This is a public document, so places, dates and client names have been redacted.
In [year] I worked with [organisation] to create a design for a single solution to calculate and make payments to general practitioners, dental practitioners, and pharmaceutical contractors.
I met with the CTO and CIO to understand the business and IT strategy at the time. I conducted interviews with the user experience team; claims assessors, the assessment committee, and paymasters to document ways of working, and to elicit requirements. I also interviewed operations and support stakeholders.
This resulted in a vision/scope through which the customer and team were able agree to a single solution, project direction, and technical approach.
In [year] I worked with an equity release client to provide them with an underwriting capability. There was an immediate need to stand up a service within 8 weeks. The client’s objective however, was an automated, service-based solution.
To meet the initial requirement, I designed a simple data capture web site, allowing the client to use existing web hosting infrastructure to enter underwriting data remotely. I then led the creation of a cloud-based underwriting service over 3 more months. It soon became apparent that the client also needed access to customer medical records, and so I modified and extended the restful service design to provide the unforeseen features.
In [year] I worked with a department that required a secure client application to communicate with a number of USB devices. Current (and popular) sentiment called for a web application and web server to run on the client hardware (hundreds of workstations); to use web server components to communicate with USB devices; and to install a database on the client.
A fixation on web technology was driven by the predominant number of web developers employed by the organisation, and of course industry trends at the time.
By means of a threat model I demonstrated that while politically palatable, the solution increased the number of configuration items, and thus quadrupled the attack surface. The web-based approach also increased both development and maintenance costs. Highlighting these problems led to a re-designed .NET client application consisting of a single configuration item and a substantially reduced attack surface.
In [year] I was asked by an air force to troubleshoot a critical failure in a system that allows operators to catalogue and optimally distribute passengers and freight on military aircraft.
I discovered that message queuing used by the system failed after the introduction of network address translation. The solution I recommended to technical stakeholders was to replace message queues with asynchronous services and proxies.I briefed non-technical staff by describing message queues and NAT by analogy - that workstation/operator PC identities are a finite resource, which led to a change to how these identities are assigned, thus breaking the system. I explained that message queues allowed one to, for example, buy shoes from Amazon, where shoes are purchased only once even if multiple requests are submitted. And of course that async services provide a similar function to message queues, but one that works with the new workstation identification system/NAT.
In [year] I was asked to address the business problem of the long delay police officers faced between attending a crime scene, and recording crime scene information in a computer system.
After an extensive situational analysis, I discovered that technical stakeholders were constrained by a low budget, limited resources, and the lack of a WAN. I then sought out actual candidate users of the system (police officers), and discovered that they were constrained by poor IT literacy.
This approach allowed me to discover the roles, norms and values prevalent in that organisation, and present a successful solution using cheap, handheld consumer devices.
Taking the previous example of the police force further, I decided to create a mobile application on a Compaq iPAQ. Data could be captured at the crime scene, and synced with a backend service when the officer returned to the station.
When presenting my recommendation to the client I was met with resistance to the approach. I overcame this by asking a police officer with no prior knowledge of the project, the hand-held device or the app to demonstrate the app. The user interface was intuitive enough for the officer to record basic crime scene information without assistance. I also demonstrated that CAPEX was expected to be well below budget.
In [year] an investment bank needed to transfer 700Mb of data to 2,000 workstations daily. The process took 6 hours, and the client wished to reduce that time.
The solution I presented called for a mesh distribution model as opposed to the existing hub-and-spoke distribution. This reduced processing time by 5 hours, but required installing an agent on each of the 2,000 workstations.
I resolved the contradictory situation by having technical and business leaders play the planning game, in which use cases are voted on. That outcome was put to a change control board, and approved.
In [year], following a merger of two financial service organisations, two conflicting approaches to merging the Active Directories of both organisations arose. One organisation wanted trust relationships between the domains. The other wanted to migrate all users and resources from one organisation into the directory of the other.
I formulated the problem. I added both proposed approaches, and a third (creating a new AD forest, with trust relationships with existing directories). I then called a meeting in which the problem was described, and solutions proposed.
Facilitating discussion and transparency allowed stakeholders to choose option 3 while minimising affective conflict.
In [year] I worked with an immigrations and customs department to modernise control points and supporting backend systems. I worked on a data strategy for the same organisation back in [year], and thus understood the cultural, political and technical environments.
That knowledge allowed me to quickly present a technical solution to the client’s current problem, and to gain the approval of incumbent architects and business stakeholders.
Additionally, that understanding allowed me to focus my efforts on aligning external vendors with the client’s vision and expectations.
