Planned to take an extented break following framestore contract (one/two months). An unfortunate bicycle injury late August resulted in fractured collarbone and three fractures to my jaw (the latter requiring surgery to fit plates), resulted in a very extended period off work.

Sep/Oct 2023 While recovering from accident, to help re-build strength back at the computer I started Udemy online training for AWS DevOps Certification. Booked my exam for Thursday 19th October 2023. And passed.

Oct/Nov 2023 - Received notification from AWS that node V14 is being retired for lambda. The "Contact Form" on my WOZiTech public website is an APIGW/lambda API build via "serverless framework" many years ago. I tried bumping lambda to node v18, but the function failed. Looked at the code to update all packages, and realised it will be easier to rewrite. Decided to use AWS SAM, which included:

• Created a dedicated AWS OU for WOZiTech - previous API in root account.
• Porting from javscript to typescript.
• 100% unit test code coverage.
• Porting from AWS SDK V2 to V3.
• Introducing APIGW throttling; I could deploy WAF but it's not cheap!
• Updated WOZiTech to include PHP server side to protect the APIGW URL from public domain exposure; I could have then introduced an AWS Secret known only by my WOZiTech web server and the API. But it's overkill.
• Decommissioned the old severless framework API (using node v14 locally).
• Introduced server side PHP to process the contact us form - hiding the APIGW endpoint URL from prying eyes.
• Integrated Google recaptcha V3 to both client side and PHP (server side); note, thought about validating the captcha in the lambda, but I have other ideas for the API.
• Introduced APIGW/OpenAPI with body validation.
• Introduced source IP address restriction on API using APIOGW resource policy (cheaper than WAF).
• Introduced APIGW/SQS/Lambda alternative; reduces latency on API to user, benefits from OpenAPI input validation.
• Introduced APIGW direct to SES, reducing time to send email with Apache Velocity mapping of request body and responses.
• Working on APIGW and Step Function integration; direct to SES is good, but doesn't benefit from error handling.

Significant achievements include:

• 19th October 2023 - AWS DevOps Professional Certification
• 2nd November 2023 - WOZiTech website integrating Google recaptcha to reduce risk of abuse of contact-us API

Contracted to a specialist division of framestore, providing large and small, public and corporate displays from Times Square to portable kiosks. Responsible for the full AWS platform including architecture, deployment and development of multiple APIs, using AWS SSO across multiple OUs. Extensive CDK implementation with zero handover. Providing support to permanent staff to learn new AWS skills; included documenting the solution and processes. My significant experience in AWS and architecture affording the transformation of the technical platform from a project to a product; this including securing and consolidating a complex set of disparate services and data.

With CDK, using AWS Cognito, implemented SAML authentication to CMS with pre-auth lambda for role mapping. Introduced OneLogin for project use with SAML across multiple environments. With framestore's own service team, integrted SAML with framestore's corporate Google authentication service. Worked directly with client to integrate SAML with their Active Directory service.

Dockerised internal digital asset management (DAM) application. Via CDK and AWS ECR, managed the versioned deployment of the DAM application across multiple environments.

Introduced weekly refinements and instilled the significance of quality constructed Jira tickets.

Resolved CMS Web app (React) token refresh (both Cognito user pool and identity pool) through AWS Amplify framework.

Via CDK, introduced AWS Backup for consolidated backups across multiple data sources including DynamoDB, S3 buckets and RDS. This included continuous (point in time recovery) on all.

Technically led AWS integration (S3/lambda/SQS[FIFO]) via box.com with a 3rd party; the solution allowed both for scaling on input and yet concurrency control on output.

Via CDK and AWS API Gateway, introduced a proxy around the DAM RESTful API, to improve and simplify security from the CMS SPA web application, re-using Cognito User Pool "id" JWT. Presented this proxy API to CloudFront (from where the CMS web application itself is served) providing improvements for caching but mainly to encapsulate the complex backend dependencies. This included support for CORS for local development and migration of assets (both S3 and DynamoDB) across the multiple dev/test and client UAT/production environments.

Via CDK, introduced AWS SSM for centralised and secure (via AWS SSO and multi-factor authentication) remote access to to access to the various physical servers across the globe.

Via CDK, introduced CloudWatch for centralised logging and monitoring of both remote physical services and AWS hosted DAM application, with managed Insight queires for use across all OUs, and log metrics/alarms. Via CLoudWatch/SNS/lambda introduced Slack messaging for alarms.

Provisioned via CDK a new APIGW/lambda RESTful backend with custom domain/certificate and token based authentication, integrated with DynamoDB for data storage and Secrets Manager for token management. Used APIGW OpenAPI document for API description and POST body validation.

Route53 (DNS) migration for more autommous OU localised services; included managed deployment of migration across the multiple dev/test and client UAT/production environments.

An additional custom domain APIGW/lambda RESTful backend via CDK with token based authentication with CORS handling, integrated via S3, with scheduled lambda to fetch and cache essential data from 3rd parties including AccuWeather, Instagram and Twitter; instagram token refresh managed by AWS Secrets Manager and custom lambda. Included provisioned capacity review to assure endpoint response times.

Digital Asset optimisation, presenting voa CDK all assets via CloudFront/S3 via multi-region asynchronous (SQS) notification of asset (CRUD) with thumbnail generation (lambda layer - canvas serverless app) and bulk migration, facilitating significant regional end user performance improvement.

