Experience

JPMorgan Chase & Co.
Vice President Lead Security Engineer (Chase US)
Nov 2024 - Present
  • The first and lead Security engineering hire for the team, creating and maintaining the roadmap to manage stakeholder expectations as well as hiring for further security engineering positions.
  • Performed Threat Modelling and mitigation of GitHub SaaS and infrastructure, aligning key stakeholders.
  • Designed and implemented a Secure SDLC on top of GitHub Actions covering SAST & SCA, Supply chain security and GitOps for change management.
  • Utilised SRE and DevOps experience to influence a secure and scalable architecture, as well as contributing to project roadmaps.
Vice President Lead Software Engineer (Chase UK)
Jun 2024 - Nov 2024
  • Designed and implemented a new Continuous Integration pipeline which generates required stages and steps based on repository source code. This enabled support for both monorepos (and existing polyrepos) by building upon ideas that build systems present but extending them to the full SDLC.
  • Adopted PKI projects at the time that Certificate Authorities were due to expire, implementing graceful remediation of “time bombs” and automating the rotation process.
Vice President Lead Security Engineer (Chase UK)
Oct 2023 - Jun 2024
  • Built a generic asset inventory in Go, enabling enumeration and traversal of relationships between resources on AWS, Kubernetes, GitHub, Snyk, and other internal systems to generate diagrams for threat modelling and reports on real data.
  • Identify security domains for improvement, what good looks like for each of those domains and planned a Security Engineering roadmap to achieve it.
  • Build automation tooling in Go to speed up and improve consistency of manual processes, such as vulnerability management and generating wiki documentation from code and Markdown.
Control Plane Ltd.
Cloud Native Engineer (Contract)
Sep 2022 - Oct 2023
  • Developed an ingestion tool which scans open-source dependencies for vulnerabilities and evaluates them with Open Policy Agent (OPA).
  • Drove the use of GRPC service architecture to strongly define APIs, abstract layers and components into replaceable parts, and generate Swagger compatible user-facing API documentation.
  • Implemented runtime rotation of time-limited credentials provided by Hashicorp Vault.
Ocurity Ltd.
Co-Founder and Director
Mar 2022 - May 2023
  • Implemented a GitOps SDLC from scratch by writing plugins for the Please build system to support OPA guarded Terraform workflows, rootless building of container images, compiling and deploying Kubernetes configuration via Helm, Kustomize and kubectl to provide a consistent platform that scaled for multi-tenancy at the infrastructure layer with minimal differences between local development and cloud environments.
  • Built a scalable version of the SaaS product with multi-tenancy at the application layer that runs on serverless infrastructure to minimise costs.
  • Implemented Zero-Trust edges to access internal services and infrastructure with github.com/pomerium/pomerium.
Thought Machine Group Ltd.
Senior Backend Engineer, Cloud Security
Apr 2021 - Sep 2022
  • Technical Lead for the strategic goal of making their Vault product available as SaaS on Google Cloud Platform. Produced cloud infrastructure design, timelines, resource and was ultimately responsible for the technical delivery.
  • Deployed of Falco, a Kubernetes Runtime security agent across our Kubernetes clusters and led the implementation of pre-building the eBPF probes that we use over at github.com/thought-machine/falco-probes.
  • Drove and implemented identity-based methods for service-to-service authorization (i.e. Workload Identity) to move us away from provisioning and using multiple password-like credentials for services.
  • Maintained open-sourced Please build rules for Terraform at github.com/VJftw/please-terraform.
Backend Engineer, Cloud Security
Aug 2019 - Apr 2021
  • Designed and built a service that facilitated self-service federated access to Cloud and Kubernetes environments with support for break-glass processes. This was a pluggable collection of micro-services in Golang which communicate via GRPC.
  • Matured our Terraform usage by writing rego policies for conftest based on CIS benchmarks to mitigate misconfiguration vulnerabilities; migrating to Terraform 0.12+; adding declarative authentication; and parallelising our CI/CD pipelines.
  • Implemented simple immutable infrastructure using Packer and Terraform to be used in projects where Kubernetes was undesirable.
  • Designed a scalable hub-and-spoke network architecture for our SaaS offering on AWS using AWS PrivateLink VPC endpoints to expose services between VPCs.
  • Implemented and scaled our audit logs pipeline on both AWS and GCP using AWS Kinesis/GCP PubSub and Logstash to include audit logs from AWS CloudTrail, AWS EKS, AWS Security Hub, GCP, and GKE.
  • Created reverse proxies for container images (Docker Registry Proxy) and container attestations for B2B clients to authenticate, pull and verify signatures of container images we create.
Digital Shadows Ltd.
Senior DevOps Engineer
Apr 2019 - Aug 2019
  • Implemented horizontal auto-scaling of Jenkins workers with EC2 spot instances and promote the use of Docker in build processes to improve consistency and reduce developer deployment feedback loop.
  • Devised, implemented and automated GitOps focussed Role-Based Access Control (RBAC) on AWS across multiple accounts based upon AWS Landing Zone principals.
  • Reduced infrastructure divergence from code by splitting Terraform source into domain-driven modules and states that are run more frequently.
DevOps Engineer
Jun 2018 - Apr 2019
  • Built a Highly Available platform with improved scalability, resource use and continuous deployment whilst improving existing security standards with Docker, AWS ECS (Elastic Container Service), Consul, Traefik, HAProxy, and Terraform with GitOps. HA Traefik was provided by DNS round-robin load balancing and workload instances utilised AWS Spot fleet to reduce costs.
  • Introduced structured logging from Docker container output into centralised logging with ELK which allowed us to record and perform analysis on outbound requests through Squid proxies.
  • Introduced Grafana and Prometheus with InfluxDB for metric-based monitoring.
  • Maintained existing Puppet-based cloud infrastructure configuration, upgraded existing services such as Artifactory OSS, and RabbitMQ, whilst promoting the movement to immutable infrastructure.
  • Lead the containerisation of Java applications to conform with Docker best practices with portable integration tests via docker-compose.
  • Improved development workstation provisioning using a pre-seed configuration with LUKS(FDE) and LVM.
Ultra Violet Design Ltd.
Developer
Jan 2016 - Jun 2018
  • Lead DevOps, involving Terraform and migrated projects to use Docker containers on top of AWS ECS (Elastic Container Service), WeaveNet and Traefik to reduce costs.
  • Lead security which involved vulnerability scanning, risk assessments and deploying more secure protocols such as mutual TLS (mTLS).
Junior Developer (Internship)
Aug 2014 - Aug 2015
  • Aided in the development of projects with clients such as British Rowing and Vote for Policies which were developed in Python and PHP (Symfony).

