• Engaged to provide a completely fresh approach to a previously under-invested and poorly-managed infrastructure by incoming creative and dynamic managers.
• Revised security policies to counter recent media coverage of lost data by other public sector agencies; developed the security horizon, and deployed mechanisms for remaining within it and protection when leaving it, maintaining a simple and transparent user interface discouraging bypassing. These included secure encrypted USB memory fobs, RSA two-form-factor authentication, and laptop disk encryption, for over 600 users.
• Introduced new products, technologies, and initiatives, such as security hardware, monitoring software, network analysis tools, etc.
• Formulated strategy on security and services, to promote more efficient usage of new and existing resources, meeting ISO27001.
• Diagnosed issues on Dell blade farms running Citrix Presentation Server to remote sites across WAN and SSL VPN’s, resolving software packaging / installation problems.
• De-cluttered network infrastructure, organised new VLAN’s with shared VOIP.
• Redesigned network layout to introduce top-down default gateway to filtering software, removing obsolete proxy technology to carry from a “flat” network, with the result leap in compatibility in many applications and resolution of many outstanding network issues.
• Refocused Exchange as a collaboration productivity tool, with redesigned mailbox storage within the SAN, resulting in removal of archiving and mailbox size restrictions, to
Contract
Create new, and redesign existing, secure cost-effective solutions.

very positive user satisfaction feedback.
• Redesigned the Active Directory, and integrated workstation profiles, security policies, group policies, and shared drive / group mappings.
• Developed the Information Management policy to lower it’s reliance on draconian and inflexible document storage mechanisms unpopular with users, replaced with more friendly Sharepoint collaboration software.
• Provided a technical excellence audit for in-house developed code, which performed the mainstay of corporate applications, in C++.
• Designed a secure remote environment utilising Citrix Access Gateways and Netscaler load-balancers.
• Developed a wireless environment, correcting issues Cisco themselves had introduced, complete with controllers and POE access points over fifty thousand square feet.
• Handled the technical project management aspect of various departments relocation.
• Provision of new design for outsourced Human Resources database overcoming remote desktop limitations and replacing with secure FTP.
• Documented as much of the environment as possible, and created an internal knowledgebase for IT infrastructure documentation.
• Conducted internal penetration testing, detecting issues in various aspects of the infrastructure not previously pinpointed, and devising mitigation strategies.
• Devised and implemented internal auditing procedures for information management, covering all enterprise and operational risk and incident management policies.
• Advised on server patching protocols, and created more secure and resilient local backup mechanisms utilising local disks and SAN storage much more efficiently and safely, reducing downtime and increasing reliability.
• Provided mentoring on all aspects of IT, from helpdesk training through to assistance with daily issues, to best practice advice and executive-level consultancy.
• Provided revised suite of network tools to monitor and examine quickly network issues, supplementing considerably the existing solutions with open-source software.

Microsoft Windows 2003, Microsoft SQL Server, Microsoft CRM, Microsoft Sharepoint, Microsoft ISA Server, Dell blade & rack servers, Websense, HP Openview, SolarWinds Toolkits, Wireshark, Network Associates Sniffer, Hummingbird / Opentext, Microsoft Office 2003, Dell CX200, CX300, CX500 SAN’s, Citrix Access Gateways, Citrix Netscalar Enterprise, Cisco 28xx and 29xx, 37xx, 4xxx, 55xx, 6xxx series switches.

Extended Contract
Review architecture decisions and advise on alternative solutions.

• Engaged as a recent addition to a root and branch process to review key infrastructure and application solutions supporting recent additions to the PCI DSS security standard recently undertaken by other outsourced organisations providing such services to Barclays.
• Each potential solution was to be analysed from the initial requirement through to final design, for the possibility of more efficient or cost-effective implementation strategies, materials or resources utilisation.
• Each solution was also evaluated technically, for the estimated potential to fit its final requirement, and the potential for it to be successfully delivered with the necessary quality within the desired timeframe.
• This stage also involved extensive interviews with the original architects from the outsourced organisations, to obtain detailed reasons for the decisions taken in submitted solutions, focussing on areas such as lack of technical diligence, selection of inefficient resources, sub-optimal resource re-utilisation and recycling of existing materials and systems/services, and in particular over-reliance on other existing solutions provided by the same channel and associated lack of resilience.
• Where an improvement or efficiency could be realised, I had to provide a full and quantitative explanation of my reasoning, with accompanying evidence for the changes I was proposing, with associated risk assessment and cost/timeline corrections.
• These alternative proposals were often required to then be debated and “sold” to an audience composed, in at least part, of hostile stakeholders and cynical proponents of opposing solutions with vested interests in their alternative solutions or maintaining the status quo.
• Successful challenges were then sent back to the outsourcing channels for reconstruction of the original proposals integrating the changes I had provided.

