Profile
I’m an Information Security professional with broad and deep skills. I have over 25 years professional IT experience ranging from IT operations, DB admin, full-stack application development through to Information Security where I have specialised. I am a passionate advocate of security and have hands-on experience in many diverse disciplines including:
• Application security • Threat modelling • Architectural security • Project planning • S-SDLC • DevOps • “Shifting left” • SecOps • Incident Management •
I’m heavily involved in the business side of Information Security and my duties also include:
• Governance Risk & Compliance • GDPR • Data privacy • Legal • Policy management • Security auditing • PCI/DSS compliance • Supply-chain due-diligence • Vendor management • Network security • BYOD • DLP • Endpoint security • Cloud security • Identity/Privileged access management • Training, mentoring and coaching •
My background gives me a unique insight into the triumvirate of business, technology and security and I can communicate comfortably and authoritatively at all levels.
Employment History
Taking a break
July 2022 to Present
I’m taking a break from work at present. This is allowing me to spend time travelling the world and getting involved in various marine and terrestrial volunteering and conservation projects including:
- Manta ray identification in the Maldives with Scuba Travel (two weeks)
- Teaching Scuba Diving as a senior guest instructor in Spain at Diving with Nic (two months)
- Teaching marine biologists and university students to Scuba Dive in Honduras with Operation Wallacea (2 months)
- Wildlife photography and conservation project in the Kruger National Park, South Africa with African Impact (three months)
Lead Security Engineer at Uswitch.com (RVU). London
January 2021 to July 2022
My role and responsibilities at RVU are very similar to that of my previous position at Just Eat Takeaway.com (below). I changed jobs during lockdown which required a much greater emphasis on online communication, organisation, discipline and relied on my being a self-starter.
I continue to work across the business helping teams understand the value of security and apply correct security practices. I understood the business, senior managers and our exec and their need for value. I work at all levels with passion, authority and the pragmatism that years of varied hands-on technical experience provides.
Senior Software Security Engineer at Just Eat Takeaway (JET). Farringdon, London.
September 2016 – January 2021
JET is a leading global marketplace for online food delivery providing customers a secure way to order and pay for food from their restaurant partners. JET has over 54 million active customers across 24 countries and over 205,000 restaurant partners across its network.
I was brought into the newly formed InfoSec team based on my engineering and hands-on security skills. In my four years, I have worked in and developed JET’s InfoSec pillars including SecOps, AppSec, Culture and Awareness and Risk and Compliance. InfoSec now has over 30 members across two continents.
I work across the enterprise and provide security services to every department. My work includes architectural and data handling guidance to project teams, running security workshops and presentations, running threat modelling sessions, working with our engineers to identify and resolve code vulnerabilities, owning and running our supply-chain due-diligence and software risk management processes and maintaining our Information Security policies.
I’m subject-matter-expert on our edge protection and took ownership of our DDoS mitigation and CDN WAF. I own technical relationships with our security vendors and actively contribute to their service road-maps and reviews. I started JETs “Shift Security to the Left” initiative and rolled-out Static Application Security Testing and Software Composition Analysis to our CI/CD pipeline. I introduced the concept of Agile to InfoSec. I became Agile Coach and Scrum Master and used my many years of Agile working to educate and guide the teams. InfoSec is now Agile, we are super-visible, demonstrably productive and everyone has bought-in.
I’m involved in the OWASP London Chapter, contribute to security forums, attend conferences and collaborate with external security teams to share knowledge and experience.
I work with and empathise with engineers to help them understand the value of security. I understand the business, senior managers and our exec and their need for value. I work at all these levels with passion, authority and the pragmatism that years of varied hands-on experience provides.
This year I completed a fifteen month in-work course and achieved a Level 3 Leadership qualification with merit from the Chartered Management Institute. I am also a first-aider and mental health first-aider.
Developer at Paddy Power Betfair. Stevenage, Herts and Hammersmith, London.
Feb 2012 – September 2016
Betfair is the UK’s largest online betting company and owns and operates the world’s largest Internet Betting Exchange. The Exchange processes more transactions every day than all European stock exchanges combined. Along with the Exchange, Betfair provides online gaming as well as a more traditional sportsbook product.
I joined Betfair as part of the newly-formed Enterprise Applications Team. We were strictly Agile and used TDD practices in all our work. As a multi-skilled Microsoft-stack developer, I worked on all legacy, current and future projects in various technologies ranging from ASP Classic and Windows Forms through to MVC and WPF.
I designed, built and delivered enterprise-grade web and desktop solutions for Betfair teams and selected third-parties. Each solution had different UI, storage and security requirements so modern, maintainable and testable technologies were chosen for each. This meant the whole team received real-world experience with up-to-date technologies.
I was regularly involved in special projects including technology selection, system upgrades and decommissioning, database and query optimisation and branding and artwork. I was a trained first aider, fire marshal and member of the “Betfair United” social committee.
| Dev | Visual Studio 2015, C#, Entity Framework, NuGet, WebAPI, WCF, Windows Forms, Console Apps, NT Services, WPF, MVVM, ReSharper |
| Test | TDD, MS Test, Automated Testing |
| Data | Oracle, PL/SQL, SQL Server, T-SQL |
| Web | MVC, ASP.Net, HTML, CSS/SCSS, Bootstrap, JavaScript, JQuery, SOAP/REST, JSON, XML |
| Server | TFS for story, task and time management, source control, automated testing, continuous integration and delivery |
Senior Developer at Base79 (formerly MyVideoRights.com). London SW1.
June 2010 – February 2012
Base 79 were an online media agency protecting the rights of content owners by managing the media distribution monetisation through advertising. Their managed content consistently delivered over 500 million views and over 300,000 monetisable impressions per month with a click-through rate approaching 4%.
