I have significant experience in the design, maintenance and secure operation
of Internet-based networks and systems. In particular:
- Utiba Software Solutions (February 2010 - current):
Software Engineer
Utiba is a software company focussed on mobile payment solutions, primarily in
the developing world. Headquartered in Singapore, Melbourne is its main R&D
office.
My role at Utiba is primarily related to testing the Java-based software stack
that drives Utiba's installations worldwide (largely Java on Linux), including:
- Maintaining the "continuous integration" (CI) environments for various
software components.
- Investigating test failures, debugging and fixing where appropriate,
either in the test suites or the application code.
- Implementation of a Selenium-based test environment to test web
interface components on multiple browser/OS platforms.
- Configuration of Linux-based virtual machines for demo/test environments.
- Implementation of a database to provide an archive of all test results
for investigative and reporting use.
- Career Break (August 2009 - January 2010):
After 18 years solid work in the IT industry, it was time for a break - to rest,
recover and recharge. I split the time largely between honing my musical skills
and developing a serious interest in photography.
- Toll Group IT (April 2007 - July 2009):
Senior Unix Administrator
Toll is a very large transport and logistics company, with many business
units across Australia, New Zealand and Asia. Toll Group IT provides IT
services to all these areas from a centralised location in Melbourne.
Toll's hundreds of Unix systems are a mixture of mainly Solaris, AIX and Linux
installations, on a wide range of hardware from PCs to rack-sized server
hardware, supported by a team of around fifteen.
As a Senior Unix Administrator on this team, my duties included:
- Implementation and maintainance of improved JET-based "Jumpstart"
environment for Sun server operating system installations.
- Improved Solaris software packaging methodology and maintenance.
Packaging of all required dependant software for Toll's specific
requirements, such as custom Samba and Apache builds.
- Third-level support for all Unix systems, including mentoring of
junior staff. On-call support as required.
- Installation, commissioning, testing and operation of new servers,
ranging from Sun V240 systems, though E25K and M-class hardware.
- Commissioning and ongoing management of "up.time"-based network and
systems monitoring platform.
- Deployment of required Solaris and Linux system patches.
- Virtualisation of SCO Unix legacy systems, using VMWare.
- Development of Solaris LDom (virtualisation) environment suitable for
DMZ operation, including SAN-boot capability and split-PCI
configuration for enhanced security separation, on Sun Blade
hardware.
- Expert advice to network and security teams on more difficult issues,
including firewall rulesets and debugging of network issues.
- Refresh of aging dial-up infrastructure using Cisco 2800 routers.
- Implementation of WPA-Enterprise (ie. RADIUS-backed) 802.11
authentication for existing 802.11 wireless network.
- Assurance Pty Ltd (January 2008 - April 2008):
Senior Security Consultant
Assurance is a small Melbourne-based security consultancy, focussing on
corporate security issues. Services include application security testing,
firewall auditing and secure systems architecture. Reporting is often the
main customer deliverable in this environment.
As a security consultant, I carried out work along the lines of:
- Audits of firewall rulesets, including Cisco PIX, Cisco ASA,
Watchguard, Checkpoint and open-source solutions, for large
corporate customers.
- Penetration testing and auditing of customer networks and
applications.
- Advice on security policy and methodology.
- Refresh of network infrastructure systems (mail/WWW/DNS), using
virtualisation and VLAN technologies for enhanced security
partitioning.
- Hitwise Pty Ltd (March 2005 - February 2007):
Senior Systems Administrator
Hitwise provides "competitive intelligence" with respect to
patterns in Internet (HTTP) usage, based on traffic samples from various
sources. With office locations in Melbourne, Sydney, London, New York and
San Francisco as well as co-located hardware in at least as many places, along
with around 200 staff, there was a substantial number of systems to manage
with minimal opportunity for downtime.
I was involved in most areas of the company's information systems but
was most focussed on internal infrastructure projects. Some highlights:
- Rollout of OpenLDAP to all offices for Samba, email and
802.11 (via RADIUS) authentication.
- Multiple upgrades of mail infrastructure to increase capacity
and improve anti-spam and anti-virus measures.
