduced convict for schema based rich environment specific configuration.

Following the beta release, introduced a full audit framework across the backend API using entities and managed properties (prototype and factory patterns from Gang of Four); auditing data stored in the database at both entity and property level.

Extended the environment specific configuration to integrate with AWS Secrets Manager, allowing sensitive information to be managed centrally for all environments (as opposed to command line ENV variables).

With sensitive data now stored locally, using experience gained on previous contract through Semantic Integration, introduced serverless Daily Snapshot reporting for the client's analytic team in Leeds, using serverless framework and AWS lambda with Secrets Manager generating the JWT to access reports API with the generated stored (& managed) securely on AWS S3 with signed linked distributed by email (AWS SES) and Slack (webhooks). The report was scheduled using AWS CloudFront to run the lambda function. These daily snapshot reports, although not tied to the backend deployment, were deployed into each of dev, staging, preprod and production thus being able to demonstrate and gain client approval on the reports through traditional deployment cycles.

Continued to enrich the backend API with new endpoints including extending the automation test framework, following story refinement as features were developed in the frontend. This included taking full responsibility for the database schema, database patching of dev, providing quality DB patch scripts for the DBA to run in staging, preprod and production environments.

Although not within responsibility, took ownership for the beta Data Migration (just 42 users), working through the incumbent Oracle database schema (with no access to the incumbent development team), documenting mapping and writing pgsql (Postgres functions) to quickly and repeatably migrate the data. Stood up a migration application server and worked closely with the client's service support team to achieve the necessary review, approval and sign off of the users' migrated data, critical for securing client sign off for the first true application release. This formed the start of a close working relationship with the client's service team, as demonstration of ability to deliver good quality solutions quickly. Part of the migration solution included updating the backend authentication endpoint to support the incumbent's hash login method allowing users to seamlessly reuse their old application credentials.

During the course of the first pentest, introduced helmet, XSS Clean and XSS Sanitizer ensuring part of securing a necessary precondition for client sign off the first true application release.

Took ownership of the Bulk Upload capability via new API endpoints, which included uploading the files via the frontend application to AWS S3 via S3 signed PUT URLs, mapping of reference data from "bulk upload externalised refernces" to applications internal referrences (online transformation), extensive validation logic and reusing the backend API entity and managed property framework to ensure full auditing. Delivered this complex and crucial functionality only possible through leveraging the direct relationship with the client's service team in Leeds, established during the beta data migration. This involved two visits to Leeds to work onsite with the service team manager to secure client acceptance.

Following initial beta data migration, full migration of 22000 users and their data from incumbent dataset, including the a performance improvement to migrate data concurrently reducing data migration time from 12 hours to 4.5 hours.

Identified a gap in the support of the application, in that reference data is looked away in the database requiring multiple project resources to update it. From my time at photobox, identified the need for a CMS to maintain such reference data. Also identified that some administrative stories in the backlog were not best served through the frontend application; a more collaborative approach could be made available.

Shortlisted four CMSs: strapi, KeystoneJS, nodebeats and Aposprophe. Reviewed these CMSs on their ease of installation, customisation, security and integration with the backend API. Secured selection of strapi, because its rich API capability (let down only by it's Administrative Console user security). Built the AWS EC2 server instances (one for dev and one for test) and AWS Hosting Zone from registered domain using terraform automation. Manually installed nodejs and strapi, but utilised a remote MongoDB Atlas database provision. Security was key; acheived pen test acceptance first time.

Used AWS Kinesis, with AWS IAM roles/policies for each of dev, test, proprod and production to pump data from the backend API on every create, update and delete and ingest to a MongoDB Atlas database instance, merging disparate entities into single documents within MongoDB collections, affording the power of MongoDB rich data queries and aggregation pipeline to quickly extract data.

Used pm2 to install and manage as a service, both the strapi application and a complementary custom Slack App API to handle interaction between slack /slash commands and dialogs and the strapi.

Modified the reference data API endpoints to allow "PUT" method to securely update the reference data records from changes to data in strapi.

Introduced AWS SNS to notify all new registrations with separate topics for dev, test, preprod and production, which invoked a AWS lamdba function (built and deployed using serverless framework) to lookup data from the MongoDB store, enrich the registration data and then post to Slack (webhook), with buttons to approve/reject, which then securely invoked the relevant backend API to thus approve or reject. All properly secured using AWS IAM roles and policiies.

As part of this demo, also included Slack /slash commands making it easy to search data in the MongoDB database; secured using Slack command signature and Slack signing secret (stored securely in AWS Secrets Manager).

Significant achievements included:
  • Extensive endpoint automation integration test using jest which owing to the absence of formal load tests, became an unexpected critical resource during load testing ahead of main user migration.
  • Serverless Daily Snapshot reporting using AWS lambda and Secrets Manager securely integrated via Backend API.
  • Successful Data Migration of 22000 user accounts and data from incumbent, including login hash and performance enhancement.
  • Prototyped and demo'd Headless CMS - for maintenance of application reference data and collaborative user and data integration of registration approvals and rejections using AWS Kinesis, SNS and MongoDB, Slack webhooks and Slack slash commands.
Source code open github project as per GDS guidelines:

November 2018

Alexa Skill

Having recently introduced automation switches to my house, turning on/off of lights required interacting with an Andriod app, and meant having to have phone to hand early in the morning and late at night. I bought an Alexa Echo to allow voice activation on the lights.

But having an Alexa, I then wanted to create my own Alexa Skill. At first, I struggled with the concept of invocation name/utterances, and the ecceltic approach used with the Alexa Developer Console to add validation and dialogs on slots. But after a week of try this, try that, finally got to understand the subtleties of invocations, intents, utterances, slots, slot types, dialogs and validations. Have submitted my skill for certification, but currently held back on my choice of "invocation", on which I have organised a competition with my friends & family.

The backend of the skill is of course AWS lambda; node.js. Created the code framework using 'serverless framework', and using terraform to maintain the necessary IAM role and policies for that lambda. All code runs both locally and remote within the lambda. All local code is unit tested with 100% code coverage.

The lambda uses Axios to interact with TFL's public API to get a list of next bus arrivals for a given 'Stop Point'. Uses AWS Secret Manager to hold my TFL API key details.

The lambda posts notification to Slack Channel, using rich formatting including details of the incoming event (on error/unexpected intent/missing destination). Multiple levels of notification (none, error only, .... through to trace level); controlled with a Lambda env variable making it easy enough to control level of notification once deployed.

