Expertise
-
spa
webapp
aws
lambdax
Nurtured a cloud-native, event driven micro-service mindset with the developers whilst catering for cloud cost efficiency
-
spa
webapp
aws
lambdax
Introduced Hyper-V and virtualization for hub/spoke sites
-
spa
webapp
aws
lambdax
Seamlessly performed an AD cross forest migration on to a new AD forest with no disruption to end users
-
spa
webapp
aws
lambdax
Global design & implementation of distributed file systems, Active Directory & EUC roaming
-
spa
webapp
aws
lambdax
Represented SCC the customer weekly knowledge team & change approval board in an advisory capacity
-
spa
webapp
aws
lambdax
Assist in the management and support of the Citrix XenApp 6.5 environment
-
spa
webapp
aws
lambdax
Standardised server image reducing the storage footprint by half and incorporating baseline apps
-
spa
webapp
aws
lambdax
Introduced Windows server images used to provision both virtual & physical machines leveraging SCCM, significantly reducing the lead time
-
spa
webapp
aws
lambdax
Manage & support VMware vSphere clusters
-
spa
webapp
aws
lambdax
Improve & streamline the Agile / Scrum environment / workflows
-
spa
webapp
aws
lambdax
Integrated Intune with SCCM for iOS / Android MDM management & certificate distribution via NDES SCCM, Windows, Office365 & AD SME
-
spa
webapp
aws
lambdax
Automated the implemented ‘internet based’ SCCM to streamline management of the Windows estate
-
spa
webapp
aws
lambdax
Manage & support multi-site SCVMM private infrastructure
-
spa
webapp
aws
lambdax
Successfully automated the migration of the entire SaaS virtual estate from VMware to SCVMM
-
spa
webapp
aws
lambdax
Centralised script & task orchestration
-
spa
webapp
aws
lambdax
Implemented resilient HA services e.g. Always-on OpenVPN integration with two-tier PKI
-
spa
webapp
aws
lambdax
Achieved further business value from existing tool stacks Implemented corporate tooling on AWS ECS
-
spa
webapp
aws
lambdax
Continuously evangelised automation (DevOps) practices
-
spa
webapp
aws
lambdax
Hosted workshops centralise technical knowledge and expertise (PowerShell (incl. DSC) + SQL Server)
-
spa
webapp
aws
lambdax
Multiple effective & accurate RCA conclusions
-
spa
webapp
aws
lambdax
Containerised traditional based services deploying to Kubernetes Introduced Open Source alternatives to commercial products
-
spa
webapp
aws
lambdax
Successfully pen-tested a client API exposing multiple vulnerabilities drove fixes to resolution while managing stakeholders
-
spa
webapp
aws
lambdax
Part of a small team that supported Kubernetes workloads of >30k containers
-
spa
webapp
aws
lambdax
Supported & evolved centralised ELK solutions to rapidly auto-scale & more efficiently cope with log shipping at scale
-
spa
webapp
aws
lambdax
Leveraged open source tooling to enhance secret sharing, e.g. GPG, blackbox, keybase
-
spa
webapp
aws
lambdax
Implemented GlusterFS/Heketi, Ceph, Longhorn PoC’s to provide persisted state in on-premise K8s clusters
-
spa
webapp
aws
lambdax
Implement open source projects - Thanos, Longhorn, cert- manager, MetalLB & Istio
-
spa
webapp
aws
lambdax
Resourcefully built upstream Kubernetes stacks in air-gapped environments
-
spa
webapp
aws
lambdax
Deployed scalable Zookeeper/Kafka clusters on K8s
-
spa
webapp
aws
lambdax
Introducing K8s HPA custom metrics from Sysdig to tune the cluster autoscaler
-
spa
webapp
aws
lambdax
Integrated F5 & MetalLB with K8s Ingress
-
spa
webapp
aws
lambdax
Identify and deliver on business requirements
-
spa
webapp
aws
lambdax
Encouraged and empower team members to contribute back to upstream projects and the wider open-source community
-
spa
webapp
aws
lambdax
Drove public/private cloud cost saving initiatives leveraging existing technology stacks in the 7 figures of magnitude
-
spa
webapp
aws
lambdax
Successfully penetration tested a global AWS Lambda RDS-backed SPA – found multiple API vulnerabilities
-
spa
webapp
aws
lambdax
Host workshops to fill technical skill gaps & drive technical creativity
-
spa
webapp
aws
lambdax
Advocate & champion of effective collaboration/DevSecOps
-
micro-service
azure
azure-blob
aks
Built a secure file sharing/redirection micro-service written in Python and deployed into Azure Kubernetes that returns one-time-use links as a 302 response for clients to follow and download direct from Azure blob container instead of a service that acts like a proxy which leads to faster upload/download times. The solution leveraged Azure Service Bus, Azure Blob Containers, Kubernetes, Managed Identities
-
spa
webapp
aws
lambdax
Ensuring team members were empowered, accountable and engaged on a personal level with weekly 1-2-1, identifying & ensuring individual motivations are captured & challenged appropriately
-
spa
webapp
aws
lambdax
Ensuring team members were empowered, accountable and engaged on a personal level with weekly 1-2-1, identifying & ensuring individual motivations are captured & challenged appropriately Advocate & champion of effective collaboration/DevSecOps Host workshops to fill technical skill gaps & drive technical creativity Successfully penetration tested a global AWS Lambda RDS-backed SPA – found multiple API vulnerabilities Drove public/private cloud cost saving initiatives leveraging existing technology stacks in the 7 figures of magnitude Encouraged and empower team members to contribute back to upstream projects and the wider open-source community Identify and deliver on business requirements Integrated F5 & MetalLB with K8s Ingress Introducing K8s HPA custom metrics from Sysdig to tune the cluster autoscaler Deployed scalable Zookeeper/Kafka clusters on K8s Resourcefully built upstream Kubernetes stacks in air-gapped environments Implement open source projects - Thanos, Longhorn, cert- manager, MetalLB & Istio Implemented GlusterFS/Heketi, Ceph, Longhorn PoC’s to