- Deployment of OpenBSD-based redundant firewall setups for
offices and co-located networks on embedded hardware.
- Implementation of inter-office VPN (IPSEC)
- Implementation of helpdesk ticketing system (RT).
- Deployment of Bacula software for backups of Windows workstations
and internal servers.
- Rollout of VMWare to virtualise existing "white box"
PC hardware and provide for easy deployment of new services.
- Implementation of distributed network monitoring system based
around Nagios.
- Implementation of configuration store for change monitoring
and disaster recovery of Unix hosts.
- Alinta (December 2004 - February 2005):
Contractor
I was engaged by Alinta, a national gas/electricity provider, through ASG
to assist with various email migration projects that had arisen due to the
acquisition by Alinta of various other companies. In my short time there
I was involved with a number of projects, above and beyond the orginal
contract specification, including:
- Implementation of Unix-based mail address rewriting and filtering
to support national email routing topology changes/upgrades.
- Management of VMWare hosts.
- Implementation of NTLM-based proxy authentication.
- Squid performance testing for hardware evaluation.
- Disaster recovery plan (DRP) testing.
- Equipment audits of sites across Melbourne and regional Victoria.
- Cybersource Pty Ltd (March 2004 - December 2004):
Consultant
Cybersource is an established provider of specialist IT services, with a
penchant for open-source solutions. My projects included:
- Remote and on-site administration of assorted customer systems.
- Deployment of OpenBSD-based firewall solutions (in auto-failover,
redundant configurations, where applicable).
- Contributions to a Linux-based "small business server"
project, including coding of "Webmin" extensions.
- Deployment of LDAP-based authentication systems.
- ActiveSky Pty Ltd (January 2003 - March 2004):
Senior Systems Administrator
ActiveSky developed a proprietary multimedia content delivery platform for
mobile devices (primarily mobile phone handsets). The company had offices on
the Gold Coast as well as Sydney and San Francisco, along with production sites
in numerous other locations, creating something of a system administration
challenge.
My role extended to the support and maintenance of all company information
systems - development, administration and production. This environment
included diverse platforms, from Windows 2000 through Linux and Solaris systems.
Typical production setups included a mix of OpenBSD, Linux and Solaris,
running security software, proprietary Java servers, JBoss and PostgreSQL.
- Redesign corporate network to improve security.
- Implement and maintain OpenBSD/'pf'-based firewalls and VPN
infrastructure.
- Implement LDAP-based authentication and directory services
(including Solaris, Linux, FreeBSD and OpenBSD platforms).
- Refactor and manage company DNS (implement revision control
and automated distribution of updates).
- Implement and manage company CA (X.509 Certificate Authority).
- Refactor production systems to improve performance,
maintainability and reliability (i.e. tuning, system layout,
software update process).
- Support 24x7 operation of production systems (on multiple
continents).
- Manage network monitoring system.
- Mentoring of junior staff.
- Relocation of Sydney office.
- Develop system for management and analysis of Java XML log files.
- Refactor backup system.
- Create local APT repository for Linux system updates.
- Oversee ISP migration and network renumbering.
- Saise Pty Ltd (October 2002 - January 2003):
Network Operations Centre Analyst
Saise is a provider of DSL and voice services to Australian corporate customers,
originally purely in a resale capacity. In 2002, Saise implemented the
required infrastructure to support "layer 2" termination of DSL
connections. Following on from this, my role at Saise included system
administration and engineering duties, as well as DSL customer support.
- Build new Linux-based mail and DNS infrastructure.
- Maintenance and clean-up of pre-existing FreeBSD and Linux systems
with a view to migration to new infrastructure.
- Implement backups of Unix systems.
- Provide on-call 24x7 support to DSL and voice customers.
- Build billing platform for DSL services.
- Fernhill Technology Pty Ltd (May 2001 - September 2002):
Principal Consultant
Fernhill is a small technology consultancy providing diverse services, most
notably in the areas of Internet security and lightning protection. My tasks
included:
- Design, build and maintain managed security services (firewall and
VPN), including configuration and software update management
systems.