Significant achievements include:

• Implementing SAML authentication both within the team and with clients
• APIGW Proxy to Drupal API - providing caching and improved security
• SPA asset optimisation and encapulsation presenting via CloudFront - async
• Centralised on-premise logging and monitoring
• Multiple spikes, but signifincantly:
  • Drupal app replacement with CDK deployed, scaleable, secure and extensible API first fully servlerless service including "zero code" Step Functions (AWS Summit 2023 - see Training)
  • Replacing IOT with API first and WS/Long Polling as necessary

Contracted to motorway, to one of many multi-disciplined agile scrum squads (frontends, backends, QAs, designers, Scrum Master and Product Manager), to maintain microservice backend (20+ microservices) running as node.js (some with typescript) against PostgreSQL and redis data stores. This included maintaining OpenAPI specifications and sequelize data models, unit tests, PR reviews and deployment to test and production environments. Documented the "Review App" capability used in test environment to deploy shadow microservices and provided direct support to other backend engineers. Within our squad, led spikes and live incidents.

Documented the backend onboarding and updated the launcher which automated the configuration of multiple microservices; reducing the time to get a local working environment from 3 days to 1 day. Recently updated the launcher to work on Linux (assumes MacOS) and with core external services, such as, postgres and redis running separately in containers (docker compose), utilising Fedora toolbox to run dev services. Onboarded new backend engineers, and provided "informal" mentoring, primarily in my squad but across the backend community.

Volunteered to own the migration of the main (seller) webapp from heroku to AWS; a quarterly goal across the seller squads. Working closely with the infrastructure squad, created the migration forward load of work and oversaw the test and QA of both test and production environments, along with the non-eventful cutover to live. Worked through all the CORS issues that resulted with backend services both external and internal, including optimising the AWS CloudFront request/response policies for cached React static code. Updated the CI/CD integration with git/stash to provide messaging on deployments for the migrated AWS webapp. Supported a junior to take the led on second webapp (photo) migration to AWS.

Significant achievements include:

• Being nominated for most disruptive project on one of the bi-monthly hackdays; demonstrating GraphCMS (as a cloud service), GraphQL and AWS CloudFront for scaled performant content delivery, but ease of content maintenance with security from the ground up, but moreso, content that can be managed between test and production. This has resulted in an internal project at motorway.
• Migrated squads tickets from shortcut to jira, and led the optimisation in Jira to support the dev squad with additional leads from Data and Design.
• Defined and brought into service a Tech Debt recovery process integrated with the existing scrum refinement and planning ceremonies.

Contracted to BYL (Be Your Label), as backend developer; greenfield startup, continuing to develop node.js (javascript) microservices deployed to custom built k8s, across dev, staging and production using Jenkins CI/CD via gitlab.

• Full local docker-compose dev environment.
• Extended the ElasticSearch microservice for product searching (ES query).
• New Web feature for uploading and management of product images and description:
  • Integrated Magento (ecommerce) API.
  • Included extending ElasticSearch catalog (schema) and data sync.
  • Included React development: components, props, hooks and state management.

Contracted to Digital Detox (Digital Agency), as senior developer, to work with their newest client on a legacy CMS migration to headless CMS, including modernisation (automated) of manual workflows.

Headless CMS vendor already chosen by agency's client (GraphCMS). Initial discovery with the agency's client, to identify current and future processes and capabilities. Following a demo of the existing legacy (in-house undocumented) CMS, with little more than a MySQL database export and the client's target hosting environment (AWS EKS), led the definition and documentation of Technical Solution, working directly with the GraphCMS product team to align with product capability.

Having secured technical solution approval from the client's technical director including the creation of a decision log, led the agile scrum/kanban development of the solution, including crafting all backlog tickets, leading refinement, maintiaining RAIDD register, sprint planning and daily stand up.

Technical lead (to just one other) developer to implement the migration solution. Sole responsibility for building and maintaining Migration Staging Service and export of migration data from mysql to json using node.js/typescript, including GraphCMS schema design and versionable maintenance.

Prime responsibility for loading from JSON (streams for large JSON files) using node.js/typescript to GraphCMS via GraphQL mutations, which was futher complicated by the source database being undocumented and much of the known capability hidden in a Java web application no longer supported. Owned all issues that occurred during development, and always took initiative to work through issues with the client team to resolution.

Liased directly with GraphCMS technical team on challenges faced during loading, including concurrency and association limitations.

Having secured acceptance of migrated data, led the extraction via GrpahCMS GraphQL queries (relay) to encrypted XML file per on-demand customer. Using node.js/typescript, oth a CLI and RESTful application, allowing the client to package and deploy internally in many different ways of their choosing.

Significant achievements include:

• Led client discovery sessions across technical, content editing and business teams.
• Led the agile development process.
• Worked directly with the client stakeholders and users to secure migration acceptance.
• Early in the project (during discovery) highlighted two risks associated with the migration of rich text (HTML) to/from GraphCMS, continuously managed and resulting in close cooperation with GraphCMS developers to productionise their HTML to AST library.

Contracted to News UK, first onsite then owing to pandemic fully remote, to design, build and maintain Audio Platform a secure GraphQL API for collating and presenting a common set of data for recognisable digital brands including talkSPORT, Times Radio (launch) and Virgin Radio (launch). Development, test, deployment and support, with mentoring (*8) and technical leadership.