Continually Renewed Contract
Multiple solution design and implementation

• Primary responsibility was to ensure the continued provision of Liberatas’ BPO services to the Ministry of Justice following the dissolution of the ARAMIS contract and consequential change of network provider. This meant that the single WAN that had been used until this point was being removed in favour of another from a different supplier, and every business function that Liberata provided to the MOJ had to be guaranteed to run in the new configuration. The challenge was made much more complex by the fact that between three and five suppliers were also involved in providing services critical to these processes.
• I produced technical reviews of every provided application and service, obtained by visiting each office to interview where possible the original developers, technical support staff, and project managers, and assembling all documentation, rewriting where necessary to replace any absences.
• Having established the scope of the changes to be made by the new network provider, I proceeded to establish the impact to every affected system, and produced a “hit-list” showing the risk to each.
• From this “hit-list”, and in full liaison with as many of the original team as possible, I proceeded to design corrections in both the application architecture and the network connectivity of every provided system.
• These redesigns were then presented and championed by myself with Liberata internal management, MOJ officers, and all the involved suppliers.
• Following each redesign, I was then directly responsible for the full delivery of those changes within both the parent company, by building extensive relationships with these other incumbent suppliers at technical and management levels.
• This culminated in developing delivery paths with the agreement of all parties, with associated issue resolution and risk mitigation, and with resource requirements and timescales agreed to ensure a seamless handover at the end of the contract.
• Additional responsibilities involved being a primary resource for the end-to-end design and implementation of other solutions within Liberata for other customers to improve efficiency of established business processes and reduce costs with the right mix of sensible cost-effective technology improvements; and for the successful design and costing of responses to tenders and bids for potential new business.
• An example of such solutions include the wholesale stage-shifted relocation of an entire call-centre to a more cost-effective shared facility on the other side of the country, with the associated development of scripting and a new support intranet website, and implementation of a multiple VPN tunnelled infrastructure permitting secure transport from an uncontrolled managed building over insecure networks, resulting in very significant cost savings in network provision.
• Another such example was spearheading the development of new segregated purchasing of technical resources, with a library of compartmentalised “building blocks” of pre-approved solutions capable of reliable scaling, resulting in rapid assembly of integrated solutions requiring a minimum of technical oversight, and yielding a dramatic reduction in the time and number of signoff chains, leading to more rapid shipments, reducing costs and boosting profits.
• Another such example was leveraging the economies of scale open to an outsourcer by combining the existing computing requirements of new customers into multiple standardised frameworks within which such requirements could operate without reference to the original infrastructure, thus demanding minimal investment in new infrastructure and overheads, reducing power and cooling consumables, and reducing overall costs.
• My final tender design was for a new interactive website solution to provide a council with public access to their works and property management databases via an AJAX/Ruby developed environment, utilising the open-source LGOL-Net software and accessing the Government Gateway, to provide their employees with rich remote mobile access connectivity, and their customers with a flexible and easily understood resource.

Microsoft Server, Oracle, J D Edwards, Cisco, Juniper, VMWare Infrastructure, HP / DEC Alpha / Dell server platforms.

Renewed Contract
Provide technical and procedural consultation for NT4 migration projects.

• Responsible for implementing agreed technical designs, creating and troubleshooting final-stage corrections to unforeseen technical issues, documenting changes, and arranging sign-off of these modules.
• Each module required full PRINCE2 project management, liaising extensively with other teams and consultants, continually engineering new business procedures to establish rapid access to resources, and agreeing on contributed work and critical paths taken.
• Primary work involved engineering and documenting the procedures to integrate SQL Server 2000/2003 and Reporting Services 2005, into the banks existing infrastructure and a new operational environment utilising highly-secure administrational access using tiered Terminal Services gateways and RDP access via VPN and encapsulated VLAN.
• Other projects involved producing a standardised application platform providing a fully managed and monitored secure environment using Tivoli and Quest software tools.
• All environments were subjected to full prototyping in proof-of-concept labs, often in fully virtualised environments to make optimal usage of these resources.
• All projects were successfully completed to very tight timescales, under extremely demanding environmental conditions, and sensitive to conventional banking security and political considerations.

Microsoft Project 2005, Microsoft Virtual Server & Virtual PC, Microsoft Windows Server 2003 SP1 Release 2, Microsoft Exchange 2003, Microsoft SQL Server 2000-2003, Reporting Services 2005, Quest Spotlight / Foglight, Tivoli management tools, Altiris software deployment tools, HP EVA8000 SAN, HP BL25p/BL45p blade farms, HP DL385/585 family servers, IBM BladeCentre & HS20 blade farms, Cisco network switches.

Continually Renewed Contract
Provide technical and procedural management for multiple concurrent projects.