- Commission and maintain company network infrastructure (Internet
connectivity, mail, DNS and web services).
- Unix system administration consultancy.
- Assist with design and installation of lightning protection
systems.
- eSec Limited (April 1997 - April 2001):
Network Architect
eSec was a specialist Internet security company, with a particular focus on
managed security solutions. Initially employed as Network Engineer, in a
company of some 15 employees, my role grew to encompass all aspects of eSec's
computing and security infrastructure on a scale commensurate with a company
of 50 employees and multiple sites.
- Responsible for provisioning and maintenance of all aspects of the
company network, including:
- Telstra Internet "Megalink".
- ISDN and modem based Internet services to customers,
(Bay Networks, Cisco and Livingston kit).
- Apache-based web hosting environment, including SSL.
- OpenBSD/IPF-based firewall (16 interfaces).
- DNS services for hundreds of company and customer domains.
- SMTP/IMAP/POP mail services.
- Internal file/print services.
- Network monitoring system.
- 24x7 support.
- Backups.
- Staff workstations (IRIX, Linux, NetBSD, OpenBSD, Windows).
- Anti-virus software management.
- Unix-based software development toolchains.
- Public Squid-based proxy service.
- Public Usenet news service.
- Public NTP time service (w/GPS).
- OpenBSD FTP/CVS/WWW mirror (ftp.au.openbsd.org).
- 802.11 infrastructure.
- IPSEC services for wireless and remote access security
(including source code patches as required).
- PKI services to support IPSEC and SSL activities.
- Experimental IPv6 6Bone connection.
- Connection to "NAPette", including BGP and OSPF routing.
- APNIC membership and IP address allocation.
- Management of co-located customer machines.
- Installation, testing and management of fire prevention systems.
- Task management system.
- Backup power systems.
- Cable plant.
- Managed relocation of network infrastructure to new premises (twice):
- Provisioning of required telecommunications services.
- Design and supervision of machine room construction.
- Specification and deployment of PABX equipment.
- Orderly transition of network infrastructure services between
sites with minimal downtime.
- Interim communications between sites during relocation period.
- Appointed eSec Security Officer, charged with implementation and
oversight of company security policy:
- Threat assessment and risk analysis.
- Design and oversight of physical security system installation.
- Management of physical and network security alerts and issues.
- Staff security training.
- Liason with senior management on company security issues.
- Technical support:
- Research and authoring of technical sales proposals.
- Pre-sales support.
- Desktop support.
- Second level support for managed security services.
- Customer support for WWW, email and Internet bandwidth services.
- Management of network administration staff.
- Hiring.
- Task assignation and supervision.
- Performance reviews.
- Heavily involved in the development and ongoing management of eSec's
managed security services:
- Operating system platform selection and development.
- Hardware specification and testing.
- Customer firewall policy development.
- On-site deployment of customer firewalls.
- Development of CVS-based configuration management system.
- Testing and deployment of reporting system.
- IPSEC security service development.
- Tracker Software Australia Pty Ltd
(September 1992 - March 1997):
Tracker Software was a small software house producing "Contact
Management" solutions for the DOS and Windows platforms.
- Network Administration:
- Provisioning and maintenance of Novell Netware, Windows NT
and Linux-based file/print services.
- Inaugural connection of the company to the Internet.
- Commissioning and ongoing management of servers to support
Internet activity (e.g. firewall, DNS, mail, WWW).
- Maintenance of the company's dial-up Bulletin Board Service (BBS)
pre-Internet.
- Desktop support for all staff.
- Technical Support:
- Telephone help desk operator, providing in-depth technical
support on Tracker products to Australian users.
- Third level help desk function for overseas offices.
- Technical Documentation:
- Authoring of software user manuals.
- Documentation of programming API specifications.
- Production of company newsletter.
- Software Testing:
- Creative testing of new software products.
- Testing of "bug fixes" for existing products.
Previously I was heavily involved in AUUG Inc. (Australian Unix Users Group),
most recently as president and was Programme Chair for most AUUG technical
conferences between 2002 and 2007.