A set of microservices (nodejs/typescript/fully automated unit/components via jest) hosted primarily on Kubernetes with complementary AWS services, viz. S3 with Cloudfront (CDN, Certificates/Route53 and DocumentDB, fully provisioned via terraform and deployed using Circle CI with some legacy Jenkins. terraform provisioning included maintaining New Relic monitoring traces and alert conditions and fine grained IAM roles and policies, across multiple AWS accounts. Local (dev) AWS access via OKTA single sign with multiple assumed roles.

This is an agile (fortnightly scrum) project split across multiple locations, including London and Sofia (Bulgaria), with all the usual ceremonies including, daily stands up, weekly refinements, planning, showcases and retrospectives. With an eye for detail, a key contributor to the backlog. With broad experience and a keeness to collaborate, often praised for thoroughness of spikes. With a delivery focus, invariably complete sprint goals. With engineering discipline, established good practices for repeated high quality releases. Regular pair programming sessions, first when I arrived and then as I became the mentor to new joiners. Provided input on permanent staff performance reviews. By knowing the subject and the audience, made showcases fun. Ready to jump on a whiteboard, even while working at home during 20/21 pandemic.

An "Apple mac" development environment, introduced Windows & Linux for development. First challenge with Windows was to update the project documents using Docker Desktop on Windows with Kubernetes enabled, git for Windows bash and win-builds gmake.

Introduced AWS tags on all resources across all environments, to allow for the reporting of resources on a shared AWS account. This was simply a case of updating the terraform configuration across multiple terraform projects in a single repo in a consistent in an easily maintainable manner. But followed up with a spike to "tag" (label) kubernetes resources. Updated kustomize configuration (bases and environments) to use kustomize commonLabels and metadata.labels, expressed using Kubernetes recommended label structure.

Updated shared Kong (API Gateway) hosting environments to use jwt plugin to provided route based Auth0 JWT authentication against Graph API microservice. Demonstrated operation locally by running Kong (with postgresDB) via docker-compose, deployed using in-house (custom) python scripts with all microservices via kubernetes against Auth0. Demonstrated both authentication (Auth0 Server Resource/APIs and Application requested "access tokens") and authorisation (Auth0 scopes) within the GraphAPI microservice. Updated the in-house Java cucumber integration test scripts to request access token and demonstrated various combinations of no token, expired token and invalid token. Deployed Kong changes using Jenkins across dev, si, uat, staging and production. Forged trusted relationship with internal Kong team, especially when it came to introducing cluster rate limiting; downgraded to local.

Implemented GraphQL with Authorisation header (Auth0 JWT token) edge caching using a NewsUK shared Akamai service. Worked directly with the Akamai technical consultants who staged the solution in dev. Took ownership to deliver the solution through to production, working with NewsUK change services. Extended the Akamai solution to honour the server cache directive and updated Graph API microservice (Apollo GraphQL) for schema declared (and data driven) cache TTL. Overrode the default Apollo GraphQL "no-cache" implementation to disable cache at start up. Implemented a cache bypass through Akamai and Kong. Worked again with Akamai technical consultants to implement a stale data workaround. And lately, supporting the Cloud Engineering team to migrate these custom cache rules to AWS CloudFront; spike resulted in solution including a practical GraphQL schema normalisation solution.

Not just audio platform, the team responsibilities included rotating on to an internal middleware team, working with a custom mobile app team (Android and iOS). Still node.js with jest based unit and component testing but now with integrated PACT contract tests still via Circle CI in AWS EKS. The challenge here was not the tech, but as an internal tool, the absence of quality documentation and access to knowledge champions; you quickly become the expert. Spearheaded changes to transition from engineer rotation to a single platform team working across both Audio Platform and Middleware, able to adapt to the changes in sprint load. This included definition of roles and activities, knowledge transfer (combined stand ups and refinements), mentoring and pairing to build knowledge across the team.

Significant achievements include:

• Logging spike; a result of a need to migrate from CloudWatch to New Relic, the spike resulted in 14 backlog tickets across two projects that not only migrated logging but utilised the advantages offered by New Relic (distributed logs).
• With minimal experience of kubernetes, established both Linux and Windows dev solutions.
• Demonstrated ease of migration from DocumentDB to MongoDB Atlas, including a stitch example to "stream from data".
• Took initiative to present kafka as an alternative to multiple document stores owing to how data passed through the platform.

French Estate agent startup, to revolutionise private sales (www.achetemoifrance.com).

Inherited the development of an i18n (English/French) Java spring boot, thymeleaf and PostgreSQL with flywheel schema management web application. With minimal handover, quickly established a separate dev and test environment and a product board (trello), with bug and feature backlog. Introduced daily stand up with company’s creative director and established priority driven set of tasks (agile kanban).

Sourced, recruited and onboarded Java freelancers via upwork (1 in Bulgaria and 2 in Morocco – French speaking). Operating as scrum master, QA and release manager, responsible for preparing and deploying releases in test, showcases and production deployment.

Production environment inherited was AWS ElasticBeanStalk EC2 with RDS and S3 (for both private and public assets).

Test environment provisioned on home server using existing vagrant, ansible and KVM combo, presented via nginx proxy with DDNS and LetsEncrypt TLS.

Established a serverless backend (serverless framework/node.js) to complement the web application services with terraform provisioning of fine grained AWS resources using IAM, including currency import and task maintenance via CloudWatch Rules events and professional email templates (english & french variations) using AWS SES with SNS events from the webapp.

Since Dec 2020, as a result of the continued pandemic, extended backend to provide import and export integration with apimo (France’s leading estate agent management application), using AWS SNS, Step Functions, lambda and S3 with secure separation between Internet facing tasks and database tasks, facilitated by AWS VPC Endpoint for S3 and SNS. Combination of batch async and syncrhonous processing owing to limitations in apimo restful API.