provide persisted state in on-premise K8s clusters Leveraged open source tooling to enhance secret sharing, e.g. GPG, blackbox, keybase Supported & evolved centralised ELK solutions to rapidly auto-scale & more efficiently cope with log shipping at scale Part of a small team that supported Kubernetes workloads of >30k containers Successfully pen-tested a client API exposing multiple vulnerabilities drove fixes to resolution while managing stakeholders Containerised traditional based services deploying to Kubernetes Introduced Open Source alternatives to commercial products Multiple effective & accurate RCA conclusions Hosted workshops centralise technical knowledge and expertise (PowerShell (incl. DSC) + SQL Server) Continuously evangelised automation (DevOps) practices Achieved further business value from existing tool stacks Implemented corporate tooling on AWS ECS Implemented resilient HA services e.g. Always-on OpenVPN integration with two-tier PKI Centralised script & task orchestration Successfully automated the migration of the entire SaaS virtual estate from VMware to SCVMM Manage & support multi-site SCVMM private infrastructure Automated the implemented ‘internet based’ SCCM to streamline management of the Windows estate Integrated Intune with SCCM for iOS / Android MDM management & certificate distribution via NDES SCCM, Windows, Office365 & AD SME Improve & streamline the Agile / Scrum environment / workflows Manage & support VMware vSphere clusters Introduced Windows server images used to provision both virtual & physical machines leveraging SCCM, significantly reducing the lead time Standardised server image reducing the storage footprint by half and incorporating baseline apps Assist in the management and support of the Citrix XenApp 6.5 environment Represented SCC the customer weekly knowledge team & change approval board in an advisory capacity Global design & implementation of distributed file systems, Active Directory & EUC roaming Seamlessly performed an AD cross forest migration on to a new AD forest with no disruption to end users Introduced Hyper-V and virtualization for hub/spoke sites
-
spa
webapp
aws
lambdax
Managed stakeholders, deliverables introducing & socialising agile/sprint to traditional IT stakeholders to also improve culture
-
spa
webapp
aws
lambdax
Recruited for and grew high performing teams
-
spa
webapp
aws
lambdax
Managed & led a number of project teams exceeding 10 members on central Government projects requiring 24x7 & 99.999% SLA
-
spa
webapp
aws
lambdax
Adapt logging to expose structured event-based logging for added value and ease of monitoring/alerting for developers
-
spa
webapp
aws
lambdax
Review product and mitigate security risks with ‘best practices’ in micro-service architecture e.g. JWT RS256 Authn/z and Istio to enforce
-
spa
webapp
aws
lambdax
Socialise good security practices through workshops at early stages of developments (“shift-left”)
-
spa
webapp
aws
lambdax
Funnel years of application and architecture security experience to secure both the business and product
-
spa
webapp
aws
lambdax
Implement security governance & policy for all aspects of the business and product services
-
spa
webapp
aws
lambdax
I did something awesome else
-
security
Point of contact for all security related matters
-
spa
pentest
api
Successfully penetration tested an IoT-based SaaS platform finding XSS, SQL Injection and data disclosure through incorrect tenancy controls
-
spa
azure
waf
Implemented Azure Application Gateway to leverage OWASP Core Rule Set to protect against (amongst others) the OWASP TOP 10 i.e. sql injection, XSS, code and shell injections
-
azure
networking
firewall
aws
private-link
private-endpoints
vpc
terraform
Significantly increased security and performance of several SaaS platforms by provisioning AWS Private Endpoints/Azure PrivateLinks whilst restricting public network access to the platform supernets. Performance was significantly increased by reducing the network hops service traffic had to do.
-
azure
networking
firewall
aks
kubernetes
By default Azure services typically provisions endpoints that are publicaly accessible including the Azure Kubernetes API endpoint. For security, I migrated to Azure AKS environments that were built behind Azure Firewall’s that routed both ingress and egress traffic through. Ingress and Egress traffic was routed using UDR method and traffic was restricted at both Layer 4 and Layer 7 via Azure Firewall
-
spa
pentest
api
Successfully exploited sites using tools like SQLMap to exfiltrate customer data.
-
spa
pentest
api
Successfully exploited sites using tools like SQLMap to exfiltrate customer data.
-
azure
networking
vpn
firewall
docker
pki
Provisioned a private & internal hub and spoke topology with secure cross-platform remote accessing leveraging the Azure VPN service. The service was configured to auth with an internally provisioned two tier PKI. Users would leverage the Azure CLI to login and run a docker image which contained a script to configure a local OpenVPN client (incl. TunnelBlick) to connect securely to the Azure private LAN.
-
prometheus
thanos
grafana
gitops
elk
alert-manager
azure-monitoring
aws-cloudtrail
monitoring
alerting
logging
Designed and built a scalable (horizontal & vertical) observability service that consisted of single panes of glass and powered by ELK, Azure Monitoring/AWS CloudTrail Thanos.io, Prometheus, Grafana, AlertManager. This scraped and shipped logs centrally from many Kubernetes clusters in several regions. Prometheus, Filebeat and Metricbeat were configured to dynamically discover services and scrape/ship logs & metrics to the centralised platform.
-
spa
webapp
aws
lambdax
gitops
declarative
Migrated to a modern CI/CD strategy using declarative tooling & GitOps-based pipelines through Terraform, FluxCD & Helm