Significant achievements included:
  • TDD approach to development; comprehensive Jest unit tests written along with functional code, with 100% unit coverage at all times.
  • A manual jest mock on the importing of personal test data; protecting actual personal data.
  • Implementation of the Alexa Skill request/response format, including dialog conversations.
Source code can be found on github.

November 2018

Terraform

In preparation for a new role, I set out learning terraform. Whilst already familiar with vagrant/ansible for office server, I set about using terraform to provision/teardown one of multiple VPCs (based on a given environment of dev, test, acceptance and production) with VPC/subnets chosen from a lookup of predefined definitions.

The VPC includes public and private subnets across one or more Availability Zones.

The VPC includes a bastion virtual server (Amazon AMI) deployed into each public subnet along with the Security Group necessary to allow remote SSH (using nominated key-pair) access to it and from it (the bastion) remote SSH access to other public and private subnet guests. Whilst provisioning the bastion guest, used terraform to create a new policy and IAM role (with assume) to run against the instance.

Significant achievements included:
  • VPC provision/teardown with Bastion completed in just three days; albeit only proven (tested) for acceptance, but itself being 3*AVs into eu-west-2.
Source code can be found on github.

October 2018

Server Build (vagrant/ansible) - WOZiTech Limited

Following a recent (careless) lost of a KVM Guest, have rebuilt server (2*8 core Xeon with 78MB of RAM) to be fully provisioned, PxE Boot (Raspberry PI) of Ubuntu Server with post-install script to then configure KVM/libvirt. TODO: replace post-install script with 'cloud-init' (native Ubuntu provisionig tech and supported by AWS EC2).

A semi-auto provisioned vagrant/libvirt/ansible "Fedora server" guest (manual creation of the guest but the guest then provisions itself via ansible). This guest is then able to provision all other guests.

A manually provisioned firewall gateway guest (untangle), presented to home network and to each of the KVM host-only networks, with ingress control and gateway port forwarding.

From a CentOS 7 vagrant box, a collection of reusable common Ansible tasks to provision base WOZiTech CentOS specific server instance, which includes default packages (present/absent - lockdown), network reassignment (through the untabgle firewall), firewalld services reassignment and lockdown, optional set of docker prerequisites. Experienced the pain of ansible::yum::latest; an aspect of the way "yum check" works makes using latest extremely slow. TODO: turn these common tasks into a reusable role including storage provisioning via LVM and link up to a Hashicorp Vault (to store SSH public/private keys for default set of users); need to provision the Vault guest.

A wiki.js guest (CentOS 7) using ansible to install dependencies (git2, node.js and MongoDB), manage directories and users (non-system provilege), install the application wiki.js, custom config file and systemd service to manage wiki.js lifecycle using ansible template. Idempotent. TODO: backup users and restore users to Hasicorp Vault when reprovisioning - to allow full recovery of wiki.js provisioning which will include install a MongoDB Change Stream event on users collection.

A proxy guest (CentOS 7), serving as a reverse proxy, using ansible to automate docker installation, with two docker instances: one nginx instance with custom templates to define default and wozitech.asuscomm.com (DDNS) reverse proxy to wikijs and a second Let's Encrypt instance to provide SSL certificate for wozitech.asuscomm.com domain. systemd services to manage each of the containers on start up. Idempotent. Initially tried using jwilder's nginx-proxy docker image, but swapped to the native nginx docker instance, after realising jwilder's proxy is to reverse proxy other docker instances running on the same host, whereas I needed a reverse proxy to another host. TODO: introduce forward proxy docker container (squid).

A Sonatype Nexus3 Repository Manager Guest, to serve a a local repo for all custom Docker images and custom Helm (kubernetes) projects along with a cache of npm (node.js) and yum (CentOS) packages. Used ansible role: ansible-thoteam.nexus3-oss. Overcome a limitation with the role that was failing to identify the latest version, by reviewing and understanding the code (simply had to set the "nexus_version" was I had determined the current latest version).

Significant achievements included:
  • Untangle Gateway Firewall - controlling ingress to local network with port forwarding and ingress/egress between KVM host-only networks.
  • nginx reverse proxy (to wiki.js) with Lets Encrypt SSL docker containers. Full idempotent configuration.
  • wiki.js - full idempotent configuration.
Source code can be found on github.

January 2018 to October 2018

Data Model & Microservice Designer - Semantic Integration/PhotoBox

Contracted to PhotoBox via Semantic Integration, reporting to PhotoBox Data Architect. Responsible for detailed enterprise data modelling, GraphQL schema design and microservice design of PhotoBox product set.
Working closely with the PhotoBox engineering agile team to replatform their product Editor, with initial focus on cards (design rich) and Books (complex high value) incorporating input from local prototyping, architecture, product and production teams (France). Introduced extensive documentation along with strong JSON Schema Validation and exhaustive JSON examples of existing products. Early JSON data examples for the engineering team and Agile Pair Programming with the engineering developers to ensure proper and efficient use of the Data Model, being able to explain the rationale.
March 2018 - seized opportunity to introduce a data model test framework, using Jest (uplifted to ES6), node.js V8.x (await/async) on top of nest.js (typescript) with GraphQL and AJV JSON validation, thus being able to assure all examples matched expected schema during period of rapid schema change. Extended this framework, using Jest to generate rich JSON data examples on-demand using a builder style syntax.
April 2018 - Owing to resource availability, seconded into the Editor agile engineering team to help with full stack development; node.js microservice development, React.JS frontend development and GraphQL development. Extended my Javascript knowledge with React.JS by completing udemy online course by Stephen Grider.
May 2018 to present - Siezed opportunity to work closely with the architects to design and prototype a AWS serverless solution to rendering high quality SVGs from the data model using Kinesis Streams, lambda, DynamoDB and Step Functions. Assisted by udemy "servlerless framework" course by Stephane Maarek. This included lambda prototypes for running puppeter (headless browser) and rendering React component, using github reference projects as an example, and providing access to those prototypes using WOZiTech AWS account. A demonstration of new technology and practice to the local engineering team which resulted in adoption of the technology for serverless rendering solution (excluding Kinesis Streams).

Have since continued to develop and deploy serverless functions, which includes the mentoring a photobox developer who initiated a webpack solution to simplify packaging, allowing me to develop a local dev & unit test framework, increasing my Jest knowledge. Working closely with the onsite DevOps team, supported the introduction of a complementary automated Jenkins build and deploy pipeline from serverless packaged artefacts to multiple environments including test and production.

