Alexander Clouter B.Sc. (Hons.) =============================== 4 Folly Lane, Hingham, Norfolk, NR9 4JE, United Kingdom • [+44.7944819791](tel:+447944819791) • [current CV](https://digriz.org.uk/curriculum-vitae) \[[markdown](https://digriz.org.uk/.cv/cv.md)\] \[[pdf](https://digriz.org.uk/.cv/cv.pdf)\] \[[docx](https://digriz.org.uk/.cv/cv.docx)\] • [LinkedIn](https://linkedin.com/in/alexanderclouter) [GitLab](https://gitlab.com/jimdigriz) ([work](https://gitlab.com/coremem)) • [GitHub](https://github.com/jimdigriz) ([work](https://github.com/corememltd/)) Date of Birth: 29th November 1980 Personal Statement ------------------ Over twenty years I accumulated the technical and management experience to build, maintain and evolve highly available services at scale, while not having the budget of the global giants. Though I can build out these services myself, I prefer to teach others the skills to do this and avoid the pitfalls I know too well. Though my background is system and network administration, I am a polyglot in programming languages, learning others as and when the problem space demands it. I am comfortable regularly rolling up my sleeves to `strace`, `tcpdump`, reading source code and committing changes that go on to make everyone's lives better. The commercials fascinate me as much as the technicalities of new product development, prototyping, building a minimum viable product and its delivery to market, as well as adapting existing services so that they scale. I believe it is crucial that an organisation is able to iterate through this with ease and speed so that the good ideas are identified and grown upon and resources are not squandered on dead ends. I am acutely aware that of the challenges in bringing a service to market, the software and infrastructure components make up only a minor part. Problems in the market require questioning, evaluation and understanding to have a chance of being able to produce a product that addresses those needs. Clients occasionally have answers or clues to what a solution might look like, though for the purposes of consultancy what is most valuable is their description of the problem space and how, if at all, they address it. Consultancy is a process that should make yourself valuable to the client. This is how I think about problems and their solutions. I enjoy solving problems, I want to understand and solve yours. ```{=tex} \newpage ``` Experience ---------- ### Managerial - running teams from two to ten people - hiring and training staff - \$500k annual budget for infrastructure - liaising with external parties, clients, journalists and hostile third parties - negotiating contracts - challenging dysfunctional tradition - improved communications between teams - handling accreditation and auditing processes ### Technical - Languages/Scripting: C, Erlang, JavaScript (browser and Node.js), kdb+/q, Lua, Perl, PHP, Python, Shell - Databases: SQL (PostgreSQL, MySQL, BigQuery), Big Data (unable to fit in RAM) solutions, Redis, Riak, DynamoDB, Berkeley DB and CDB - Environments: Cloud (AWS, Azure and GCP) including IAM, containers, virtual machines, dedicated servers - Deployment: matching the local workstation developer environment to production, support offline development and a focus on aiming for a no longer than 15 minutes end-to-end cycle - Profiling/Debugging: perf, tcpdump, gdb, strace/ltrace, traceroute (TCP, UDP and ICMP flavours), tracepath - Networking: IPv6/IPv4, multicast, VLANs, Link Aggregation, VPNs (IPsec and GRE/IPIP), Host and appliance based firewalling (stateless and stateful), SNMP, IGP (OSPF and EIRGP), BGP (maintaining an anycast TCP service), QoS, Bridging - Misc services/applications: Monitoring, low-latency, high-availability (not 'use vendor load-balancer'), DNS (authoritative and recursive), git, VoIP Education and Qualifications ---------------------------- ----------- ---------------------------------------------------------------- 2007 **[SANS GIAC Certified Incident Handler (GCIH)](https://www.sans.org/cyber-security-certifications/)** Exam 1 - 100.00%, Exam 2 - 94.67% 1999-2002 **[Imperial College of Science, Technology and Medicine](https://www.imperial.ac.uk/), London** B.Sc. Physics (Honours) 1999 **Royal College of Music - Theory Grade Five** 1997-1999 **[Paston College](https://www.paston.ac.uk/), The Lawns, North Walsham** GCE A-Level Physics: A GCE A-Level Chemistry: A GCE A-Level Mathematics: B GCSE German: B ----------- ---------------------------------------------------------------- ```{=tex} \newpage ``` Employment ---------- ----------- -------------------------------------------------------------- currently **[coreMem Limited](https://coremem.com/)** **Director** Clients including Ad Tech, FTSE AIM 50, [NetworkRADIUS](https://networkradius.com/) and Universities Business and product development Software, infrastructure and systems consultancy Assist with hiring and interviewing of operations and developer staff 2011-2016 **[Telemetry Ltd, London](https://en.wikipedia.org/wiki/Telemetry_(company))** **Head of Infrastructure** Ran teams of between three and ten as well as hiring and training Worked with a \$500k annual budget Reduced development cycles from weeks to hours Primary investigator for fraud, detection, investigation and reporting through media outlets Rapid prototyping, MVP development and product delivery to market Handled auditing processes that led to [MRC](http://www.mediaratingcouncil.org/) accreditation Reduced downtime, lowered maintenance and increased system autonomy in responding to failures 2005-2011 **[SOAS, University of London](https://www.soas.ac.uk/)** **Infrastructure Support Analyst** full production IPv6 and multicast roll-out discover, assess and resolve single points of failure upgrade network infrastructure from L2 to L3 topology maintain multicast IPTV service, portal and custom SAP proxy cost analysis of PBX options over a five year period deploy Tandberg video conferencing service and QA testing automated the migration of 1000 user accounts from Netware to Google for Education documentation for end-users (main website) and colleagues 2003-2005 **[Parbin Ltd - MetroNet, London](https://www.metronet.co.uk/)** **Network Support Analyst** 2002-2003 **[Granada Media Group - Anglia Television, Norwich](https://en.wikipedia.org/wiki/Granada_plc)** **Junior IT Support Analyst** ----------- -------------------------------------------------------------- ```{=tex} \newpage ``` coreMem Limited, Director ------------------------- Since choosing self employment, I have been fortunate to retain a diverse set of clients each with their own needs and challenges. This has also enabled me to pursue product development. ### Notable Projects - Ad Tech - Ad exchange built from scratch with vendor-neutral ETL support - [GPT](https://developers.google.com/publisher-tag/guides/get-started)/[Prebid.js](https://prebid.org/product-suite/prebid-js/) product to improve publisher direct deals using segment targetting (viewability and fraud) - Self service license solution for a FTSE AIM 50 company product - maintain a multi-cloud (AWS, Azure and GCP) marketplace solution - instance attested identity verification and email loops authentication - tenant, environment, user and entitlement (free, commercial, ...) management - legal obligations (EULA, export restrictions regarding party of concern, ...) - datacentre bare metal support services - [NetworkRADIUS](https://networkradius.com/) - [FreeRADIUS](https://freeradius.org/) support for [TACACS+](https://github.com/FreeRADIUS/freeradius-server/commit/6a59647304955d984f2edddca1ccb5828d8c25ee), [EAP-FAST](https://github.com/FreeRADIUS/freeradius-server/commit/30a5d9c0f9eb5436ccba1a06dac3dc8c51878ce9) and [TLSv1.3 for {EAP-TLS,TTLS,PEAP}](https://github.com/FreeRADIUS/freeradius-server/pull/3516) (including for [hostapd](https://w1.fi/cgit/hostap/log/?id=0dee287c84e5a8a678f96ed510d19cd2831694d2&qt=range&q=9acf8da223657e3948351cc1bbab355b3d2469ae..0dee287c84e5a8a678f96ed510d19cd2831694d2&showmsg=1)) - [Wireshark](https://wireshark.org/) improvements to the [RADIUS/EAPOL dissectors](https://gitlab.com/wireshark/wireshark/-/merge_requests?scope=all&state=all&author_username=jimdigriz) - Client training - Refactor a live university network with 15 years of 'history' - multiple OSPF/EIRGP processes and VRF-lite - Migration to new firewall (no flag day, both old and new running active side by side) - Migrate bespoke Perl/LDAP Network Access Control to Cisco ISE - Migration of various legacy services (DNS, RADIUS/eduroam, ...) to Azure with native monitoring, logging and metrics ```{=tex} \newpage ``` Working as an Employee ---------------------- ### Telemetry Ltd, London When I joined Telemetry, the infrastructure team maintained an environment that resembled a continuous raging fire, not helped by the code drops from developers accompanied with minimal support or explanation. 'On call' entailed a seven day marathon of not sleeping with an ingrained expectation to still show up for a nine till six work day. The group was demoralised and exhausted. I taught the group how to evolve our stack to make everyone's lives better. With their access to servers and source code they could make those necessary improvements themselves. Working with the developers we improved their design decisions and the programming skills of my system administration team. With that skill set overlap, developers and infrastructure members started working together more effectively and pro-actively sought advice from one another. During my time there I changed the responsibilities of the team to include assisting others in their work and building fast and dirty prototypes to get projects back on track. We were described as 'working magic'. As well as maintaining a \$500k budget and handling contract negotiations with providers I built new products to test in the market; TLM, SiteDNA and Plan Blue which made its first \$1m within six months. I was Telemetry's primary investigator for fraud, handling the discovery, identification, filtration and working with journalists at the Financial Times, Businessweek, Ad Exchanger and Advertising Age to put together articles about my work; work that directly led to winning new business. #### Projects - **DMC/dyncfg ([press coverage](https://www.adexchanger.com/online-advertising/fraud-day-with-telemetry-automating-ad-fraud-detection-is-dangerous/)):** a unique tool not found anywhere else in the industry that let developers run experiments on live traffic safely, receiving feedback in seconds directly to their workstation rather than hours later when staging their changes. It worked by turning our infrastructure into a lightweight CDN and set the developers workstation as an origin server. The project let staff side load and/or replace all our content dynamically in