Education

King's College London
Sep 2016 - Sep 2017
MSc Computing and Security
Pass with Distinction
Queen Mary, University of London
Sep 2012 - Jul 2016
BSc Computer Science with Industrial Experience
First Class Honours
  • Dissertation titled “Implementations of Homomorphic Encryption” (82%)
  • C-score: 75%. Top 5 final year modules: Embedded Systems (83%), Computability (82%), Project - Implementations of Homomorphic Encryption (82%), Web Programming (80%), Algorithms and Complexity (73%).

Skills

Programming
  • Go (8 years)
  • Terraform (8 years)
  • Bash (7 years)
Platform
  • Amazon Web Services (AWS)
  • Google Cloud Platform (GCP)
  • Kubernetes (EKS, GKE, K3s and kubeadm)
  • NGINX
  • HA Proxy
  • Hashistack (Nomad, Consul, Vault)
  • Istio
  • Cert Manager
  • Tekton CD
  • GitHub Actions
  • Jenkins
  • Ansible
  • Puppet
  • Debian & Redhat-based Linux
  • Container Linux
  • Pomerium
  • Helm
  • Kustomize
  • RabbitMQ
  • Kafka
  • Redis
  • PostgreSQL
  • MongoDB
Development
  • Build systems (Bazel, Please)
  • GRPC
  • REST
  • GraphQL
  • Inversion of control
  • Behaviour Driven Development
  • Composition
  • Middleware
  • Pub/Sub
  • Message queueing
  • Caching
  • Databases (Relational, NoSQL, K/V)
Principles
  • Domain Driven Design
  • Separation of Concerns
  • Immutability
  • GitOps
  • Zero-Trust