Systems Architect | Infrastructure Engineer | Technical Lead
Engineering Resilience, Compliance, and Fiscal Efficiency for 26 Years.
The Professional Philosophy
I don't just manage technology; I engineer systems for longevity. From the physical constraints of RSJ structural attenuation to the legal complexities of UK GDPR and KCSIE compliance, I bridge the gap between the server room and the boardroom.
My approach combines "Old School" component-level repair and CAD-driven Fabrication with modern Cloud Architecture and cybersecurity logic. Whether it is eliminating a SPOF, optimizing TTFB for a global hosting migration, or leveraging VAT (Section 33B) to slash operational expenditure, I deliver solutions where technical precision meets financial common sense.
Technical Framework & Competencies
True infrastructure resilience isn't found in a single piece of software; it is built at the intersection of hardware physics, network logic, and regulatory governance. Over 26 years, I have developed a holistic engineering framework that treats the building’s RSJ structure with the same importance as the AES-256 encryption layers.
This section outlines the specialized toolkit I use to navigate the friction between technical requirements and organizational mandates, ensuring systems are not just "functional," but forensically sound and fiscally optimized.
While my recent work is rooted in Education, my core focus is building robust, scalable, and secure systems that solve complex logistical challenges. I thrive on translating unique industry requirements into high-performance technical solutions
Core Competencies
Infrastructure & RF
Multi-WAN & LEO Path Diversity
Stratum 1 GPS Time Sync
4x4 MU-MIMO & DFS Planning
LACP & 10Gbps Backbones
Security & Logic
AES-256 & Key Rotation
PDO SQLi Elimination
XSS & CSP Mitigation
SMTP/TLS Hardening
Governance & Finance
DPIA & PII Risk Management
VAT (Section 33B) Recovery
DDSL Safeguarding Technology
OpEx & CapEx Optimization
A Systems-First Approach
In a 26-year career, I have learned that the most expensive solution is rarely the best one. Technical debt is often the result of failing to account for the "Physical Layer"—the building, the local infrastructure, and the people.
Forensic Integrity
Ensuring every log and NVR frame is synced to a Stratum 1 source for absolute legal defensibility and KCSIE compliance.
Sustainability
Using Fusion 360 and 3D Printing to repair and improve hardware, extending the lifecycle of mission-critical equipment and reducing e-waste.
Strategic Resilience
Identifying "Common Trench" vulnerabilities and solving them with LEO satellite orbital diversity to ensure 100% uptime.
More content coming soon, including a detailed CV.
Work
As an IT Technician, I play a critical role in maintaining the school’s digital and operational infrastructure to ensure a seamless learning environment. My responsibilities span the management of the entire network architecture, VoIP phone systems, and core computer infrastructure, alongside the development of custom building management dashboards to streamline facility oversight. With a focus on reliability and security, I troubleshoot complex technical issues and implement scalable solutions to support both staff and students. Additionally, I am a Ubiquiti Broadband Wireless Admin (UBWA) certified professional, bringing specialized expertise in configuring, managing, and optimizing high-performance wireless bridge systems and outdoor broadband networks.
I am a dedicated IT professional with a passion for leveraging technology to enhance the educational experience. My perspective is unique: I don't just manage the systems; I understand the school's wider mission.
As a School Governor at West Leigh Infants and a Designated Deputy Safeguarding Lead (DDSL) where I work, I lead the school's Online Safety strategy. I ensure that our technical infrastructure - from web filtering to monitoring systems - proactively protects our students while empowering them to navigate the digital world safely.
Online Safety Lead: I bridge the gap between technical controls and pastoral care, ensuring our safeguarding policies are effectively mirrored in our digital environment.
Data Privacy & Governance: I lead on GDPR compliance, conducting Data Protection Impact Assessments (DPIAs) to ensure all school technology meets strict legal and ethical standards.
Creative Engineering: Outside of work, I am an avid 3D printing enthusiast, building and maintaining printers to explore the intersection of hardware, software, and physical creation.
Case Studies
These selected projects demonstrate a unique "Full-Stack" competency - from component-level hardware restoration and 4x4 MU-MIMO frequency planning to bespoke software development and board-level DPIA consultancy. Each case study shows how deep technical interventions translate directly into organisational stability, legal compliance, and significant operational savings.
Executive Summary
Tasked with migrating a legacy educational ERP and web stack from a US-based provider to a high-performance UK-based infrastructure. The project aimed to solve three critical issues: Data Sovereignty, System Latency, and Budgetary Efficiency.