Recently, circa August 2018, extended this serverless solution to include multiple export formats including export to PDF, stitching individual puppeteer JPGs using ghostscript command (within a lambda function); the results of the PDF are equivalent quality, yet smaller JPEGs than the current PDF rendering solution, & using lambda to serve up a React SPA application overcoming a limitation imposed by the Photobox DevOps team to serve the SPA application from an S3 bucket.
July 2018 to present - In my role as Data Model and Microservice Designer, I have continued to refine the data model working closely with the local engineering team, sharing my knowledge, reviewing their implementation of the data model and extending the data model based on their feedback during implementation but also taking on new features, significantly, text (both design with fonts & colours) in addition to the Editor persistence, working closely with the Editor's team UI Designer.

Circa August 2018, have crafted revisions to how the new Editor will be presented with data required to personalised any given product, without having the need to aggregate complex data structures and relationships, in addition to facilitating the large compute power of the AWS cloud to automate the generation of personalised artefacts with initial design (a marketable product), whilst offering capability to integrate with Photobox's proprietary AI personalisation engine. This is the Personalised Product Definition Data Model & set of microservices integrated with the legacy set of microservices and GraphQL presentations; easily demonstrated owing to the availability of generated data through the Data Model Test Framework. Presented and reviewed the solution with the architects and engineering team resulting from raising the necessary detailed backlog tickets for definition refinement and estimation.

September 2018, undertook a review and impact assessment to integrate Auth0 for endpoint authentication and authorisation on our serverless AWS APIGW/lambda microservices. This includes Auth0 account creation, initiator JWT token requests and passing, recipient JWT token validation using RS256 (public key) and scope approval, faciliated by APIGW "Custom Authorizer". Presented and reviewed the solution with the architects and engineering team resulting from raising the necessary detailed backlog tickets for definition refinement and estimation.
Significant projects included:
  • Created an offline Data Model Test Framework using BDD style factory content generation, transformation and validation with JSON Schema (ajv), JSONata and Jest.
  • Extended the offline Data Model Test Framework to include GraphQL, running on nest.js (typescript) framework.
  • AWS Serverless prototype using Kinesis Stream, Lambda, Step Functions and DynamoDB using the serverless framework.
  • Personalised Product Definition Data Model and Microservice design.

February 2018 to now

WOZiTech Ltd

For my own company, rebranding existing wit-piDash application and introducing new complementary wit products to learn and master new development technologies:
  • nest.js - services framework for node.js
  • MongoDB - document NoSQL database
  • gun.js - distributed Graph database
  • resin.io - IoT management and deployment
  • react/redux/react native - for rich interactive UI mobile applications
  • Vue.JS - for fast rich component (template driven) responsive web applications
  • electron - cross platform native web applications (using Vue.JS)
  • Angular - enterprise scale web applications
Built instance of wiki.js for documenting my wit product set. Running on office service including DDNS and port mapping and Let's Encrpt SSL.

Jan 2018

WOZiTech Ltd

Whilst in between contracts, taking the opportunity to rebrand my corporate website, including new logo, new colour scheme and AWS Lambda/API Gateway function with CORS for "Contact Me" send email.Rebranding is to support active development on own projects through 2018.

wozitech-old-logo

September 2016 to Dec 2017

DevOps Lead Engineer - The Home Office (Cap Gemini)

Contracted to Cap Gemini, one of three lead DevOps engineers in team varying of twelve on client site, in an agile development environment providing local and private cloud hosting services for onsite development team.
Mastered Jenkins, with a proprietary build, release and deploy solution integrated with Puppet Enterprise for Continuous Integration/Continuous Deployment (CI/CD). General Project and support responsibilities including provisioning new and maintaining existing environments. As Lead Engineer, reviewed, approved and merged juniors work and provided mentoring.
Significant projects included:
  • Built an initial virtualisation (KVM) environment for puppetised guests, having identified the need for a custom PxE boot solution bootstrapping puppet with multiple networks; full provision a fully functional KVM server within one hour.
  • Built a production custom build & deployment solution, against reference to an existing undocumented custom solution, using Jenkins, Stash, puppet enterprise, yum and Nexus.
  • Crafted a puppetised “Release Dashboard” using JQuery and postgresSQL JSON showing what version of application (+8) and components (100+) are deployed to which environment (30+) when and by whom.
  • Built a fully puppetised reverse web proxy with SSL offloading and email routing (postfix) to multiple security domains.
  • Puppetised and took live a private cloud hosted JIRA & Confluence, with Crowd with upgrade and migration from local LDAP instance.
  • Reworked the existing custom deployment solution to deploy across multiple security zones and consolidate the solution across multiple environments.
  • Augmented the custom build & deployment solution for multiple long-term release git (Stash) branches, including the handling of component versions between branches, using Jenkins, groovy, postgresDB and bash scripting.

September 2016 to Dec 2017

Fullstack AWS Developer - WOZiTech

Development of “wit-wedding” application suite for real time posting of pictures and messages before, during and after my wedding in September 2017.
Multiple integrated components included:
  • wit-weddingServe: NodeJS RESTful backend application with MongoDB data store running on AWS EC2 (reserrved instance) integrated with AWS S3 (multimedia store), 1and1 IMAP/SMTP and MessageBird SMS. Nginx reverse proxy with SSL offload. Let's Encrypt SSL certificate (continuously renewed). SMS text content upload. EMail text and multimedia upload (photos and video) upload upto 10MB. SMS and Email registration. AWS CodeDeploy from github and environment configuration from S3 bucket. AWS S3 bucket backups for MongoDB.
  • wit-piDash: an SPA (single page application) web application (JQuery) running on Raspberry PI using Web Socket push technology, content streamed from wit-weddingServe.
  • wit-wedding-app: an SPA (JQuery) web application running on AWS S3 bucket website, integrated with wit-weddingServe using JWT for authentication and AWS S3 signed URLs for content. Multimedia upload (photo and video) upto 100MB.
Used this personal project to attain "AWS Certified Developer - Associate" in Nov 2017.
Current projects include resin.io RaspberryPI, Electron/VueJS dashboard and AWS Lambda/Kenesis video streaming - “wit-stream” (only for AWS to then annouce DeepLens at 2017 re:Invent.