Further extension to backend to provide a public listings API (both JSON and XML) using AWS APIGW via existing serverless framework.

Spike to integrate AWS CloudSearch and showcase an innovative netflix style approach to propery listings. Manual CloudSearch configuration and cli based import of property listings (generated through Achete Moi API). Defined search schema and search URLs. Led the development of properties listing redevelopment; light client side javascript for fast loading with RESTful API.

Significant achievements include:

• Along with the Operations Manager, have onboarded both a national French and International Property portal, observing GDPR handling on personal data with automation via Zapier to AWS SNS.
  • This provides significant influx of properties through partnering with existing French estates
  • Promotion of our property portfolio with existing well known property portals for brand awareness.
  • Yet fully automated, so no additional labour.
• Now able to undertake much of the springboot/thymeleaf changes myself, which includes having integrated Google recaptcha for login, registration and password reset following monitoring of application activity from dubious sources.
• Without my initial involvement to introduce proven agile workflow, my dedication to the product, to work across a disperse and disparate team and my ability to continuously learn new technology complemented with solid experience, this startup would have failed.
• Having established myself as a trusted advisor, now in talks about the future “Achete Moi” including profit share.

UK Estate agent start up findit360.uk. Note, the website development was transferred to another provider; the current live site is not the original. View the original here.

Agile development (kanban); responsible for identifying, refining, estimating and prioritising backlog, release preparation and deployment, showcasing, and invoicing.

Mobile first, ReactJS web application with redux. Leading two ReactJS UK freelancers (mentoring, pair programming and code review); testing and merging of their code. ReactJS App and data served via AWS S3 accelerated using AWS CloudFront secured by AWS Certificates with registration/RBAC login via AWS Congito including custom properties. Integrated facebook and Google Analytics. Cross browser/platform testing using browserstack.

API provided by AWS APIGW secured via AWS Cognito JWT verification. Developed and deployed using "serverless framework" lambda (nodejs) consuming AWS SES for email notifications.

Separate dev, test, acceptance and production environments (AWS Route53), provisioned by terraform and locked down via fine grained AWS IAM roles/policies.

Integrated Ionic framework with Capacitor provisioning iOS and Android apps, including setup and configuration of App Store/Play Store accounts with tester distribution.

Significant achievements included:

• QRcode treasure hunt promotion. Innovative swipe left/right (tinder style) property portfolio.
• Prototype iOS and Android native looking (PWA) apps reusing website code with consistent brand look.
• Swipe left/right (tinder style) property portfolio.

Extended private (bare metal) kubernetes cluster including:

• Installed kubernetes dashboard, with "LoadBalancer" service to present with IP and port NAT through gateway firewall.
• Kubernetes secret for local private Nexus docker repo.
• Deployed into cluster (own namespace), dockerised WOZiTech CMS (nodejs app and postgresDB pod using manual kubernetes manifest.

Whilst in-between contracts, rebuilt office KVM/vagrant/ansible "enterprise" network including:

• nginx proxy - named servers using DDNS subdomains (CNAMES) and letsencrypt SSl certificates.
• Nexus docker private repository - with authorised public access via DDNS CNAME.
• Migrated wiki using latest (beta) wikijs - using docker container and linked postgres container. Public access via DDNC CNAME.
• Built new headless (API) CMS, using strapi. Dockerised and deployed with public access via DDNS CNAME.
• Created a kubernetes two node (plus master) private cluster.

Whilst in-between contracts, took some MongoDB Univesity training in preparation for MongoDB Developer Associate Certicication:

• M220JS MongoDB for Javascript Developers (certificate)
• M320 Data Modelling% 94% (certificate)
• M121 Aggreation - 93% (certificate)

Contracted to Sopra Steria, to design & build a backend API to an Anglular frontend application. An agile scrum project; fortnightly scrums cycles.

API built on node.js, using Express V4.x. framework, using sequelize V4.x with data stored in postgres V11 database. Both application servers (containers) and database (AWS RDS) hosted on UK Gov PaaS.

Full ownership impacting the required APIs from application requirements (stories & epics), defining and maintaining the API namespace and methods, implementing the endpoints (code and test), documenting the endpoints, supporting the frontend developers on use of the API, supporting DevOps on CI/CD of the API through dev, test, preprod and production.

From the given alpha (demo) code, immediately introduced transaction handling for multiple writes, API HTTP 40x/50x error responses and an endpoint integration test suite using jest, supertest and faker.Introduced a local proxy allowing the frontend developers to work autonomously consuming the API already deployed into the controlled dev environment.

When it came time for enduser authentication, introduced JWT for stateless authorisation on each API endpoint, implementing the endpoint authentication and authorisation framework to generate/renew the JWT and validate the JWT using middleware and well crafted API namespace, supporting a colleague with their implementation of brcypt (hashless) authentication logic.

That, with the set of new API endpoints for updating and retrieving rich form data, with the project DevOps and DBA, setup and deployed the beta application release into new Gov PaaS preprod and production hosting environments. Introduced convict for schema based rich environment specific configuration.

Following the beta release, introduced a full audit framework across the backend API using entities and managed properties (prototype and factory patterns from Gang of Four); auditing data stored in the database at both entity and property level.

Extended the environment specific configuration to integrate with AWS Secrets Manager, allowing sensitive information to be managed centrally for all environments (as opposed to command line ENV variables).