• Evaluate and direct variety of on-going end-of-budget-year projects involving various technical improvements to service infrastructure, applying PRINCE2 methodology to correct critical path, performed triage to all projects to establish which projects needed to be terminated immediately, and which projects could be saved, using full risk analysis.
• Retroactively applied PID’s to establish business case, and from there gap-analysis between expected project deliverables and true business requirements.
• Published multi-layer project plans outlining each individual project, and a master plan integrating all deployment schedules.
• Risk analysis consisted of personal examination of each project using my technical expertise and locating unforeseen disconnections on supply chains, exaggerated component costs, unnecessary pre- and post-installation processes, over-optimistic budgeting, and environmental capacity planning of the target datacentre.
• Mitigation of these factors meant re-interviewing clients and suppliers, signing new contracts, agreeing new deployment schedules, and revisiting costs and budgets.
• Full integration of each project’s impacts with their stakeholders, obtaining approval for each stage to prevent difficulties and conflicts at a later stage, with communication maintained and co-ordinated by myself, ensuring awareness of all work undertaken.
• Each process was fully protected by the NFU (double-safety-net) procedures ratified by ITIL process guidelines and the Microsoft MOF, establishing importance of each component and SLA’s for it’s downtime, and devising procedures to achieve these using swing-shift or replacement hardware and guaranteeing availability at all required times.
• Revised project plans and deployment schedules permitted all required projects to integrate successfully into the datacentre on-time and well under budget.
• Projects included server system consolidation, communications upgrades including packet compression and load-balancing, additional power and cooling upgrades, blade server infrastructure design & implementation, CRM system upgrades, email server upgrades, capacity planning of existing and future utilisation, mobile VPN over 3G (using RSA tokens) design and installation.
• Lead technical architect on VMWare ESX introduction, including replicating existing physical services to virtualized environments for disaster recovery purposes.

Microsoft Project 2005, VMware ESX v2.51, Microsoft Exchange 2003, SAP SCM/SRM/CRM, Flexframe & Netweaver, Firewall-1 NG, RSA SecureID software & tokens, IBM SAN’s, IBM rack & blade servers, Extreme & Cisco network switches.

New Contract
Audit, analyse, evaluate and report efficiency and fitness of internal IT group.

• Investigated operation of internal IT group responsible for providing communications, file storage, and managed desktop solutions to the organisation.
• Analysed internal procedures, fault call logs, budgets, organisational structures and user surveys, and held interviews with all section managers to establish the true status of the group.
• Evaluated quality and suitability of each section within the group (International, United Kingdom, Administration, Governance, and Development), and assessed every aspect for efficiency and quality of their delivered solutions, and of ability to meet the requirements of the business.
• Every major business process was compared with it’s equivalent in the ITIL library, and acute disconnections were located, Solutions for these disconnects were then engineered by myself using my own experience operating in these areas.
• For every section, an in-depth report was created and submitted showing fully the internal mechanics and deliverables, and discussed any and all anomalous behaviour and inappropriate expenditure, inefficient technical solutions, underperforming or ill-utilised resources.
• Any easily-obtained advances in efficiencies were then proposed with business impact analysis, project initiation documentation, projected Gantt chart and timelines, and full expenditure calculated.
• Particular findings of the report focussed on the dependency of the organisations WAN to carry high-bandwidth media content , and solutions were accordingly outlined for caching and compression techniques to reduce the overhead of such material.
• Any less-obvious or harder-to-realise improvements were then fully researched for potential viability, whether internally or by outsourcing, on a due-diligence basis, and these results were presented in a similar manner.

New Contract
Design a complete corporate consolidation and storage solution.

• Interview key site stakeholders and analyse logistical requirements for the next stage of the corporate development, developing a greenfield solution embracing fully virtualised processing and storage resources, to provide a seamless resilient and flexible grid computing approach to replace legacy file servers and directly-attached storage systems.
• Evaluate, size, design, and demonstrate concepts of, a complete mid-range Storage Area Network (SAN) and supporting infrastructure, using HP EVA disk arrays, ESL tape libraries, Cisco SAN FC and LAN Ethernet switches, and HP p-class blade server solutions.
• Design embraced multiple virtualised clusters running Windows Server, with Exchange 2003, SQL Server, Citrix Metaframe XPe, Microsoft NAS and NFS filesystem gateways using Storage Server, deployed with HP Rapid Deployment Package and BladeSystems Management, and fully monitored using OpenView, Insight Manager, Microsoft Operations Manager, and Microsoft Systems Management Server,
• Provide full technical solutions down to software and component level for major corporate components running on existing equipment, to provide a stable and safe migration path from legacy infrastructure.
• Champion chosen strategy for Fujitsu with their customer, and take part in the sales and technical presentations to outline and explain the solution as proposed for their site, with suitable bespoke customisation to meet the unique business requirements. Further surgeries and Q/A panels were also held.
• Full liaison with external suppliers to provide accurate costings meeting customers planned deployment cycle, with full life-cycle expenses calculated.