September 2016 to June 2016

Linux Build Engineer - MTCnovo

Worked with the project manager to review application requirements and devise server specification. Identified supplier and purchased server. Local hosting of Dell server, built with RHEL7, for the hosting of tomcat7 application built by MTCnovo team in Utah, USA. Presented server to Internet and locked down remote (SSH) access to MTCnvo app team. Server and database (mysql) backup over NFS to NAS, using Logical Volume Manager (LVM) snapshots.
Using Skype, reviewed the detailed application requirements and then provisioned the detailed server configuration. Supported the app team through the deployment, providing deployment script and worked with the app team to secure logging.
Supported the ITHC pen testers and remedial action. 20% observations against server build - no critical or high; fixed all 4 medium and all 7 low observations.
Successful onsite installation and commissioning.

Sept 1998 - Aug 2016

CGI, formerly logica, formerly CMG

       

October 2014 & September 2015

Princes Trust Palace to Palace Charity Ride

Part of the inaugural CGI team (2014) to cycle the Princes Trust Palace to Palace charity ride. Raised £350 in 2014 & £290 in 2015.

April 2016 to August 2016

Solution Architect at Central Government Department

Pioneered two development projects utilising latest web technologies including AngularJS, NodeJS/Express, Handlebars and MongoDB, with automated build using Gulp. Responsible for concept development, application development, mentoring junior developers, solution definition, solution architecture, solution sponsorship and solution promotion. Built and demonstrated proof of concepts and have recently secured project funding and significant client interest. This client success has led to the Senior Management Team creating a new position of "Innovation & Prototype Lead".

June 2015 to August 2016

Solution Architect at Central Government Department

Provided Technical Leadership within the CTO supporting high profile and complex projects. Leading a team of fourteen Architects having mixed disciplines including applications, infrastructure, technical/operational security and Information Assurance. Directed change and delivery across multiple projects. Technical lead & lead developer on a secure reverse application web proxy with RESTful services and web sockets. Supported the transition of legacy web application to cloud with continued operational integration with secure hosted applications.

June 2015 to January 2016

Solution Architect in CGI Centre of Excellence

Led the development of an open source proof of concept display replacement, using Raspberry PIs, MySQL, PHP, Python and RHEL integrating with a HTML web source, having now deployed to two live pilot sites and successfully passed vulnerability assessment as part of ITHC; preparing for UK national rollout.

June 2012 to May 2015

Various roles including Infrastructure Design Authority, Technical Architect and Solution Architect at Central Government Department

Built a SECRET production/DR & preproduction App Hosting environments for 400+ Virtual Servers and 50+ applications. Leading a team of network, storage and server engineers, achieved successful production deployment within six months and preproduction just one month later. Joined the CGI New Capability team on client site in January 2013. Rapidly completed the transition in to service an application including migration of data from old application. Created an enviable relationship with end users, business and supplier; a relationship exploited with follow on work including invitation to solve an issue within European Union for data transfer between disparate SECRET and OFFICIAL-SENSITIVE. Technically led the complex transition (legacy applications & indifferent working practices) of a large government department (100+ users and 30+ applications) within just six months. Became known as a trusted advisor through honesty and thoroughness of approach. Success led to placement as New Capability Technical Team Manager responsible for a team of twelve senior TDAs of multiple disciplines and six BAs. Responsibilities included team line management and project assignments. By personal request by CGI New Capability Delivery Director, through RFI and RFQ, secured a supplier for XML (SOAP) Gateway solution. Continuous client successes resulted in creation a new custom role in September 2014; that of Innovation Lead within the client’s own Digital Transformation team. Within just six months, leveraged previous business relationship to secure a project integration with another Government department. Extended this solution further by developing custom web services to integrate an assured PDF document file transfer interface.

October 2006 to June 2012

Technical Architect on Central Government Managed Services Programme

Part of the successful bid team working on sales differentiating service improvement projects. Led the demonstration of virtualising a business critical legacy SPARC Solaris application; coined the term "App-In-A-Box"; the first demonstration within CGI at the time. Within six months, had transitioned the application to production data centre hosting. Developed extensive knowledge on complex Application Hosting and established self as a trusted deliverer of complex IT. Often called upon for my knowledge of the hosting and wider infrastructure provided by separate supplier for expedited change & delivery.

September 2005 to October 2006

Developer/Solution Architect - Q8, Shell and ExxonMobil

Various roles including:
  • Q8 - web site update to provide downloadable high value PDF invoices.
  • ExxonMobil - a pure sales led initiative to demonstrate the power of Microsoft BizTalk for automated business processing.
  • Shell - a review of their Internet Style Guidelines, and creation of various sets of references pages highlighting implementation of guidelines controls.

October 2004 to September 2005

Technical Design Authority - npower

On client site in Newcastle, providing technical assurance for all changes against a new billing system on IBM AIX, working closely with the client's own Technical Assurance team having many years of experience.
Led the overall design and implementation of the Cash Collection functionality, having integration with BACS, cheques, telephone automated payments & Paypoint. During this specification, took ownership for "Unidentified Cash" functionality, forging a trusted relationship with the accounts teams based in Leeds. Quickly understood the business domain and provided support and guidance to the account team regarding IT.

September 2000 to October 2004

Developer/Technical Architect - Shell

Many projects as Lead Technical Architect at on client site with Shell European Oil Products (SEOP) Distribution team, based in London with projects across Europe including Netherlands, Germany and Italy.
In 2000, led the development of a B2B web application (Microsoft ASP and SQLServer) using follow the sun development and hosting with a 3rd part in Australia working on graphics and style, business logic in London (where I was based) and hosting with Shell in Houston. Spent six months in Italy implementing the application with the Shell business unit responsible for managing the fleet of 3rd party truck deliveries. Implemented a DOS shell/MIME type association script to redirect SAP generated ASCII line printer output to LPT1 & LPT2 to enable the printing of legal delivery and transport documents at Terminal Automation System (TAS) depot.
In 2001, accepted the Lead Technical Architect role within SEOP London, working on various SAP integration projects, including:
  • Assuring the technical capabilities during an Invitation To Tender (ITT) for European-wide TAS.
  • Integration of "Shell Germany" legacy Delivery Management application.
  • European wide, multiple supplier, mulitple language web based Delivery Data System (DDC) using IBM WebLogic and Enterprise Java 2 (session beans and Bean Managed Entity Beans) with a fully automated Ant build (from CVS branches with merging) and packaging script for both local hosting (test) and remote deployment (Shell Netherlands).

