Work

Home | Work | Play | Photos | Contact | About

Michael Wittenburg - Resume

Home \ Work \ Resume \ Experience

Supporting Evidence of Experience

This is a public document, so places, dates and client names have been redacted.

Working with business and technology stakeholders to translate business problems into technical designs:

I worked with [organisation] to create a design for a single solution to calculate and make payments to general practitioners, dental practitioners, and pharmaceutical contractors.

Met with the CTO and CIO to understand the business and IT strategy at the time. I conducted interviews with the user experience team; claims assessors, the assessment committee, and paymasters to document ways of working, and to elicit requirements. I also interviewed operations and support stakeholders.

This resulted in a vision/scope through which the customer and team were able agree to a single solution, project direction, and technical approach.

< Back | Back to top

Creates an optimal design through an iterative process, aligning such factors as the user need with system requirements and organisational objectives and works with well-understood technology and identifies appropriate patterns.

Worked with an equity release client to provide them with an underwriting capability. There was an immediate need to stand up a service within 8 weeks. The client’s objective however, was an automated, service-based solution.

To meet the initial requirement, I designed a simple data capture web site, allowing the client to use existing web hosting infrastructure to enter underwriting data remotely. I then led the creation of a cloud-based underwriting service over 3 more months. It soon became apparent that the client also needed access to customer medical records, and so I modified and extended the restful service design to provide the unforeseen features.

< Back | Back to top

The ability to look beyond the immediate technical problem and identify the wider implications.

Worked with a department that required a secure client application to communicate with a a large number of disparate USB devices. Current (and popular) sentiment called for a web application and web server to run on the client hardware (hundreds of workstations); to use web server components to communicate with USB devices; and to install a database on the client.

A predisposition toward web technology was driven by the predominant number of web developers employed by the organisation, and of course industry trends at the time.

By means of a threat model I was able to demonstrate that while politically palatable, the solution increased the number of configuration items, and thus quadrupled the attack surface. The web-based approach also increased both development and maintenance costs. Maintaining a database on each client device proved to enable malicious information disclosure. Highlighting these problems led to a re-designed thick client application consisting of a single configuration item and a substantially reduced attack surface.

< Back | Back to top

Bridge the gap between technical and non-technical: Translate technical concepts between Software Engineering, Delivery Management and Service Management so they are understood by all.

I was asked by an air force to troubleshoot a critical failure in a system that allows operators to catalogue and optimally distribute passengers and freight on military aircraft.

I discovered that message queuing used by the system failed after the introduction of network address translation. The solution I recommended to technical stakeholders was to replace message queues with asynchronous services and proxies.

I briefed non-technical staff by describing message queues and NAT by analogy - that workstation/operator PC identities are a finite resource, which led to a change to how these identities are assigned, thus breaking the system. I explained that message queues allowed one to, for example, buy shoes from Amazon, where shoes are purchased only once even if multiple requests for that self-same pair of shoes were submitted. And of course that async services provide a similar function to message queues, but one that works with the new workstation identification system/NAT.

< Back | Back to top

Able to listen to the needs of the technical and business stakeholders and interpret between them. Capable of proactive and reactive communication.

In [year] I was asked to address the business problem of the long delay police officers faced between attending a crime scene, and recording crime scene information in a computer system.

After an extensive situational analysis, I discovered that technical stakeholders were constrained by a low budget, limited resources, and the lack of a WAN. I then sought out actual candidate users of the system (police officers), and discovered that they were constrained by poor IT literacy.

This approach allowed me to discover the roles, norms and values prevalent in that organisation, and present a successful solution using cheap, handheld consumer devices.

< Back | Back to top

Capable of making and guiding effective decisions, explaining clearly how the decision has been reached.

Taking the previous example of the police force further, I decided to create a mobile application on a Compaq iPAQ. Data could be captured at the crime scene, and synced with a backend service when the officer returned to the station.