The Challenge: Transatlantic Latency & Legal Risk
The existing hosting was based in the US, creating a SPOF (Single Point of Failure) regarding international link stability. Furthermore, under UK GDPR, hosting sensitive student PII (Personally Identifiable Information) outside of the UK required complex legal frameworks that increased organisational risk.
The Technical Solution: UK-Native NVMe Stack
I architected a new environment using a UK-based provider, utilising a high-performance NVMe storage backend.
Data Sovereignty: By ensuring 100% UK data residency, I simplified our DPIA and aligned the school with the latest KCSIE statutory guidance.
Security Hardening: Implemented a new SMTP/TLS stack for all system communications and enforced a Key Rotation policy for the application's encryption layer.
Performance: Moving to a UK data centre reduced "Time to First Byte" (TTFB) by 70%, significantly improving the user experience for staff accessing the dashboard.
The "Financial Engineering" Win
While the technical move was essential, the project was "sold" to the board on fiscal merits.
VAT Recovery: By moving to a UK-based provider, I transitioned the hosting from an "Imported Service" to a domestic supply, allowing the school to utilise Section 33B of the VAT Act to reclaim 20% of hosting costs.
Negotiated Savings: I leveraged the move to negotiate a long-term contract, resulting in a 50% reduction in total OpEx compared to the previous provider.
Outcome & Legacy
The migration was completed with zero downtime. The school now operates on a faster, more secure, and legally compliant platform that costs half as much as the inferior legacy system.
Executive Summary
The challenge was to deploy a reliable, high-capacity wireless network across a 100-year-old school campus. The project faced two primary "invisible" obstacles: structural attenuation from century-old RSJ (Rolled Steel Joist) frameworks and persistent signal drops caused by a major airport flight path overhead.
The Challenge: Aviation Radar vs. Connectivity
Located directly within an airport landing path, the site was subject to frequent 5GHz radar sweeps. Standard auto-channel configurations triggered DFS (Dynamic Frequency Selection) events, forcing Access Points (APs) to vacate channels and causing 60-second connection blackouts for entire classrooms. Simultaneously, the internal steel structure of the building created a "Faraday Cage" effect, severely limiting signal penetration between rooms.
The Strategy: "Small Cell" Density & 4x4 Streams
Rather than attempting to "blast" signal through the RSJ barriers with high-power external antennas, I implemented a "Small Cell" topology.
Hardware Selection: Deployed UniFi NanoHD units. While these are WiFi 5, they offer 4x4 MU-MIMO (Multi-User, Multiple Input, Multiple Output).
Capacity Over Velocity: In a high-density classroom of 40+ devices, airtime contention is the bottleneck. By utilizing 4x4 streams, I doubled the concurrent communication lanes compared to standard 2x2 WiFi 6/7 alternatives.
Power Management: Set all APs to "Low" transmission power. This utilized the building's internal steel as a natural shield, allowing for aggressive frequency reuse without co-channel interference.
Regulatory Compliance & Stability
To eliminate the "Aviation Drop" issue, I engineered a static channel plan using non-DFS frequencies (UNII-1). This ensured that passing aircraft would not trigger a channel move, providing 100% stability for mission-critical educational software and cloud-based assessments.
Outcome
The resulting network provides a consistent 100Mbps+ experience for 40+ simultaneous users per room. By prioritizing MU-MIMO spatial streams over theoretical "burst" speeds, I delivered a platform that handles high-density student loads with sub-10ms latency - far exceeding the reliability of many modern "out of the box" WiFi 6/7 enterprise deployments.
Executive Summary
To eliminate the risk of a SPOF (Single Point of Failure) in the school’s terrestrial fiber, I architected a redundant Multi-WAN topology. By rejecting "false redundancy" (secondary terrestrial lines) in favor of Starlink satellite technology, I achieved true Path Diversity. Furthermore, I leveraged the integrated GPS capabilities of the satellite bearer to anchor a local Stratum 1 Time Server, providing the first unified Single Source of Truth for the school's legal and security logs.
The Challenge: Geographic Deadlock & Temporal Drift
A site-wide audit revealed that while multiple ISPs served the area, all physical fiber entered the campus via a Common Trench. A single "backhoe incident" or water-main burst would sever both primary and "redundant" lines simultaneously. Additionally, internal cellular penetration was non-existent due to the building's 100-year-old masonry and RSJ structure, and the site sat in a "coverage shadow" for 5G.