September 1998 to September 2000

Developer - Various Roles

Worked on many projects during this time in various positions, including architect & developer on a global distributed messaging interface for Shell to SAP IDOCs using OpenTrade with C++ and Oracle 7.3.4 for Shell, developer using Graham Technologies GTX for Yorkshire Electricity Group and a variety of small technical consultancy assignments using Tibco, Iona Orbix and BEA Tuxedo.

May 1996 - Sept 1998

MSI (Mobile Systems International)

January 1998 to September 1998

Development Lead

Team Leader directly responsible for a team of four along with technical & quality champion for team of fifty-plus developers. Provided interfacing role between business users, consultants, testing, technical authoring and customer support teams.

January 1997 to December 1997

C++ Programmer

On own initiative, designed and built a script driven test harness reducing a 1-year project by 2 months and ensuring a first time successful go-live, with customer demonstration in Turin, Italy securing sales deal.
Achieved "outstanding contribution" award.

May 1996 to December 1996

C++ Programmer

Designed (OO), built (C++) and unit tested enhancements for flagship product and made significant performance enhancements to the CORBA interface. Extensive use of Clearcase source code control management (SCCM).

Oct 1994 - May 1996

Ferranti-Thompson Sonar Systems Limited

Ferranti-Thompson Sonar Systems logo

October 1994 to May 1996

C++ Programmer

Designed, built, unit tested and implemented three large MOD projects, including a sonar "simulation training environment" using tri-screen Sun workstations with X-Motif and C++, a reusable framework for the generic handling of distributed events and a PC-based multi-threaded message router for a £multi-million simulator, integrating 200+ transputers/300+ DSPs. Reviewed design documents and other developers' code.

Oct 1990 - May 1994

UK Defence Research Agency - formerly UK MoD

Oct 1990 - May 1994

HSE

Various roles during summer and spring holidays onsite, both computing (VAX VMS) and telecommunications.

June 2018

MongoDB World, in New York

26th June - advanced analytics using aggregation deep dive
27th June - predominantly advanced development workstream, including stitch (MongoDB equivalent of lambda and DynamoDB Streams)
https://www.mongodb.com/world18

May 2018

AWS Summit London - 9th May 2018

Builders Day - Serverless Applications Development workstream:
https://aws.amazon.com/events/aws-builders-day-uki-2018

Apr 2018

M036: New Features and Tools in MongoDB V3.6

Nov 2017 - Feb 2020

AWS Certified Solutions Architect - Associate

Expires February 2020

Sept 2017 - Nov 2019

AWS Certified Developer - Associate

Expires November 2019

present

Institute of Engineering and Technology

Member since 1993

Member (MIET)

May 2017 - May 2018

UK NPPv3 Cleared

Expires 10th May 2018

Sponsored by Warwickshire Police (via Home Office)

Mar 2017 - Mar 2024

UK Security Cleared

Expires 16th March 2024

Sponsored by Home Office

Held secuirty clearance since 1990 when I was sponsored by UK MoD through univesity.

May 2016

MongoDB for Node.js Developers

Oct 1990 - May 1994

Loughborough University of Technology

Masters in Electrical & Electronic Engineering (2:1)

Sept 1988 - June 1990

Havant Sixth Form College

5 A levels

  • Applied Mathematics - A
  • Pure Mathematics - A
  • Combined Mathematics - A
  • Physics - B
  • Electronics - B

Interests & Hobbies

Code Club Ambassador
In November 2014, through own initiative, enrolled as a Code Club ambassador. Identified own club at St Joseph's Junior School in Norwood, South London. Run an after school code club every Monday PM during term time.
In March 2015, built a school community website allowing my codies to practice their HTML coding in addition to providing a collaboration and communication platform for each other.
In June 2015, built an online skills assessment platform using Moodle to access the pupils achievements during Code Club.
After changing role and job, enrolled for third year in Jan 2017.
Academic year 2017-2018 - taking timeout.
Raspberry PI/Oroid
Have built a collection of music streaming PIs over the years, using home digital audio collection in addition to streaming from Spotify, using the IQAudio HiFi HAT.
Built a Raspberry PI weather station my Code Club. Aspirations to build a robotic veggie patch.
Played around with the Odroid XU4 and CU2; not as easy to prime as Raspberry PIs, but finely got Ubuntu 16.04 Mate working from eMMC (SD boot partition).
Working now on a Raspberry PI IPCam video streaming and motion detection, along with facial recongition and gesture control.
DIY & Gardening
In April 2014 moved into a house with garden; enjoy growing my own food, blending modern & classic aspects and sharing skills & effort with neighbours.
Application Development
A passion for open source development, predominantly in PHP and MySQL but also Java Enterprise using Apache Tomcat and Red Hat JBoss.
  • In 2012, developed a friend's website in PHP with MySQL for his specialised cars business (no longer trading).
  • In 2014, built street community website in Drupal, promoting social and hobby groups, local awareness including neighbourhood watch and support for elderly neighbours. Enlisted the support of local councillors.
  • Start of 2015, built community website in Drupal, for my Code Club.
  • From March 2015, I have started the build of a customised open source home distributed music streaming solution using QNAP media server, Raspberry PI with gmrenderer & gstreamer and an alternative with RuneAudio, customising playback via Android tablet with remote power control and playback to any room in the house. Have completed the first phase, music streamed to bathroom through ceiling speakers.
  • From July 2015, built website for a friend's new pub, restaurant and bed & breakfast utilising HTML5 and CSS3 with multiple device support (PC, tablet and mobile phone). This includes creating and maintaining Facebook and Twitter presence.
  • Between January 2016 and now, self taught AngularJS, Handlebars and MongoDB, including automated build and deploy using Gulp.
  • Interests lie with DevOps - full automation and orchestration between development, test and production.
  • In Feb-Sept 2017, built a Raspberry PI Dashboard for my wedding, allowing guests to post photos and comments throughout the day by SMS, email and web upload - using NodeJS (Promises/Web Sockets), MongoDB, 1and1 email (IMAP & SMTP), MessageBird SMS, AWS EC2 with Nginx & letsencrypt certificates for SSL offloading and , AWS Route 53 and AWS S3, along with subsequent upload/download of videos and images for sharing.
  • In May 2017, built my own KVM server; 78GB RAM, 8 core/16 hyper with 6TB of storage.