With sensitive data now stored locally, using experience gained on previous contract through Semantic Integration, introduced serverless Daily Snapshot reporting for the client's analytic team in Leeds, using serverless framework and AWS lambda with Secrets Manager generating the JWT to access reports API with the generated stored (& managed) securely on AWS S3 with signed linked distributed by email (AWS SES) and Slack (webhooks). The report was scheduled using AWS CloudFront to run the lambda function. These daily snapshot reports, although not tied to the backend deployment, were deployed into each of dev, staging, preprod and production thus being able to demonstrate and gain client approval on the reports through traditional deployment cycles.

Continued to enrich the backend API with new endpoints including extending the automation test framework, following story refinement as features were developed in the frontend. This included taking full responsibility for the database schema, database patching of dev, providing quality DB patch scripts for the DBA to run in staging, preprod and production environments.

Although not within responsibility, took ownership for the beta Data Migration (just 42 users), working through the incumbent Oracle database schema (with no access to the incumbent development team), documenting mapping and writing pgsql (Postgres functions) to quickly and repeatably migrate the data. Stood up a migration application server and worked closely with the client's service support team to achieve the necessary review, approval and sign off of the users' migrated data, critical for securing client sign off for the first true application release. This formed the start of a close working relationship with the client's service team, as demonstration of ability to deliver good quality solutions quickly. Part of the migration solution included updating the backend authentication endpoint to support the incumbent's hash login method allowing users to seamlessly reuse their old application credentials.

During the course of the first pentest, introduced helmet, XSS Clean and XSS Sanitizer ensuring part of securing a necessary precondition for client sign off the first true application release.

Took ownership of the Bulk Upload capability via new API endpoints, which included uploading the files via the frontend application to AWS S3 via S3 signed PUT URLs, mapping of reference data from "bulk upload externalised refernces" to applications internal referrences (online transformation), extensive validation logic and reusing the backend API entity and managed property framework to ensure full auditing. Delivered this complex and crucial functionality only possible through leveraging the direct relationship with the client's service team in Leeds, established during the beta data migration. This involved two visits to Leeds to work onsite with the service team manager to secure client acceptance.

Following initial beta data migration, full migration of 22000 users and their data from incumbent dataset, including the a performance improvement to migrate data concurrently reducing data migration time from 12 hours to 4.5 hours.

Identified a gap in the support of the application, in that reference data is looked away in the database requiring multiple project resources to update it. From my time at photobox, identified the need for a CMS to maintain such reference data. Also identified that some administrative stories in the backlog were not best served through the frontend application; a more collaborative approach could be made available.

Shortlisted four CMSs: strapi, KeystoneJS, nodebeats and Aposprophe. Reviewed these CMSs on their ease of installation, customisation, security and integration with the backend API. Secured selection of strapi, because its rich API capability (let down only by it's Administrative Console user security). Built the AWS EC2 server instances (one for dev and one for test) and AWS Hosting Zone from registered domain using terraform automation. Manually installed nodejs and strapi, but utilised a remote MongoDB Atlas database provision. Security was key; acheived pen test acceptance first time.

Used AWS Kinesis, with AWS IAM roles/policies for each of dev, test, proprod and production to pump data from the backend API on every create, update and delete and ingest to a MongoDB Atlas database instance, merging disparate entities into single documents within MongoDB collections, affording the power of MongoDB rich data queries and aggregation pipeline to quickly extract data.

Used pm2 to install and manage as a service, both the strapi application and a complementary custom Slack App API to handle interaction between slack /slash commands and dialogs and the strapi.

Modified the reference data API endpoints to allow "PUT" method to securely update the reference data records from changes to data in strapi.

Introduced AWS SNS to notify all new registrations with separate topics for dev, test, preprod and production, which invoked a AWS lamdba function (built and deployed using serverless framework) to lookup data from the MongoDB store, enrich the registration data and then post to Slack (webhook), with buttons to approve/reject, which then securely invoked the relevant backend API to thus approve or reject. All properly secured using AWS IAM roles and policiies.

As part of this demo, also included Slack /slash commands making it easy to search data in the MongoDB database; secured using Slack command signature and Slack signing secret (stored securely in AWS Secrets Manager).

Significant achievements included:

• Extensive endpoint automation integration test using jest which owing to the absence of formal load tests, became an unexpected critical resource during load testing ahead of main user migration.
• Serverless Daily Snapshot reporting using AWS lambda and Secrets Manager securely integrated via Backend API.
• Successful Data Migration of 22000 user accounts and data from incumbent, including login hash and performance enhancement.
• Prototyped and demo'd Headless CMS - for maintenance of application reference data and collaborative user and data integration of registration approvals and rejections using AWS Kinesis, SNS and MongoDB, Slack webhooks and Slack slash commands.

Source code open github project as per GDS guidelines:

• node.js - backend API - under 'server' directory.
• jest - integration tests
• database - includes migration code 'server' directory.
• AWS and terraform
• serverless framework, lambda, secrets manager, kinesis, MongoDB
• Slack server app (slash commands and dialogs)

Having recently introduced automation switches to my house, turning on/off of lights required interacting with an Andriod app, and meant having to have phone to hand early in the morning and late at night. I bought an Alexa Echo to allow voice activation on the lights.