HP EVA 5000 & 8000 disk arrays, HP ESL-series tape libraries, Cisco 9500-series SAN switches, Cisco 6500-series Ethernet switches, HP p-class blade servers and enclosures (BL-25p, BL-40P), HP CommandView EVA, HP Openview, HP Insight Manager, HP Data Protector EVA, HP Storage Essentials EVA, HP Rapid Deployment Package(RDP), Windows Server 2003 Enterprise, Microsoft Windows Storage Server 2003, Microsoft SQL Server 2005, Microsoft ISA Server 2004, Microsoft Operations Manager 2005, Citrix Metaframe XPe FR3, VMWare ESX v2.5, VMWare GSX 2.5, VMWare Workstation 5.0, Matrix Polyserve, Microsoft Virtual PC & Virtual Server, Microsoft Exchange 2000 Enterprise, Microsoft Exchange 2003 Enterprise.

Renewed Contract
Design & implement a number of initiatives to improve and secure the agencies IT infrastructure.

• Responsible for generating and implementing (full lifecycle) project plans using PRINCE2 and ITIL processes to enact upgrades to business infrastructure.
• Upgrade and deploy RSA encryption tokens to user base, along with software to create a VPN, for unattended installation for approx 200 users
• Schedule and implement a switchover of the suppliers Internet pipe carrying all agency communications safely, by phasing a gradual handover of services from one provider to the next, involving external IP address changes, firewall reconfiguration, security evaluations, and full risk mitigation.
• Documented entire network topology using current scanning and security tools, to build accurate portrayals of all network connections and associated weak points to reduce attack surface vulnerability.
• Design and evaluate Outlook Web Access for Exchange Server 2003, covering all possible security points for incursion using attachments and external access.
• Specify and design solution for expanded Citrix usage via NFUSE technology to provide a cross-platform remote desktop to mobile users, using Citrix processing appliances.
• Evaluate current security model for all hard and soft vulnerabilities, such as firewall weaknesses, infrastructure limitations, and human interface failings, such as social engineering attacks and penetration testing.

HP Server Arrays, HP SAN, Nokia 1xx – 5xx series firewalls, Checkpoint Firewall Next Generation, Checkpoint VPN, RSA SecureID software & tokens, Windows Server 2003 Enterprise, Citrix XPe FR3, Oracle Database Server Release 3, various security analysis tools such as MBSA, NMAP, GFI, Solarwinds, LC5.

Continually Renewed Contract
Organise a structured zero-impact nil-risk relocation of IT applications and core business communications infrastructure into a new Datacentre under extreme time constraints.

• Brought on-site by outsourcing company to provide project management services for a datacentre relocation of entire corporate dataprocessing and communications business service handling, both for internal use and for it’s customer-facing systems – which is considerable for a communications company.
• Responsible for complete process of relocating hardware and infrastructure by service application – metering, accounting, sales, software development, testing systems, etc.
• Assessment of risk, and design of phased relocation with no impact on day-to-day operations on live mobile phone network.
• Creation of new procedures and techniques to migrate each service in it’s entirety, tailoring each move to the particular characteristics of each service and it’s requirements, developing new hardware and software solutions to accommodate these, and conducting regular interviews and discussion groups to ensure agreement from the user groups.
• Allocation of technical and logistical resources to implement these changes, both internally from support groups, external support companies, manufacturer and vendor support, removal firms, service providers, datacentre management, etc.
• Ensured that existing disaster recovery and business continuity disciplines and procedures were followed and adhered to – not only were some relocations critical by nature, but future resilience had to be respected and maintained.
• Scheduling of change control with departmental application owners and developers/users. Often out-of-hours to minimise disruption, these changes had to integrate physical relocation of hardware with changes to firewall, switch fabric, and SAN path access.
• Continual and regular contact with all parties scrupulously maintained - surgeries were held to ensure complete confidence in all processes, feedback reports at all stages were made, the status of each migration and of the whole project was analysed at each and every point, and performance of each modification was extensively scrutinised.
• All activities were coordinated with due regard for political sensitivity, customer confidentiality, and corporate security - even when such factors directly impeded the continued functionality of applications. As is often the case with outsourcing arrangements, such wholesale changes and agreements are usually difficult to broker when not directly addressed with the SLA’s in force, and therefore demanded the best from my negotiating skills.

HP/Compaq Proliant servers & EVA SAN, Sun F15K and Sunfire, EMC Symmetrix, HP Superdome, DEC Alpha, Windows NT4 Server, Windows 2000 Server, Windows 2003 Server, Citrix Metaframe XPe FR3, IBM Websphere Application Server, Oracle Database Server Enterprise Edition Release 1, Oracle Database Control, HP Openview, Cisco routed and firewalled infrastructure.