I'm a Software Engineer with an eclectic background. I've worked for the Prison Service (UK), done application and security architecture, security technology research, been trained in moral, political and natural philosophy and even acquired a USPA skydiving license along the way. I've moved continents twice and countries three times. All of this contributes to my unique perspective on software engineering and network security. I have 20 years of experience in a range of technology roles, and am always keen to work with new technology. I am a programming language nerd as time allows, but am also happy in the infrastructure, automating deployments or doing performance analysis. I enjoy working both in tight-knit teams and alone. I favour development projects which use lightweight processes, continuous integration and delivery for fun, profit and risk mitigation.
I am authorized to work in Canada and the EU. I am not currently authorized to work in the US, but have been in the past. I have been working remotely for over 10 years.
I have extensive experience specializing in UNIX and UNIX-like operating systems, including many Linux distributions (starting with Slackware 2.0, moving to Red Hat, SuSE, Fedora, Gentoo, Debian, Ubuntu and Arch), Solaris (starting with 2.5.1), OpenBSD, and MacOS. I have a good understanding of and practical experience with Solaris 10, Solaris 11 security. I have managed production systems using Puppet including a deployment of around 140 OpenSolaris hosts running an array of diverse products and applications including Sun Directory Server Enterprise Edition, Glassfish, Apache and Sun Java System Instant Messaging Server. In recent roles I have used the PaaS provider Heroku supported by their many wonderful "addons", along with Amazon Web Services' S3 service and EC2 for some aspects of development and performance testing. My most recent role uses EC2 and S3 extensively, and integrates with other Amazon services such as the recently released CodeDeploy.
I am well versed with the use of many open source security tools of the types listed at insecure.org and am experienced in the reading of packet dumps and other Network Security Monitoring activities.
I much prefer lightweight development processes, very small teams, and programming practices with short feedback cycles, including REPL based development, continuous testing or test driven design, depending on the context. I also prefer continuous integration and delivery. I am not religious about any particular methodology; I have found that different approaches serve different goals, technologies, tools and cultures.
I tend to favour Emacs as my primary IDE, though I have in the past used NetBeans and to a lesser degree, Eclipse professionally. I've used and quite liked Cursive Clojure (based on Jetbrains' IntelliJ). I have experience with a variety of development tools such as GNU make, Leiningen, Maven, Ant, Rake and Capistrano for build lifecycle control; CircleCI, Hudson/Jenkins and Tddium for continuous integration and deployment; Git and previously Subversion for source code management.
Last but not least, my presentation and communication skills are excellent; I have made numerous presentations as a part of my work, and have presented and facilitated at software conferences; in previous roles I have provided ad hoc and formal training in the use of DTrace. I've also trained non-technical end-users, and currently mentor novice web developers for several hours per week.
Joined Appcanary in December 2016 on a short term contract, becoming its first employee in January 2017. Appcanary is a security monitoring and patch management service. My role at Appcanary is "full stack", product development all the way down to devops. The web app and services are built using Ruby on Rails, the server agent is written in Go and packaged for various linux distros.
Part time contract working on the server components of the Motion product. Services are built in Clojure using Compojure-API (Swagger implementation). I work on the Clojure services, as well as consulting on other aspects of engineering, notably architecture and design around scaling.
Joined CircleCI in September 2014 as its first resident Canadian employee. CircleCI is a Continuous Integration and Delivery platform providing services to engineers around the world. In my role in Platorm Engineering and Site Reliability, I worked on code throughout the product, which is written mostly in Clojure and ClojureScript, and deployed to AWS. The architecture evolved quickly over the time I was at CircleCI, both technically and organizationally. Most recently I had been working in the platform team helping implement the "next generation" build system (a more modular system including a number of new tools written in Go) and integrating it with the existing CircleCI platform.
Helped grow CircleCI in Canada, hiring local engineers and helping create a Toronto office.
Focused on development projects in support of technical operations. I re-architected Turn's operational time series data systems, including collection, warehousing, querying and graphing. Delivered a system composed of KairosDB, a 12 node Cassandra cluster, collectors based on the tcollector framework as well as other custom built collectors, and a high throughput data pre-processor I implemented as a node.js application. Also some dashboard UI prototypes implemented as HTML5/AngularJS applications.
Technical Lead on the Circle Street project, a retailer-oriented web platform for distributing local event-driven promotions through digital channels. Circle Street was a collection of apps and services. The web platform was a Ruby on Rails application, deployed on Heroku. Ancillary services were implemented in Node.js. My work included all apects of application development; in particular the creation of RESTful APIs enabling Circle Street content to be distributed via other Valassis channels, a payments gateway, an events collection Node.js application which gathers (amongst other things) rolling weather forecasts for all of the US.
Software Engineer on Project Kenai. Kenai is a software collaboration platform, combining features such as SCM, issue tracking, communications (forums, mailing lists, instant messaging) and documentation management (wiki). The web platform is a Ruby on Rails application, deployed using JRuby on the Glassfish application server, running on OpenSolaris with MySQL. Kenai provides the infrastructure for Java.net, Kenai.com and NetBeans.org. My work included a re-write of Kenai's integration with Sun's Identity Management systems, integration with legacy SCM, and all aspects of software development, deployment and operations support. I was also scrum master.
Java Programmer on the OMalley project, aka Sun Software Library. OMalley was an agile development project building a web 2.0 community and marketplace for Sun's partners and customers. It used a technology stack based on Solaris 10, MySQL and the Glassfish application server, and leveraged Hibernate (ORM), Spring (IoC, TX management), Velocity (templating), Lucene (searching and indexing) and Quartz (scheduling) frameworks. My work was in the server components of the system. During my time on the OMalley project, I developed prototypes using Ruby on Rails, and components using Jersey (which implements Java extensions for RESTful Web Services, aka JAX-RS).
Member of SunCERT, Sun IT's Computer Emergency Response Team. SunCERT was chartered to provide a computer security incident and advisory coordination service. Additional responsibilities included project work such as tool development, vulnerability analysis, penetration testing, and solution deployments including Intrusion Detection Systems and anti-virus infrastructure. In this role I was a co-author of Sun's Solaris Security Certification exam.
On assignment to Sun Labs, I developed an IMAPS mail client using Java ME (MIDP 2.0) for cellular phones.
As an individual contributor in a team of researchers in Sun IT's Technology Office, I was responsible for security projects within the CTO charter. Work included security support for executive and Sun Labs networks, participating in technology trials organized by others in the group, as well as leading trials of security technologies such as IDS and IPS within Sun. During my time in this role I was a member a team assessing responses to Sun's RFP for Intrusion Detection.
Member of a team of four IT architects charged with creating an architecture for Sun's then fledgeling Enterprise Directory Service.
Various research projects leading to product and technology recommendations; maintenance of IT application architecture standards. Included projects investigating semantic web and knowledge engineering technologies such as Topic Maps and RDF and the computational representation and interpretation of ontologies.