experiments and drill down to target particular audiences to carry out investigations into fraud or understanding bugs that could only be seen in the wild - **Plan Blue:** real time bidding platform (DSP) for the trading of online video advertising, built from the ground up in three months and making its first \$1m within six months. Infrastructure was completely sans cloud, and utilised fewer than ten commodity leased servers spread across the US and the EU ### School of Oriental and African Studies (SOAS), London I was hired by SOAS to form a two person infrastructure team that would maintain the Cisco based network infrastructure and the handful of Linux systems it had deployed. Shortly after I joined, SOAS embarked on an infrastructure refresh programme to migrate to a 'L3 to the edge' and 802.1X capable wired network that included the roll out of an [eduroam](https://eduroam.org/) wireless service. Working with my line manager and a colleague, we did the initial design, configuration templates, tendering for a supplier and then forklift upgrade of the Cisco switching fabric. The network had since continued to meet our needs as our requirements for quick fail over, higher throughput, multicast and production IPv6 deployment have grown. Whilst there, and due to my involvements with eduroam, 802.1X and FreeRADIUS I was invited to be a member of the [JANET Campus Networking Special Interest Group (DOT1XSIG)](https://community.jisc.ac.uk/library/advisory-services/ieee-8021x-implementation-janet-connected-organisations) and in the past helped as an adviser for the JANET Wireless Technology Advisory Service (WTAS). #### Projects and Presentations - [LanWarden](https://webmedia.company.ja.net/content/documents/shared/networkshop080408/clouter-lanwarden.pdf) - an in house framework that uses FreeRADIUS with LDAP to make 802.1X/MAC-auth policy decisions - [IPTV rollout](https://web.archive.org/web/20201001132138/https://www.soas.ac.uk/itsupport/iptv/) - replaced an analogue service, bringing 70 television and 15 radio foreign satellite broadcasts to every desktop - [Anycast'ing Enabling of Services](https://github.com/jimdigriz/ospf-ha-anycast) - brought high-availability to services (eg. DNS) without adding the complexities, expense and single point of failure that load-balancers can bring - [DNS Hijacking and IP Blackholing](https://github.com/jimdigriz/network-layer-protection) - made the network infrastructure another layer of protection for our users from downloading infectious payloads and phishing attacks whilst also providing the network team an easy way to discover the many instances that anti-virus software had failed - [SLACCers](https://github.com/jimdigriz/slaacer) - IPv6 Accountability without DHCPv6 - [DNS Servers, the More the Merrier](https://webmedia.company.ja.net/content/documents/shared/networkshop300310/clouter_dnsserversthemorethemerrier.pdf) - Why You Need More Than Two - automated the migration of 1000 user accounts from Netware to Google for Education - produced a self service web based frontend that let users migrate their account with minimal downtime ```{=tex} \newpage ``` ### Parbin Ltd - MetroNet, Harrow Working for Parbin Ltd exposed me for the first time to networking. Originally I had been employed for frontline helpdesk work however the role quickly evolved into third line support, training and project work too. The company had several core services, a standard ISP focusing on ADSL services and three specialist sister products, email server outsourcing, web hosting and a fully client controlled domain nameserver hosting, all of which I was to learn and provide support for. #### Projects - [Cerberus](https://web.archive.org/web/20060203091641/http://support.metronet.co.uk/adsl/services/proxy.html) - a lightweight ISP side fully customisable HTTP URL filtering proxy server with a granularity down to per-user and custom lists. The system was based on a Squid which communicated with a Perl daemon that called upon a Berkeley DB to make filtering decisions - eCoLi - was the framework that linked our internal and customer facing ordering systems to BT's unbundled ADSL ordering platform. This was written in Perl and involved a lot of SQL and XML DOM processing, including gracefully handling order failure and processing - [Exchange Service Status](https://web.archive.org/web/20051229200310/http://www.metronet.co.uk/adsl/exchangeChecker) - brought a large amount of information from multiple sources that the telephone company BT generated and then presented to the user as a colour coded calendar. The user would enter in their phone number and get a full history for their local exchange, including all the information we had regarding current outages and known capacity issues. This was a 100% automated system that relied on a Perl backend polling for information, and digesting \`for human consumption' emails with regular expressions for easy data extraction at a later stage ### Granada Plc, Norwich My time at the Granada involved me in the deploying and testing phases of software suitability for both the main offices and the satellite offices in addition to my regular duties as a member of the support staff in keeping things running smoothly. Promptness in problem resolving was common in a newsroom environment due to live bulletins being shown every two to three hours, a computer outage had to be resolved well before the next bulletin.