I design and build security solutions for cloud infrastructures and containerised platforms, with matching experience in DevOps and incident engineering.
Full CV available on request.
As a senior individual contributor for the security of Monzo's banking infrastructure, I design and build security solutions and architectures for the AWS and Kubernetes-based platform, improving its resiliency to external and internal threats. Additionally, I provide routine DevSecOps coverage for the platform, and contribute to its long-term security and compliance strategies.
As a senior security engineer for OVO’s energy technology subsidiary Kaluza, I worked to protect the energy retail platform. My primary focus was the infrastructure security of this cloud-native energy retail platform built on both AWS and GCP; building security tooling and defensive & detective controls for Kubernetes clusters, CI/CD pipelines, managed services. Additionally, I acted as a mentor to junior security engineers on infrastructure security and DevOps; and advised and contributed to platform-level projects from security and compliance perspectives.
Blog Post: Building a secure CI/CD pipeline for Terraform Infrastructure as Code
Blog Post: Kubernetes security monitoring on a decentralised, multi-cluster platform
As a member of Monzo’s then-Security Team responsible for protecting an AWS-based, cloud-native banking platform, I designed and implemented extensive automations to enforce least privilege, minimise human access to sensitive data, and enable effective auditing at all levels of the infrastructure (AWS, Kubernetes, and microservices in Go). I additionally provided regular platform engineering and on-call coverage for Monzo's platform at large.
Blog Post: Controlling outbound traffic from Kubernetes
Full-stack web development for a property management system in PHP on Zend, MySQL, and jQuery. I also worked on tools to reduce back-office cost, and improved the codebase’s security.
Passed with Distinction
I work on a range of personal and open-source projects related to security, DevOps, or just hobby; which can be found via my GitHub profile.
I also operate a private, self-managed Kubernetes cluster to host many of these projects, with worker nodes on bare-metal machines from both sides of the Atlantic. This personal page you are reading was in fact served from the cluster!In addition to speaking English and Chinese (Mandarin) at a native or near-native level, I also speak German at an elementary level.