When presenting my recommendation to the client I was met with resistance to the approach. I overcame this by asking a police officer with no prior knowledge of the project, the hand-held device or the app to demonstrate the app. The user interface was intuitive enough for the officer to record basic crime scene information without assistance. I also demonstrated that CAPEX was expected to be well below budget.

< Back | Back to top

The ability to understand and resolve technical disputes across varying levels of complexity and risk. Able to build consensus between services or independent stakeholders.

In [year] an investment bank needed to transfer 700Mb of data to 2,000 workstations daily. The process ran nightly for 6 hours, and the client wished to reduce that time.

The solution I presented called for a mesh distribution model as opposed to the existing hub-and-spoke distribution. This reduced processing time by 5 hours, but required the (automated) installion of an agent on each of the 2,000 workstations.

I resolved the contradictory situation by having technical and business leaders play the planning game, in which use cases are voted on. Finally, that positive outcome was put to a change control board, and approved.

< Back | Back to top

Able to build consensus between services or independent stakeholders.

In [year], following a merger of two financial service organisations, two conflicting approaches to merging the Active Directories of both organisations arose. One organisation wanted trust relationships between the domains. The other wanted to migrate all users and resources from one organisation into the directory of the other.

I formulated the problem. I added both proposed approaches, and a third (creating a new AD forest, with trust relationships with existing directories). I then called a meeting in which the problem was described, and solutions proposed.

Facilitating discussion and transparency allowed stakeholders to choose option 3 while minimising affective conflict.

< Back | Back to top

Knowing relevant historical context & future impact, understanding how current work fits in broader contexts and strategies, and looking for deeper underlying problems and opportunities.

In [year] I worked with an immigrations and customs department to modernise control points and supporting backend systems. I worked on a data strategy for the same organisation back in [year], and thus understood the cultural, political and technical environments.

That knowledge allowed me to quickly present a technical solution to the client’s current problem, and to gain the approval of incumbent architects and business stakeholders.

Additionally, that understanding allowed me to focus my efforts on aligning external vendors with the client’s vision and expectations.

< Back | Back to top

Able to look for deeper underlying problems and opportunities. Can anticipate problems before they occur, and identify the impact of changes to policy.

In [year] I led the design, development and deployment of an insurance pricing and activation system.

Knowing that the organisation had inadequate change control and governance procedures, I trialled continuous integration and delivery on this project (the customer was new to agile processes). I prepared infrastructure and operations stakeholders by informing them of our intent, and let each stakeholder know what to expect, thus managing a flawless deployment when the system went into production.

The success of that project led to a review of governance and assurance processes and procedures within the organisation.

< Back | Back to top

Able to understand trends and practices within the broader organisation and how these will impact their work.

In [year] I ported [application] from Symbian to Windows Phone. It was a politically charged time, culminating in [executive]’s memo to staff.

Knowing that leadership sentiment was leaning towards a partnership with [organisation], and that this organisation was viewed with disdain by many employees, I ran voluntary workshops to raise awareness of [organisation's] tools and technologies, specifically as they related to the existing product suite.

I was told later that those sessions directly contributed to a successful first release of [product] on Windows Phone.

< Back | Back to top

Understands how governance works and what governance is required. Capable of taking responsibility for the assurance of parts of a service, knows what risks need to be managed.

In [year] I devised and instituted a compulsory change advisory board for a financial services company. Any change to a production environment, service or appliance had to be approved by the board, and be accompanied by a detailed implementation plan, and release notes. The CAB met twice a week to approve qualifying board submissions.

Later that year I also established a technical design authority, whose purpose it is to formalise architecture design approval, quality assurance, technical debt, and risk management.

The immediate benefit was documenting compliance with, or justifiable variance from, standards set for all IT projects, across all departments.

< Back | Back to top

Capable of evolving and defining governance and taking responsibility for collaborating and supporting in wider governance. Knows how to assure services delivered by Technical Architects across sets of services.