Professional Skills

Client Facing
Twenty years of client facing roles as an IT consultant in a variety of industries predominantly and most recently the UK Central Government.
Enjoy working seamlessly within client teams, committed to the delivery of solutions that work for their business and the end user.
  • From 1994 to 1996 - employed by client at Ferranti-Thompsom in Weymouth, Dorset, UK.
  • From 1996 to 1998 - employed by client at MSI in Docklands, London, UK.
  • From 2000 to 2004 - on client site with Shell in London, with six months in Milan, Italy and numerous long stay trips to Hamburg, Germany.
  • From 2004 to 2005 - on client site with npower in Newcastle, UK.
  • From 2007 to 2011 - on client site with a central government department, London.
  • From 2012 to 2015 - on client site with a central government department, London.
  • 2016 to 2017 - on client site at the Home Office
  • 2018 - on client site at photobox
Project Planning, Project Estimation & Costing
More than twenty years working with project and programme managers to identity, plan and track activities across complex deliverables with mutliple teams. Projects ranging from a couple of weeks (Agile sprints) to more than six months (complex transitions). Projects costing a few thousand to multi-million.
A minimum of twenty years estimating own & others within my team activities, with the last twelve years including that of others.
Planning and estimation of new change projects within complex programmes (more than 100 staff) running over ten years contract.
Two years experience in formal sales costing of complex projects including service delivery using CGI's formal costing tools.
  • From 2000 to 2004 - technical effort estimation for own team (myself and four others developers).
  • In 2005/2006 - technical effort & cost estimation as part of CGI team to central government department, which ultimately we won. My focus was on Service Improvement Projects - innovative sales led bid differentiating service projects.
  • From 2006 to 2010 - technical effort estimation for own team (multiple project teams ranging from 3 to 10) within CGI central government department programme, most notably a large scale application transition.
  • From 2010 to 2011 - technical effort & cost estimation for own team (multiple project teams ranging from 3 to 7) within CGI central government department programme, most notably a large scale application transformation project.
  • From 2012 - technical effort estimation within CGI central government department programme for a multi-disciplined team building virtualised hosting platforms.
  • From 2012 to 2015 - technical effort & cost estimation within CGI central government department programme on multiple (in excess of #30) contract change projects including transition in to service and some (at least #5) with 3rd parties.
Team Leading, Coaching & Mentoring
Formal team leading in various positions, leading teams of two-four, up to fifty.
Having had a productive career in IT, championed the development of junior Technical Architects.
Through Code Club, inspire a new generation of developers to combat the IT Consumer rather than IT Producer paradigm.
  • From as far back as 1998 at MSI, led a team of fifty plus developers. Throughout employment in CGI, have been the technical lead on many accounts including the solution team manager leading a team of four Technical Architects, six Technical Design Authorities and five Business Analysis across a large programme of projects in excess of £10m annually.
  • At CGI, have held on four separate occassions (2004-2006, 2008-2010, 2012 & 2015), staff management roles for other consultants which included day to day line management, absence management and career management.
  • Led team of eight Technical Architects (TAs) supporting complex technical change, application & infrastructure transition and new application deployment in large, diverse and disparate infrastructures. Day to day activities include providig absence cover for the team manager, assignment of project activities to TAs & review and direct TAs deliveries along with integrating hosting & application subcontractors.
  • As a visionary within the CGI Public Sector Justice Centre of Excellence (July 2015), mentor to under graduates and apprecentices to prototype innovation applications.
Change Management, Incident & Problem Management
Minimum of ten years working within formal ITIL processes, primarily within a project role which includes transition of project into service.
Rather than fearing or procastinating on change, actively promote change. Work closely with all teams involved in implementation of complex change including service support teams, suppliers and end users, identifying impact and mitigating risk.
Resulting from breadth of experience with analytical reasoning and problem solving capability, often called into service support incident resolution and problem management investigations.
    Between 2006 and 2011, implemented more than 350 operational changes. Became trusted for the quality and effectiveness of my changes. From 2010, operated a change assurance role, reviewing other CGI technical changes before they went to Change Assurance Board (CAB). Our change efficiency improved by more than 300%.
  • Between 2012 and 2015, implemented more than 200 operational changes. Became trusted for the quality and effectiveness of my changes; often praised by the client during CAB and held as an example of how change should be authored.
  • From July 2015, often called to assist with complex live fault investigations on application services distributed across multiple suppliers.

