Principal Consultant - Security Engineering

• Apr 2023 - Present

Principal NetOps Engineer

• Jun 2022 - Mar 2023

Designed and implemented a highly resilient Network Monitoring platform using Zabbix. The solution was required to monitor 300+ network devices and 10,000 customer devices, with 99.99% uptime. It was implemented using Infrastructure as Code, built using GitHub Actions, Ansible, Python, and YAML, and secured with SAML authentication to Azure AD. Figured out a way to monitor Nokia 7360 OLT devices directly rather than querying Nokia's AMS management platform. This involved reverse engineering the SNMP data and decoding a binary encoded SNMP ifIndex into a readable string. Once implemented, this resulted in quicker polling and reduced stress on the AMS platform. Show less

Network Developer

• May 2019 - Jun 2022

Implemented an end-to-end automation platform for building and updating the Cisco core network devices and Palo Alto firewall policies. Users could request firewall changes through ServiceNow, these were automatically picked up and implemented in code through a Python API built on AWS. Once a change was approved in GitHub, the code was deployed across the network using Azure DevOps, Ansible, and NAPALM. Following this, I was then able to write automated processes to validate the security of any firewall rule being added to the network when a Pull Request was generated. Designed, implemented and migrated to a SASE offering from Palo Alto called Prisma Access for over 500 users. This allowed them to move from a legacy and centralised Cisco ASA design to a completely managed and localised VPN service for our users. As part of this work, Thomas also owned the vendor relationship with Palo Alto. Created an Internet and MPLS-based WAN RFP for a new global network for NBIM. This involved writing the RFP, assessing the returned bids, and working with vendors to create the best-performing network for NBIM. Created the automation for a “Detection as Code” project which implemented detection rules into Splunk’s Enterprise Security. Show less

Senior Network Consultant

• Aug 2016 - May 2019

Created an automated DDoS defence system, based on Python scripting, BGP flowspec, and blackholing. This turned a manual disruptive process into a system that can detect, mitigate, and alert on large amplification attacks quickly.Standardised the provisioning of Core services and device base building with Python, PyEZ, and Ansible.Designed, implemented and migrated to a new Juniper based Core and Customer edge network.Implemented a new monitoring, alerting, and 95th percentile bandwidth billing system. Show less

Network Consultant

• Sep 2014 - Aug 2016

Network Engineer

• Sep 2012 - Aug 2014

Designed, created, and maintained a platform to research new technologies and concepts within realistic defence environments. The platform primarily virtualized a representation of the MoD’s Deployed & Fixed Technical Architectures and enabled multiple teams to undertake their research within a semi-realistic environment. Within the virtualized environment, I undertook research into the potential for Software Defined Networking (SDN) within deployed networks, Mobile IPv6 based MANETs, and implementing and prototyping multicast functionality into a specification for cryptographic devices. Show less

Industrial Placement

• Aug 2010 - Jul 2011