In [year] I led the design, development and deployment of an insurance pricing and activation system.
Knowing that the organisation had inadequate change control and governance procedures, I trialled continuous integration and delivery on this project (the customer was new to agile processes). I prepared infrastructure and operations stakeholders by informing them of our intent, and let each stakeholder know what to expect, thus managing a flawless deployment when the system went into production.
The success of that project led to a review of governance and assurance processes and procedures within the organisation.
In [year] I ported [application] from Symbian to Windows Phone. It was a politically charged time, culminating in [executive]’s memo to staff.
Knowing that leadership sentiment was leaning towards a partnership with [organisation], and that this organisation was viewed with disdain by many employees, I ran voluntary workshops to raise awareness of [organisation's] tools and technologies, specifically as they related to the existing product suite.
I was told later that those sessions directly contributed to a successful first release of [product] on Windows Phone.
In [year] I devised and instituted a compulsory change advisory board for a financial services company. Any change to a production environment, service or appliance had to be approved by the board, and be accompanied by a detailed implementation plan, and release notes. The CAB met twice a week to approve qualifying board submissions.
Later that year I also established a technical design authority, whose purpose it is to formalise architecture design approval, quality assurance, technical debt, and risk management.
The immediate benefit was documenting compliance with, or justifiable variance from, standards set for all IT projects, across all departments.
My previous answer demonstrates my understanding of evolving, collaborating and supporting governance. In terms of assurance –
Where projects failed review, I worked with the project team to resolve issues and address shortcomings before re-submission to the TDA.
In [year] the financial organisation I worked with, merged with another early in the year. A revised IT strategy that aligned both companies to the shared business strategy was required. I was tasked with the creation of an initial draft, with contributions from other IT stakeholders.
Whilst I’m not at liberty to disclose the short or long-term objectives of that strategy, it did provide an ideal opportunity to formalise agile practices within both IT departments. Similarly, the merger presented significant cost savings by moving systems and services to the cloud.
In [year] the [government department] requested a system that facilitates access to HR functions from remote, assumed-to-be-compromised workstations. My initial design called for a web server to proxy requests from clients to backend applications. This design was in line with guidance provided by the client.
During that same year, a new release of an application gateway was released by Microsoft. This gateway product (IAG) provided the same functions and features we were intending to code by hand. I then took a revised design including IAG to the client, and after a review process gained approval for the change.
In [year] I drafted a strategy document outlining mid- and long-term goals to componentise common functions (such as underwriting) within the organisation, and to convert monoliths in which they existed, into micro services.
However, in [year] a legitimate requirement arose for actuaries to make frequent and significant changes to a particular underwriting calculation model. To meet that business need I recommended lifting the shared functionality from the micro service into a separate, bespoke monolith that meets the business need.
The deviation was reviewed, assessed and approved by the technical design authority, demonstrating IT flexibility and support for business agility.
In [year] I designed a system that accepts customers’ medical records. To do that securely I began by creating a privacy impact assessment in conjunction with the data protection compliance officer.
The justification for the above controls was compliance with data protection regulations.
In [year] I was asked by an insurance provider to design and build an API for a policy pricing and activation engine. Calls to the API were constrained to complete within 8 seconds by the service level agreement.
The client and our team agreed to the use of the Origo 3.7 standard to exchange quote and activation data. I worked with actuaries to design and create a web service to validate incoming Origo XML data, and hand that off to a pricing and activation component.
The solution now activates a policy, or returns a price within 3 seconds.
In [year] my client requested a system that facilitates access to HR functions from remote, assumed-to-be-compromised workstations.
I designed and delivered a federated authentication and authorisation system for this project. As the user need required use of technologies familiar to users, I chose Chip & PIN (also used in credit and debit cards), and integrated that two-factor authentication mechanism with the existing directory service acting as the identity provider. Finally, I configured a service provider for the client.
Consequently, 10,000 users who didn’t have access to HR functions whilst abroad were given access to services such as booking holidays and changing bank account details.
In [year] I was asked by an insurance provider to design and implement a Know Your Customer solution to comply with FCA regulations.
I ran the entire client base through a PEP¹/Sanction screening list. I then created a pattern matching system to define client’s expected transactional behaviour. Finally, I defined and used join points (conditions) and point cuts (actions) to notify compliance personnel of deviations from predicted customer behaviour, who take appropriate action.
The insurance provider is now fully compliant with FCA regulations, and has thus mitigated the risk of financial penalties for not meeting their obligations.
All content copyright © Michael Wittenburg 1995 to 2020. All rights reserved.
Merch (t-shirts designed by my twin)