On the data layer, the network suffered from "Clock Drift." Devices like NVR units and VoIP handsets were synced to various uncoordinated internet pools. This created a "Temporal Gap" - where security logs disagreed by several minutes - making it impossible to create a legally undeniable timeline for DDSL (Safeguarding) investigations.
The Solution: Orbital Redundancy & GPS Off-Tapping
I deployed a Starlink LEO (Low Earth Orbit) terminal to provide a high-bandwidth backup that bypasses all local ground-level infrastructure.
Failover Logic: Configured automated route-tracking; if the primary fiber exhibits high latency, traffic instantly reroutes to the satellite bearer.
Stratum 1 Innovation: I utilized the satellite-integrated GPS to anchor a local Stratum 1 NTP server. This moved the school from "External/Fragmented" time to "Internal/Atomic" precision.
Automated Provisioning: To ensure 100% adoption, I implemented DHCP Option 42. This automatically assigns the internal Stratum 1 IP address to every device - from 4x4 MU-MIMO Access Points to VoIP phones - the moment they join the VLAN.
The Result: Forensic Integrity & 100% Uptime
The school now possesses Forensic Integrity. Whether investigating a cybersecurity alert or a safeguarding incident, the timestamps across the CPOMS database, door access logs, and NVR footage are forensically identical. By solving the Geographic Deadlock, the school is now immune to local exchange failures or street-level cable damage.
Executive Summary
When a mission-critical NVR system suffered a catastrophic OS-level failure, the organization faced a critical lead-time gap for a replacement. To maintain 24/7 security coverage and protect 24TB of forensic data, I performed a "Rapid Triage" restoration. By discovering the factory-installed boot media was a low-endurance USB drive that had reached its write-limit, I engineered a superior replacement using an SSD and USB-to-SATA bridge. This stabilized the hardware and bridged the gap until a new system arrived; the original unit now serves as a high-availability mitigation backup.
The Challenge: The Security Gap
The primary 30-channel NVR failed due to exhausted cooling fans and corrupted boot media, rendering the 24TB storage array inaccessible. With a £500 budget approved for a replacement but significant delivery delays, the site faced a period of unmonitored "blind spots" and potential PII data loss.
The Strategy: Triage, Fabricate, and Migrate
I executed a three-stage intervention to restore service within 6 hours:
Mechanical Overhaul: The proprietary internal fans had reached their MTBF. I replaced the high-static-pressure units and used Fusion 360 to 3D-print custom ducting to optimize thermal management for the 24TB array.
OS Recovery: Replaced the failed internal USB with high-endurance storage. This not only restored the system but provided a significant performance increase in the management interface and NVR responsiveness.
The "Two-Tier" Strategy: I utilized the £500 budget to procure a modern replacement. Once the new hardware arrived, the restored unit was re-commissioned as a secondary, redundant backup server, eliminating the previous SPOF.
Outcome: Forensics and Future-Proofing
Immediate Result: Restored 24/7 CCTV coverage in under 6 hours, closing the security gap instantly.
System Longevity: Extended the life of the 24TB storage array, preventing significant e-waste.
Architectural Win: The organization transitioned from a single-server vulnerability to a redundant standby-server configuration for a total cost of only £500.
Projects
While my Case Studies offer a deep dive into complex architectural challenges, this section demonstrates the 26-year breadth of my technical implementation. From large-scale Enterprise software deployments to ground-up Network redesigns, these projects represent the daily "Heavy Lifting" required to maintain a secure, efficient, and Fiscally Optimized environment.
Every project listed here is built with a Security-First mindset—prioritizing VLAN segmentation, Data Integrity, and the elimination of SPOFs (Single Points of Failure). My focus is on delivering "Invisible Infrastructure": systems that are so stable and automated that they disappear into the background of the organization.
Paperless Print Management (MPS)
PaperCut MF
Architected a centralized print environment utilizing PaperCut MF with secure RFID "Follow-Me" release. By eliminating uncollected "orphaned" print jobs and enforcing duplex/grayscale policies, I reduced paper waste by 30% and significantly lowered monthly OpEx.
EfficiencyGovernanceCost-Saving
Segmented Multi-VLAN Topology
Layer 3 Routing
Engineered a robust internal security perimeter by isolating Guest, Staff, Curriculum, VoIP, and CCTV traffic into dedicated VLANs. Implemented inter-VLAN routing with strict ACL (Access Control List) logic to allow necessary communication while preventing lateral movement during a security breach.