But having an Alexa, I then wanted to create my own Alexa Skill. At first, I struggled with the concept of invocation name/utterances, and the ecceltic approach used with the Alexa Developer Console to add validation and dialogs on slots. But after a week of try this, try that, finally got to understand the subtleties of invocations, intents, utterances, slots, slot types, dialogs and validations. Have submitted my skill for certification, but currently held back on my choice of "invocation", on which I have organised a competition with my friends & family.

The backend of the skill is of course AWS lambda; node.js. Created the code framework using 'serverless framework', and using terraform to maintain the necessary IAM role and policies for that lambda. All code runs both locally and remote within the lambda. All local code is unit tested with 100% code coverage.

The lambda uses Axios to interact with TFL's public API to get a list of next bus arrivals for a given 'Stop Point'. Uses AWS Secret Manager to hold my TFL API key details.

The lambda posts notification to Slack Channel, using rich formatting including details of the incoming event (on error/unexpected intent/missing destination). Multiple levels of notification (none, error only, .... through to trace level); controlled with a Lambda env variable making it easy enough to control level of notification once deployed.

Significant achievements included:

• TDD approach to development; comprehensive Jest unit tests written along with functional code, with 100% unit coverage at all times.
• A manual jest mock on the importing of personal test data; protecting actual personal data.
• Implementation of the Alexa Skill request/response format, including dialog conversations.

Source code can be found on github.

In preparation for a new role, I set out learning terraform. Whilst already familiar with vagrant/ansible for office server, I set about using terraform to provision/teardown one of multiple VPCs (based on a given environment of dev, test, acceptance and production) with VPC/subnets chosen from a lookup of predefined definitions.

The VPC includes public and private subnets across one or more Availability Zones.

The VPC includes a bastion virtual server (Amazon AMI) deployed into each public subnet along with the Security Group necessary to allow remote SSH (using nominated key-pair) access to it and from it (the bastion) remote SSH access to other public and private subnet guests. Whilst provisioning the bastion guest, used terraform to create a new policy and IAM role (with assume) to run against the instance.

Significant achievements included:

• VPC provision/teardown with Bastion completed in just three days; albeit only proven (tested) for acceptance, but itself being 3*AVs into eu-west-2.

Source code can be found on github.

Following a recent (careless) lost of a KVM Guest, have rebuilt server (2*8 core Xeon with 78MB of RAM) to be fully provisioned, PxE Boot (Raspberry PI) of Ubuntu Server with post-install script to then configure KVM/libvirt. TODO: replace post-install script with 'cloud-init' (native Ubuntu provisionig tech and supported by AWS EC2).

A semi-auto provisioned vagrant/libvirt/ansible "Fedora server" guest (manual creation of the guest but the guest then provisions itself via ansible). This guest is then able to provision all other guests.

A manually provisioned firewall gateway guest (untangle), presented to home network and to each of the KVM host-only networks, with ingress control and gateway port forwarding.

From a CentOS 7 vagrant box, a collection of reusable common Ansible tasks to provision base WOZiTech CentOS specific server instance, which includes default packages (present/absent - lockdown), network reassignment (through the untabgle firewall), firewalld services reassignment and lockdown, optional set of docker prerequisites. Experienced the pain of ansible::yum::latest; an aspect of the way "yum check" works makes using latest extremely slow. TODO: turn these common tasks into a reusable role including storage provisioning via LVM and link up to a Hashicorp Vault (to store SSH public/private keys for default set of users); need to provision the Vault guest.

A wiki.js guest (CentOS 7) using ansible to install dependencies (git2, node.js and MongoDB), manage directories and users (non-system provilege), install the application wiki.js, custom config file and systemd service to manage wiki.js lifecycle using ansible template. Idempotent. TODO: backup users and restore users to Hasicorp Vault when reprovisioning - to allow full recovery of wiki.js provisioning which will include install a MongoDB Change Stream event on users collection.

A proxy guest (CentOS 7), serving as a reverse proxy, using ansible to automate docker installation, with two docker instances: one nginx instance with custom templates to define default and wozitech.asuscomm.com (DDNS) reverse proxy to wikijs and a second Let's Encrypt instance to provide SSL certificate for wozitech.asuscomm.com domain. systemd services to manage each of the containers on start up. Idempotent. Initially tried using jwilder's nginx-proxy docker image, but swapped to the native nginx docker instance, after realising jwilder's proxy is to reverse proxy other docker instances running on the same host, whereas I needed a reverse proxy to another host. TODO: introduce forward proxy docker container (squid).

A Sonatype Nexus3 Repository Manager Guest, to serve a a local repo for all custom Docker images and custom Helm (kubernetes) projects along with a cache of npm (node.js) and yum (CentOS) packages. Used ansible role: ansible-thoteam.nexus3-oss. Overcome a limitation with the role that was failing to identify the latest version, by reviewing and understanding the code (simply had to set the "nexus_version" was I had determined the current latest version).

Significant achievements included:

• Untangle Gateway Firewall - controlling ingress to local network with port forwarding and ingress/egress between KVM host-only networks.
• nginx reverse proxy (to wiki.js) with Lets Encrypt SSL docker containers. Full idempotent configuration.
• wiki.js - full idempotent configuration.

Source code can be found on github.

Contracted to PhotoBox via Semantic Integration, reporting to PhotoBox Data Architect. Responsible for detailed enterprise data modelling, GraphQL schema design and microservice design of PhotoBox product set.