I designed, wrote and delivered a new Ad Campaign Management system (ACM). This allowed end-to-end management of the booking, monitoring and reporting of large-scale video advertising campaigns via YouTube, DailyMotion, MetaCafe and VideoPlaza. The system included robust extract, transform and load (ETL) services, publication-quality reporting and an efficient web UI. When the company rebranded to Base 79, I planned and executed the migration of all Myvideorights’ internal and customer-facing systems including websites, cloud based services, mailboxes, domains and security certificates.
| Dev | Visual Studio 2010, C#, WCF, Windows Forms, Console Apps, NT Services, Object-Relational Mapping (ORM) using CodeSmith and NetTiers, ReSharper, Telerik Reporting, SubVersion source control using Tortoise, Ankh and Beanstalk, Continuous Integration with TeamCity & MSBuild. |
| Data | SQL Server, SQL Server Analysis Services (SSAS), SQL Server Reporting Services (SSRS), MS Business Intelligence Development Studio, T-SQL. |
| Web | ASP.Net, HTML, CSS, XML, ExtJS (JavaScript framework). |
| Server | Rally & TeamCity for story, task and time management. Beanstalk for Subversion source control |
Senior Web Developer at ELEXON Ltd. London NW1.
July 2008 – June 2010
ELEXON are a non-profit making arm of the National Grid who manage and maintain the Balancing & Settlement Code (BSC) which governs and regulates the energy imbalance between production and consumption.
I was responsible for maintaining and updating ELEXON’s internal and external web applications. I designed, wrote and deployed replacement development, test, staging and production web platforms. I planned and executed the migration of systems from NT/SQL 2000 and .Net 2.0 to NT/SQL 2008 and .Net 3.5. I was technical lead during enterprise-level SQL migration and consolidation projects. I replaced ELEXON’s in-house search solution with Google SiteSearch. I designed, rolled-out and enforced high coding standards though code-reviews and team mentoring.
| Dev | Visual Studio 2005/2008, C#, .Net Frameworks 2.1/3.5, NT Services, Windows Forms, Console apps, Object Relational Mapping using LLBLGen, Source control using VSS, Continuous integration with CruiseControl. |
| Data | MS SQL Server 2000/2005/2008. |
| Web | ASP.Net, ASP Classic, WSH, HTML, JavaScript, CSS, XML, XSLT |
Senior Technical Specialist with MIVA/Perot Systems Ltd. London NW1
April 2005 – July 2008
MIVA (formerly known as Espotting) were a pay-per-click advertising company whose in-house platform provided its partners and advertisers with a robust large-scale bidding model to support sponsored-link advertising. In 2005, Espotting was rebranded as MIVA and in 2007 I was in-sourced to Perot Systems.
I was responsible for the support and development of MIVA’s existing applications and special projects. I designed, wrote and deployed MIVA Mail and was selected to be senior developer for MIVA’s new PrivateLabel team. During this time, I designed, wrote and delivered a new integration platform for Eniro Sweden and a new multi-client bidding platform for Eniro Finland. I also designed, wrote and delivered a new Content Aggregation Platform which drove many future MIVA products including spill.com.
| Dev | Visual Studio 6/2003/2005, C#, VB 6, VB Script, COM |
| Data | SQL Server 2000/2005 |
| Web | ASP.NET, ASP Classic, WSH, HTML, JavaScript, CSS, XML, XSLT |
Positions prior to April 2005
| Web Developer with Netizen Ltd. Pirton, Hertfordshire | Apr 2003 – Mar 2005 |
| CTO and Senior Systems Developer with MobileFuture/MessageEarth Plc. Ware, Hertfordshire | Aug 2000 – Apr 2003 |
| IP Applications Team Leader at Cable & Wireless Communications Plc. Brentford, Middlesex | Feb 1999 – Aug 2000 |
| Network Analyst at The Medical Insurance Agency Ltd. Stevenage, Hertfordshire | Mar 1996 – Feb 1999 |
| Database Administrator and Developer with the Epwin Group Plc. Paignton, Devon | Jun 1994 – Mar 1996 |
| Computer Operative with Devon Estates Practice. Newton Abbot, Devon | May 1994 – Jun 1994 |
| Self-employed Computer Programmer and Graphic Designer | Jan 1992 – May 1994 |
| Part-time Graphic Engineer at B.J. Print & Graphics. Paignton, Devon | Sept 1991 – Oct 1993 |
Further details of all previous roles are available on request.
Education
| September 1992 – July 1993 Staffordshire University, Stafford. B.Sc. Hons. Software Engineering | September 1990 – July 1992 South Devon College of Arts & Technology. BTEC National Diploma in Computing. All subjects at Merit or Distinction level | September 1989 – July 1990 Long Eaton Community School, Long Eaton, Notts. Eight GCSEs: Computing, Mathematics, Physics, Biology, English Lang., English Lit., Geography & Art |
Interests
Scuba Diving. I’m a Scuba and Technical Diving Instructor with the Professional Association of Diving Instructors (PADI) and the British Sub-Aqua Club (BS-AC). I am also a certified First Aid instructor, a first-aider at work and a mental-health first aider.
Music. I’m working my way through my ABRSM piano grades. I started in January 2019, practice daily and have private lessons. My goal is to be able to play one of the pianos at London St. Pancras station.
Fitness. I enjoy swimming and swim every day at my local pool and in open water where possible.
Cooking. I’ve always loved cooking and in my spare time I successfully completed NVQ Level 2 Food Preparation & Cooking – an industry qualification. Sadly I had to turn down a place on the BBC programme MasterChef, due to work commitments.
Photography. My eye for detail lends itself to photography and I’m improving all the time. Some of my video work can be seen on my YouTube channel: https://www.youtube.com/acolegate