My previous answer demonstrates my understanding of evolving, collaborating and supporting governance. In terms of assurance –

Where projects failed review, I worked with the project team to resolve issues and address shortcomings before re-submission to the TDA.

< Back | Back to top

Capable of producing strategy for technology that meets business needs.

In [year] the financial organisation I worked with, merged with another early in the year. A revised IT strategy that aligned both companies to the shared business strategy was required. I was tasked with the creation of an initial draft, with contributions from other IT stakeholders.

Whilst I’m not at liberty to disclose the short or long-term objectives of that strategy, it did provide an ideal opportunity to formalise agile practices within both IT departments. Similarly, the merger presented significant cost savings by moving systems and services to the cloud.

< Back | Back to top

Able to create, refine and challenge patterns, standards, policies, roadmaps and vision statements.

In [year] the [government department] requested a system that facilitates access to HR functions from remote, assumed-to-be-compromised workstations. My initial design called for a web server to proxy requests from clients to backend applications. This design was in line with guidance provided by the client.

During that same year, a new release of an application gateway was released by Microsoft. This gateway product (IAG) provided the same functions and features we were intending to code by hand. I then took a revised design including IAG to the client, and after a review process gained approval for the change.

< Back | Back to top

Capable of defining and challenging strategies, patterns, standards, policies, roadmaps and vision statements

In [year] I drafted a strategy document outlining mid- and long-term goals to componentise common functions (such as underwriting) within the organisation, and to convert monoliths in which they existed, into micro services.

However, in [year] a legitimate requirement arose for actuaries to make frequent and significant changes to a particular underwriting calculation model. To meet that business need I recommended lifting the shared functionality from the micro service into a separate, bespoke monolith that meets the business need.

The deviation was reviewed, assessed and approved by the technical design authority, demonstrating IT flexibility and support for business agility.

< Back | Back to top

A strong understanding of best security and privacy practice and the trade-offs involved. Able to justify decisions around security/privacy.

In [year] I designed a system that accepts customers’ medical records. To do that securely I began by creating a privacy impact assessment in conjunction with the data protection compliance officer.

The justification for the above controls was compliance with data protection regulations.

Experience in designing and building APIs

< Back | Back to top

In [year] I was asked by an insurance provider to design and build an API for a policy pricing and activation engine. Calls to the API were constrained to complete within 8 seconds by the service level agreement.

The client and our team agreed to the use of the Origo 3.7 standard to exchange quote and activation data. I worked with actuaries to design and create a web service to validate incoming Origo XML data, and hand that off to a pricing and activation component.

The solution now activates a policy, or returns a price within 3 seconds.

< Back | Back to top

Experience in designing and building authentication and authorisation systems

In [year] my client requested a system that facilitates access to HR functions from remote, assumed-to-be-compromised workstations.

I designed and delivered a federated authentication and authorisation system for this project. As the user need required use of technologies familiar to users, I chose Chip & PIN (also used in credit and debit cards), and integrated that two-factor authentication mechanism with the existing directory service acting as the identity provider. Finally, I configured a service provider for the client.

Consequently, 10,000 users who didn’t have access to HR functions whilst abroad were given access to services such as booking holidays and changing bank account details.

< Back | Back to top

Experience in designing and building data-driven systems

In [year] I was asked by an insurance provider to design and implement a Know Your Customer solution to comply with FCA regulations.

I ran the entire client base through a PEP¹/Sanction screening list. I then created a pattern matching system to define client’s expected transactional behaviour. Finally, I defined and used join points (conditions) and point cuts (actions) to notify compliance personnel of deviations from predicted customer behaviour, who take appropriate action.

The insurance provider is now fully compliant with FCA regulations, and has thus mitigated the risk of financial penalties for not meeting their obligations.

¹ Politically Exposed Person

< Back to resume | Back to top


All content copyright © Michael Wittenburg 1995 to 2025. All rights reserved.
Merch (t-shirts designed by my twin)