Working closely with the PhotoBox engineering agile team to replatform their product Editor, with initial focus on cards (design rich) and Books (complex high value) incorporating input from local prototyping, architecture, product and production teams (France). Introduced extensive documentation along with strong JSON Schema Validation and exhaustive JSON examples of existing products. Early JSON data examples for the engineering team and Agile Pair Programming with the engineering developers to ensure proper and efficient use of the Data Model, being able to explain the rationale.

March 2018 - seized opportunity to introduce a data model test framework, using Jest (uplifted to ES6), node.js V8.x (await/async) on top of nest.js (typescript) with GraphQL and AJV JSON validation, thus being able to assure all examples matched expected schema during period of rapid schema change. Extended this framework, using Jest to generate rich JSON data examples on-demand using a builder style syntax.

April 2018 - Owing to resource availability, seconded into the Editor agile engineering team to help with full stack development; node.js microservice development, React.JS frontend development and GraphQL development. Extended my Javascript knowledge with React.JS by completing udemy online course by Stephen Grider.

May 2018 to present - Siezed opportunity to work closely with the architects to design and prototype a AWS serverless solution to rendering high quality SVGs from the data model using Kinesis Streams, lambda, DynamoDB and Step Functions. Assisted by udemy "servlerless framework" course by Stephane Maarek. This included lambda prototypes for running puppeter (headless browser) and rendering React component, using github reference projects as an example, and providing access to those prototypes using WOZiTech AWS account. A demonstration of new technology and practice to the local engineering team which resulted in adoption of the technology for serverless rendering solution (excluding Kinesis Streams).

Have since continued to develop and deploy serverless functions, which includes the mentoring a photobox developer who initiated a webpack solution to simplify packaging, allowing me to develop a local dev & unit test framework, increasing my Jest knowledge. Working closely with the onsite DevOps team, supported the introduction of a complementary automated Jenkins build and deploy pipeline from serverless packaged artefacts to multiple environments including test and production.

Recently, circa August 2018, extended this serverless solution to include multiple export formats including export to PDF, stitching individual puppeteer JPGs using ghostscript command (within a lambda function); the results of the PDF are equivalent quality, yet smaller JPEGs than the current PDF rendering solution, & using lambda to serve up a React SPA application overcoming a limitation imposed by the Photobox DevOps team to serve the SPA application from an S3 bucket.

July 2018 to present - In my role as Data Model and Microservice Designer, I have continued to refine the data model working closely with the local engineering team, sharing my knowledge, reviewing their implementation of the data model and extending the data model based on their feedback during implementation but also taking on new features, significantly, text (both design with fonts & colours) in addition to the Editor persistence, working closely with the Editor's team UI Designer.

Circa August 2018, have crafted revisions to how the new Editor will be presented with data required to personalised any given product, without having the need to aggregate complex data structures and relationships, in addition to facilitating the large compute power of the AWS cloud to automate the generation of personalised artefacts with initial design (a marketable product), whilst offering capability to integrate with Photobox's proprietary AI personalisation engine. This is the Personalised Product Definition Data Model & set of microservices integrated with the legacy set of microservices and GraphQL presentations; easily demonstrated owing to the availability of generated data through the Data Model Test Framework. Presented and reviewed the solution with the architects and engineering team resulting from raising the necessary detailed backlog tickets for definition refinement and estimation.

September 2018, undertook a review and impact assessment to integrate Auth0 for endpoint authentication and authorisation on our serverless AWS APIGW/lambda microservices. This includes Auth0 account creation, initiator JWT token requests and passing, recipient JWT token validation using RS256 (public key) and scope approval, faciliated by APIGW "Custom Authorizer". Presented and reviewed the solution with the architects and engineering team resulting from raising the necessary detailed backlog tickets for definition refinement and estimation.

Significant projects included:

• Created an offline Data Model Test Framework using BDD style factory content generation, transformation and validation with JSON Schema (ajv), JSONata and Jest.
• Extended the offline Data Model Test Framework to include GraphQL, running on nest.js (typescript) framework.
• AWS Serverless prototype using Kinesis Stream, Lambda, Step Functions and DynamoDB using the serverless framework.
• Personalised Product Definition Data Model and Microservice design.

For my own company, rebranding existing wit-piDash application and introducing new complementary wit products to learn and master new development technologies:

• nest.js - services framework for node.js
• MongoDB - document NoSQL database
• gun.js - distributed Graph database
• resin.io - IoT management and deployment
• react/redux/react native - for rich interactive UI mobile applications
• Vue.JS - for fast rich component (template driven) responsive web applications
• electron - cross platform native web applications (using Vue.JS)
• Angular - enterprise scale web applications

Built instance of wiki.js for documenting my wit product set. Running on office service including DDNS and port mapping and Let's Encrpt SSL.

www.wozitech-ltd.co.uk

Whilst in between contracts, taking the opportunity to rebrand my corporate website, including new logo, new colour scheme and AWS Lambda/API Gateway function with CORS for "Contact Me" send email.Rebranding is to support active development on own projects through 2018.

www.wozitech-ltd.co.uk

Contracted to Cap Gemini, one of three lead DevOps engineers in team varying of twelve on client site, in an agile development environment providing local and private cloud hosting services for onsite development team.

Mastered Jenkins, with a proprietary build, release and deploy solution integrated with Puppet Enterprise for Continuous Integration/Continuous Deployment (CI/CD). General Project and support responsibilities including provisioning new and maintaining existing environments. As Lead Engineer, reviewed, approved and merged juniors work and provided mentoring.