Technical Skills

DevOps - CD/CI
2016-2017 - Atlassian Stash and Jenkins integration for automated builds against custom Jenkins JJB generating build jobs for RPM, ZIP and JARs (courtesy of mojohaus and maven).
2017 - Bespoke Jenkins JJB jobs with groovy script, postrgesDB and bash shell to manage long-lived git branches across multiple (100+) build components in multiple (50+) Stash repos, including branch deletion and branch merging (all branches and specific branches).
2017 - Release & Deployment Dashboard using postgresDB json (server side) and HTML5/JQuery (client side); solution deployment fully automated via puppet with Apache including reverse proxy, both user and host authentication across two servers.
2017 - Ubuntu KVM/puppet - PxE boot physical server with combination of Red Hat kickstart and Debain preseed with KVM bridged network interfaces with custom post-install script for bootstrap installing and configuring puppet. A full capable virtualisation host from 0 to ready in less than one hour, simply by rebooting in PxE.
2016-2017 - Puppet Enterprise configuration of virtual servers both local (vagrant/VritualBox) and remote Private Cloud, such as, File, Service and Package, but more so:
  • Apache reverse proxy with SSL offloading
  • HAProxy email load balacing
  • Atlassian JIRA, Confluence and Crowd installation for continuous forward upgrades
  • Sophos Installation - where Internet connection is available
Solutions Architecture
Two years including Value Architectures and Risk & Cost Driven Architectures.
Solutions across applications and infrastructure, able to bring together multi-disciplined teams and explain complex aspects to business and end users alike.
  • In 2014, led a varied team of infrastructure and application technical architect, technical design authorities and business analysts.
  • Late 2014, was invited to join client's their Innovation team.
  • In mid-2015, now within the Central Technology Office (CTO), I led across solutions in transition and new application deployment. Specifically, I challenge the effectiveness of the solution both technically and to the user, ensuring the best solution for the need at hand. I use my knowledge of the client to assure we deliver the best we can, not simply repeat what we have done previously.
  • In mid-2015, I am part of the CGI UK Public Sector Justice Centre of Excellence practice, promoting Innovation with a focus on "changing the face of justice" with "disruptive innovation".
  • From May 2016 to Aug 2016, leading the concept, design, prototype and delivery of an application reverse-proxy to broker cross-security domains.
Since forming my own company, WOZiTech Ltd, in 2016, started working on my own set of "wit-ty" products ("wit" is short for WOZiTech); more than one "wit" product is a "wit-ty" set). Responsible for the concepts, the branding, the user solution, the technical solution (a blend across physical/interactive and AWS hosted/services), the deployment and configuration all open sourced (BSD license) but available for sale using ethical license model (free for charities/schools, 70% discounted for health/sports companies, ... 100% to private sector and central government).
Technical Architecture
Twenty plus years across variety of COTS, GOTS, legacy & bespoke environments of UNIX (AIX, Solaris & Linux [Red Hat Enterprise Linux & Fedora], SuSE and Ubuntu) and Windows (NT Server, Server 2000 to Server 2008).
Able to bridge diverse teams of skills including hosting, servers (Windows and UNIX), networks (local and wide) and application development, translating complex technical aspects to project/programme managers and business analysts.
Operate efficiently with suppliers to provide complex solutions. Establish myself as friend and confident with honest and ethical communication, taking the time to recognise the supplier's achievements and providing feedback on products.
Excel at working with end users establishing myself as friend and confident. The best solutions are achieved through understanding how business users work. New work has been secured by observing how to improve the way business users work.
Since forming my own company, WOZiTech Ltd, in 2016, own the architecture of the components and services, their integration, their choice of 'best fit' technology. Always on the look out for new technology, and to gain new skills.
Application Development including Web Development
More than twenty years with true passion.
Both personal and professional development of fifteen plus years.
Retaining hands on activity across multiple programming languages predominantly C++, Java and PHP, recently C#.NET & python and historically Pascal/Modula-2, OCCAM, ADA, Assembly Language (DSP), C and VisualBasic.
Both enterprise application development including distributed messaging (OpenTrade & JMS) and realtime application development (OCCAM & DSP).
Some database development using [PLSQL (Oracle) and TransactSQL (SQLServer)].
  • On leaving university in 2004, at Ferranti-Thompson using C to break the 640KB DOS memory boundary developed a multi-threaded SONAR control unit interfacing to a bank of 200+ DSPs with external HDLC protocol control.
  • While at Ferranti-Thompson, in 2005, developed using Motif and C++, a sonar simulation training environment.
  • At MSI from 1996 to 1998, used C++ in a multi-developer (50+) environment. Created an optimised 2-D mobile phone microcell modelling engine, with a graphical test harness.
  • At Shell in 2000, development of both DCOM and OpenTrade messaging platform, the latter ultimately deployed globally.
  • At Shell in 2001, first "Business 2 Business" Internet solution, integrating web presentation code produced by 3rd party in Australia, ASP.NET pages produced in London, application tested in Italy and hosting deployment in Houston, USA. Full "around the clock" application development and deployment. Spent six months in Italy to complete development, provide assistance for system testing and support the deployment to end users.
  • Whilst at Shell, between 2002 and 2004, led the development team during design & build of European web solution using J2EE V1.3 with autmated build and deployment scripts using Ant.
  • Between 2005 and 2006, led the development of a BizTalk integration platform and a custom PDF web tool using XSLt for high value aviation orders for Q8.
  • In 2009, custom Boarding solution for CGI; a distributed platform for the transfer of operational data around RESTRICTED hosting platforms for dev, test and production, full auditing (syslog), content inspection(MIME type and anti-virus scanning by three separate vendors) and enforcement to Incident, Problem and Change Management. Utilising open source (except for anti-virus) including Ubuntu Desktop LTS for Boarding Kiosk, PHP and MySQL. Integrated with two separate Active Directory domains using Kerberos. Solution successfully passed infrastructure and application ITHC inspection; accreditor praise the quality of the solution and noted it was worthy for a highly level of security implementation.
  • In 2010, led the transformation of legacy middleware product "Mercator" to IBM's leading integration product "Message Broker". Supported a team of four developers working closely with IBM product consultant.
  • In 2013, developed a RESTRICTED/SECRET data transfer gateway with enforced content inspection.
  • In 2015, built custom web service file transfer gateway using Microsoft C#.NET and ASP.NET, extending existing XML Guard for assured data type enforcement & anti-virus inspection; Windows Event Log operational monitoring and OSSEC for protective monitoring.
  • In 2016, developed prototypes using AngularJS & MongoDB, runing on NodeJS/Express (including support for SSL) and dynamic content using Handlebars. Full automated build and deploy using Gulp.
  • In 2017, for my wedding, NodeJS/Express and MongoDB, using JWT, web sockets, PromiseMap, AWS SDK for S3 with signed URLs, MailGen for SMTP/IMAP and restful web services for sending & receiving SMS via MesaageBird; hosted on AWS EC2 with nginx reverse proxy and Let's Encrypt SSL certificate.
  • Have started working Electron/VueJS app for Raspberry PI - for customisable 4" touch display, as cornerstone to my (WOZiTech Ltd) interactive "wit" product set.
Networks
Including TCP/IP, subnets, VLANs, routing, LAN/WAN, firewall, proxies, NAT/PAT and stateful inspection experience of more than ten years.
Able to contextualise and effect complex enterprise networks integrated across multiple suppliers.
Bridge the divide between applications and infrastructures.
  • Working knowledge of small and large corporate WAN deployment (from #20 sites to over #500 sites).
