Curriculum Vitae

Every role I have held — carpenter, designer, data centre manager, security architect — has been the same job wearing different clothes. You study a material, understand how it fails, and build something that holds up under stress. A dovetail joint, a firewall policy, an obfuscation technique: the thinking is identical. Structure, load paths, failure modes. The material changes; the discipline does not.

That is the thread. It is why a career that looks nonlinear on paper has actually been one continuous practice — applied to wood, then to networks, then to security architecture at scale.

I started as a carpenter in the mid-nineties — site work on affordable housing in Brighton, then contracted to a film studio in Luxembourg where I built sets for American Werewolf in Paris. Half the role was workshop construction from technical drawings; the other half was standby problem-solving on set, adapting to whatever the director needed in the moment. It taught me to work fast, work precisely, and think on my feet.

Between contracts I studied Interior Design at Ravensbourne, where I was drawn to spatial systems — how environments shape behaviour, how structure serves function. That programme ran concurrent with a part-time systems administration role in the university's Network Operations Centre, and the crossover felt natural. Both disciplines dealt with the same questions: how do you design something that accommodates change, handles load, and fails gracefully?

The part-time role grew into a decade of consulting across commercial and academic sectors in the UK. At Ravensbourne I designed and deployed AAA infrastructure, rearchitected firewall perimeters using OpenBSD CARP and packet filter, built fault-tolerant WAN topologies, and managed production Red Hat compute clusters. At the Royal Veterinary College I handled systems administration, disaster recovery planning, and database work. I consulted for BECTU evaluating media production facilities. The thread through all of it was the same: understand the existing system, identify where it fails, and fix the architecture — not just the symptoms.

The transition from physical craft to technology was not a pivot. It was a widening of the same lens. What changed was the material — from timber and steel to packets and protocols — but the instinct to understand structure before building on top of it carried straight through.

My first full-time engineering role was at GoDaddy in Singapore — GNU/Linux systems across a global hosting platform of over 4,500 production servers. Front-line incident response, platform abuse investigation (including evidence chain-of-custody work with US federal law enforcement), and the unglamorous reality of keeping services running at scale. Within two years I was managing the APAC data centre operations, leading a site expansion, building out KPIs that had never existed, and fixing a product change that had silently burned over a million dollars in capacity.

From there I joined Facebook (later Meta) to lead the turn-up of their first APAC regional data centre. Five years as Site Manager, building a team and a culture from scratch in a region where Meta had no operational presence. I proposed and developed the Red Team Operations Global Programme — a partnership between Meta's internal Red Team and Infrastructure Operations across all global touchpoints, including cable landing stations, PoPs, and co-location facilities. That programme expanded to a full data centre engagement, uncovering vulnerabilities that guided strategic growth into high-threat locations across APAC.

The shift from operations into security was gradual and then sudden. I moved into Infrastructure & Operations Security Engineering, then into ERAD Operations — global oversight of non-volatile media handling, digital forensics process improvement, and incident response programme development. Running data centres had taught me how systems fail; the security roles gave me a framework for thinking about why they fail and who benefits.

At ExpressVPN I managed Operations Engineering before volunteering into counter-censorship work — a domain where security, networking, and geopolitics collide. I earned enough trust to secure C-suite approval for a dedicated Information Security Research team across Hong Kong and the USA, reporting into the CISO. We classified censorship entities into tiers, developed short- and long-term bypass strategies, and delivered measurable results: a two-year-old iOS client misconfiguration fixed, a TLS 1.3 flaw in an obfuscation technique discovered and resolved (restoring sustained connectivity from zero to over two hours), and time-to-connect reduced from 20 seconds to under 5 on desktop.

As Cybersecurity Architect at staff level, I collaborated with the Principal Security Architect to establish the formal Security Architecture function — defining structure, workflow, and execution strategy. The work was threat modelling, security control analysis, and the structural decisions about how services should be built. Not compliance theatre. Architectural integrity: identifying gaps before they become incidents, and building governance that engineering teams actually follow.

What "security architecture" means in practice is making the hard calls about trade-offs — where to invest, what to accept, and how to build systems that degrade gracefully rather than fail catastrophically. It is design work. The same discipline, applied to a different material.

I run an independent engineering practice — Knight Intelligence — where I design and build the things I have spent years thinking about. A distributed security operations platform in Rust. An AI-first operating system with multi-model orchestration and autonomous agent delegation. A DevSecOps automation ecosystem. Self-hosted infrastructure from bare metal up.

The projects on this site are the public-facing side of that work. TeenTidal is a parental controls layer for the Tidal music platform. pg-harden is a PostgreSQL security hardening tool. FretNote is a guitar learning app for iPad. They are different problems, but the approach is the same: understand the domain deeply, build something that solves a real need, and care about the details.

I build because it is how I think. Each project — whether it ships commercially or lives on GitHub — is an exercise in applied engineering: the same practice of studying the material, understanding how it fails, and making something that holds.