Significant projects included:

• Built an initial virtualisation (KVM) environment for puppetised guests, having identified the need for a custom PxE boot solution bootstrapping puppet with multiple networks; full provision a fully functional KVM server within one hour.
• Built a production custom build & deployment solution, against reference to an existing undocumented custom solution, using Jenkins, Stash, puppet enterprise, yum and Nexus.
• Crafted a puppetised “Release Dashboard” using JQuery and postgresSQL JSON showing what version of application (+8) and components (100+) are deployed to which environment (30+) when and by whom.
• Built a fully puppetised reverse web proxy with SSL offloading and email routing (postfix) to multiple security domains.
• Puppetised and took live a private cloud hosted JIRA & Confluence, with Crowd with upgrade and migration from local LDAP instance.
• Reworked the existing custom deployment solution to deploy across multiple security zones and consolidate the solution across multiple environments.
• Augmented the custom build & deployment solution for multiple long-term release git (Stash) branches, including the handling of component versions between branches, using Jenkins, groovy, postgresDB and bash scripting.

Development of “wit-wedding” application suite for real time posting of pictures and messages before, during and after my wedding in September 2017.

Multiple integrated components included:

• wit-weddingServe: NodeJS RESTful backend application with MongoDB data store running on AWS EC2 (reserrved instance) integrated with AWS S3 (multimedia store), 1and1 IMAP/SMTP and MessageBird SMS. Nginx reverse proxy with SSL offload. Let's Encrypt SSL certificate (continuously renewed). SMS text content upload. EMail text and multimedia upload (photos and video) upload upto 10MB. SMS and Email registration. AWS CodeDeploy from github and environment configuration from S3 bucket. AWS S3 bucket backups for MongoDB.
• wit-piDash: an SPA (single page application) web application (JQuery) running on Raspberry PI using Web Socket push technology, content streamed from wit-weddingServe.
• wit-wedding-app: an SPA (JQuery) web application running on AWS S3 bucket website, integrated with wit-weddingServe using JWT for authentication and AWS S3 signed URLs for content. Multimedia upload (photo and video) upto 100MB.

Used this personal project to attain "AWS Certified Developer - Associate" in Nov 2017.

Current projects include resin.io RaspberryPI, Electron/VueJS dashboard and AWS Lambda/Kenesis video streaming - “wit-stream” (only for AWS to then annouce DeepLens at 2017 re:Invent.

Worked with the project manager to review application requirements and devise server specification. Identified supplier and purchased server. Local hosting of Dell server, built with RHEL7, for the hosting of tomcat7 application built by MTCnovo team in Utah, USA. Presented server to Internet and locked down remote (SSH) access to MTCnvo app team. Server and database (mysql) backup over NFS to NAS, using Logical Volume Manager (LVM) snapshots.

Using Skype, reviewed the detailed application requirements and then provisioned the detailed server configuration. Supported the app team through the deployment, providing deployment script and worked with the app team to secure logging.

Supported the ITHC pen testers and remedial action. 20% observations against server build - no critical or high; fixed all 4 medium and all 7 low observations.

Successful onsite installation and commissioning.

Part of the inaugural CGI team (2014) to cycle the Princes Trust Palace to Palace charity ride. Raised £350 in 2014 & £290 in 2015.

Pioneered two development projects utilising latest web technologies including AngularJS, NodeJS/Express, Handlebars and MongoDB, with automated build using Gulp. Responsible for concept development, application development, mentoring junior developers, solution definition, solution architecture, solution sponsorship and solution promotion. Built and demonstrated proof of concepts and have recently secured project funding and significant client interest. This client success has led to the Senior Management Team creating a new position of "Innovation & Prototype Lead".

Provided Technical Leadership within the CTO supporting high profile and complex projects. Leading a team of fourteen Architects having mixed disciplines including applications, infrastructure, technical/operational security and Information Assurance. Directed change and delivery across multiple projects. Technical lead & lead developer on a secure reverse application web proxy with RESTful services and web sockets. Supported the transition of legacy web application to cloud with continued operational integration with secure hosted applications.

Led the development of an open source proof of concept display replacement, using Raspberry PIs, MySQL, PHP, Python and RHEL integrating with a HTML web source, having now deployed to two live pilot sites and successfully passed vulnerability assessment as part of ITHC; preparing for UK national rollout.

Built a SECRET production/DR & preproduction App Hosting environments for 400+ Virtual Servers and 50+ applications. Leading a team of network, storage and server engineers, achieved successful production deployment within six months and preproduction just one month later. Joined the CGI New Capability team on client site in January 2013. Rapidly completed the transition in to service an application including migration of data from old application. Created an enviable relationship with end users, business and supplier; a relationship exploited with follow on work including invitation to solve an issue within European Union for data transfer between disparate SECRET and OFFICIAL-SENSITIVE. Technically led the complex transition (legacy applications & indifferent working practices) of a large government department (100+ users and 30+ applications) within just six months. Became known as a trusted advisor through honesty and thoroughness of approach. Success led to placement as New Capability Technical Team Manager responsible for a team of twelve senior TDAs of multiple disciplines and six BAs. Responsibilities included team line management and project assignments. By personal request by CGI New Capability Delivery Director, through RFI and RFQ, secured a supplier for XML (SOAP) Gateway solution. Continuous client successes resulted in creation a new custom role in September 2014; that of Innovation Lead within the client’s own Digital Transformation team. Within just six months, leveraged previous business relationship to secure a project integration with another Government department. Extended this solution further by developing custom web services to integrate an assured PDF document file transfer interface.