  • Extensive knowledge of large scale hosting (data centre) with complex routing, including hosts with multiple network interfaces, to separate management, front and backend traffic across multiple tiers.
  • Have good knowlegde of GSi and PNN.
  • Have good knowledge of the Internet and services via the Internet.
  • Woking knowledge of gateway services including web proxies, ftp proxies and email services.
AWS VPC; not just that required during training for AWS Certification, but practically too for hosting my "wit" products - production, test and development.
AWS Route 53; A records to wit-* products and aliases to S3 websites, including this website.
Enterprise Infrastucture
Includes Desktop, WAN & LAN, Active Directory Authentication & Authorisation, A/V, OS patching and monitoring of ten years plus.
  • Have direct experience in developing web applications with integrated authentication and authorisation with Active Directory kerberos and using Microsoft IIS as forward web proxy.
  • Have direct experience in developing and deploying applications and solutions with extrinic anti-virus scanning and enforcement and through secure transfer service gateways.
  • Have direct experience in developing and deploying applications within integrated monitoring (service & protective monitoring).
Enterprise Integration
A minimum of fifteen years of distributed development and deployment RMI & RPC, CORBA & OpenTrade, SAP IDOCs & BAPI, databases and recently web services.
  • At MSI in 1996, was developing distributed application interfaces using CORBA.
  • At Shell in 2000, championed the introduction of the OpenTrade (Tibco equivalent) messaging product for replacement of a failing Microsoft DCOM interface. Messaging reliability increased to 99.999% and message volumes in excess of 50 per second.
  • At Shell in 2004, led the design & implementation of an Internet solution for European wide delivery of road fuel to service stations integrated with SAP via BAPI & IDOCs.
  • In 2006, for Exxon Mobil, led a demonstration using Microsoft Biztalk technology.
  • In 2008, transitioned and virtualised the complex application using Oracle (BEA) WebLogic clustering and JMS, with extended bidirectioned interfaces to/from GSi and Internet 3rd parties using ftp, SMTP and http.
  • In 2010, extended Jscape product through Java extensions to provide automated processing of data via FTP.
  • In 2011, designed and implemented a web based boarding solution with web services for authenticated & authorised distributed & audited transfer of data to/from IL3 (OFFICIAL-SENSTIVE) platform with syslog for operational and protective monitoring.
  • In 2013, built an assured custom web based solution for transfer of data to/from IL4 (SECRET) &s; IL3 (OFFICIAL-SENSITIVE) separated platforms with integrated anti-virus and data type enforcement.
  • In 2014, built an assured web services custom transfer solutionwith in-built data type enforcement and anti-virus inspection between SECRET (IL4) and OFFICIAL-SENSITIVE (IL3) applications.
  • In 2015, built custom web service file transfer gateway using Microsoft C#.NET and ASP.NET, extending XML Guard for assured data type enforcement & anti-virus inspection; Windows Event Log operational monitoring and OSSEC for protective monitoring.
  • In Oct 2015, introduced a distributed application reverse proxy with HTML scraping.
  • In June 2016, using IMAPS automated integration with a client's secure hosting environment.
  • In July 2016, using AWS SDK for Java, developed a client to download files from AWS S3, reusing the existing web proxy infrastructure to provide continued integration with secure hosted application services.
  • In 2017, under WOZiTech Ltd, IMAP/SMTP integration for wit-mailServe with web socket API to wit-*.
  • In 2017, under WOZiTech Ltd, restful API integration with MessageBird SMS (send and receive) for wit-textServe with web socket API to wit-*.
  • In 2017, under WOZiTech Ltd, NodeJS AWS SDK integration with S3 to upload photos and videos to S3 buckets and signed URLs.
Enterprise Security
Having five years of technical and process security including firewalls, proxies, LAN & WAN encryption, on-demand anti-virus and recently content enforcement.
Work closely with CGI Technical Security Specialists and client's own accreditors during technical design and implementation. Including scoping and implementing IT Health Checks (ITHCs) and observation resolution.
  • For central government departments worked with client accreditors, securing security approval for transitions and project implementations. Became known as trusted advisor not just through the quality and thoroughness of approach but through demonstration that I listen, absorb and utilise the information and guidance provided to me.
  • In 2010, had application development (Boarding solution) put through pen testing to IL3 (OFFICAL-SENSITIVE) accreditation, both infrastructure and application. Minimum number of observations recorded and all except low priority observations fixed. The acceditor noted the solution met many IL4 (SECRET) security aspects.
  • In 2011, wrote a firewall reporting tool taking input from multiple (including legacy) devices and annotating over 500 rules to group by service and application; used this information to compile a comprehensive GSi Code of Connection (CoCo) compliance report. Praised by the client for thoroughness and presentation of data. Often cited by the client.
  • In 2013/2014, during a complex business unit transition (from one government department to another), brought many aspects of operational security practices to the attention of the accreditor and gained approval for revised practical working practices, in some cases "risk managed" with agreed SyOps.
Application Hosting
At least fifteen years experience including compute, network and storage with web, Citrix, databases (Oracle, SQLServer & MySQL), multiple VLANs and network route tables, load balancing & resiliency and DR & failover.
  • In 2000 whilst at Shell, led the design and transition of the hosting of SICOS web application with Shell USA (Houston).
  • From 2006 to 2012, led the design and transition of many high profile applications from multiple incumbents, including virtualisation, into assured secure (IL3) hosting environment.
  • In 2012, led the design and implementation of new IL4 (SECRET) hosting environment with separable production and preproduction environments and integrated administration services.
  • From 2013 through until 2015, led the deployment of many applications into IL4 (SECRET) hosting environment, including the complex transition of more than sixty client (via CITRIX) & server applications from incumbent. During 2014 & 2015 these application deployments included IL4 (SECRET) and IL3 (OFFICIAL-SENSITIVE) interfaces.
  • Between February 2016 and April 2016, built a locked down Red Hat 6 physical server for a colleague working with the application supplier's team in Utah, USA.
2016-2017 AWS EC2 and S3; resulting in AWS certification.
2017 KVM PxE boot including secure network configuration of bridges and virtual interfaces, including NIC bonding (load balancing and failover). First practiced on my own server on Ubuntu 17.04, then repeated on client engagement for Ubuntu 14.04.
2017 AWS EC2, for NodeJS/MongoDB/nginx guest with AWS IAM policy for AWS S3 bucket access both application and backups. AWS CodeDeploy from github for deployments.
Virtualisation & Cloud
More than ten years including VMware and recently Amazon Cloud.
  • In 2008,championed the virtualisation of a complex Oracle (Sun) Solaris application, many thought would not work.
  • During 2008 to 2011, championed the virtualisation of many legacy applications, some with complex application characteristics working with 3rd party on detailed design and implementation.
  • In 2012, led the design & implementation of VMware platform for the hosting of 400+ virtual servers across production and preproduction, working with CGI's shared service specialists in Wales. Successfully delivered the platform on time.
  • In 2015, created my own AWS hosting environment; in part, you're reading this site for it.
Technical Documentation
With more than ten years experience across requirements specification, high level design, low level design, test specification and Acceptance into Service.

Professional Roles

DevOps Lead Engineer
2016-2017
Team Manager
2013-2015
People/Line Manager
2007-2012
2013-2015
Team Leader
2004-2006
Development Lead
1998-2004
Design Authority
2004-2005
2007-2012
2014-2016
Solution Architect
2014-2016
Present
Technical Architect
2003-2014
Present
Application Developer
1997-present
Always
Programmer
1993-1997