Dan Q
- Address
- The Green, Eynsham Road, Sutton, Witney, OX29 5RZ, United Kingdom
- Phone
- +44 7795 100046
- cv@danq.me
- PGP/GPG
- B00A 55DA C3F5 9B51 7CA3 F64F 6342 1D24 3218 A6AC
In a Nutshell
A full-stack developer specialising in security, performance, and accessibility. In my commercial and open-source work I'm known for innovative solutions, services that scale, and focusing on the needs of humans.
With 25+ years experience of software architecture and security engineering and a dedication to lifelong learning, I'm proud to bring a level of understanding both deep and broad. I've worked in a wide diversity of sectors and technologies, providing me with a holistic outlook that transcends any particular stack.
Outside of my work I'm a keen volunteer with a variety of different roles. I'm a regular speaker on my local conference circuit, sharing my love of the open Web. I blog - often about technology, security, and privacy - perform magic, and play GPS-based sports. I'm slowly teaching myself the piano.
Experience
-
Firstup Inc.
Senior Software Engineer
—
- Acted as security liaison to integrate platforms with a major aviation services provider.
- Brought expertise in security and accessibility to support the requirements of multi-million dollar contracts.
- Took responsibility for triage, impact analysis, and auditing following vulnerability exposure.
- Contributed to a high-availability scaling microservices cluster spanning three AWS regions.
- Monitored releases as representative of the UK/EU region to ensure reliability and stability.
- Key skills: Security analysis, security training, TypeScript, CSS, Ruby, Rails, accessibility, containerisation, CI, AWS, K8s.
-
Automattic Inc.
Staff Software Engineer (eCommerce)
—
- Managed incident triage, assessment, and reporting as a security lead.
- Led initiatives to improve performance focusing on cacheability, SSR, progressive enhancement, and SQL optimization.
- Advocated for Developer Experience (DevEx) by developing tools for streamlined onboarding, reliability, and responsive CI/CD processes.
- Enhanced third-party standards enforcement toolchain with sandboxed static and dynamic analysis and automated testing.
- Delivered training and provided expertise on security, accessibility, and performance topics.
- Played a crucial role in a pioneering project that introduced AI-enhanced features for technical support staff.
- Key skills: WordPress, WooCommerce, PHP, JavaScript, TypeScript, React, CSS, Webpack, multivariate ("A/B") testing, event tracking/funnel management, containerisation, performance.
-
Bodleian Libraries, University of Oxford
Web & CMS Developer / Digital Manager
—
- Led consultation and analysis for the redevelopment of 40+ public-facing websites involving multiple departments.
- Ran investigation into data processing, auditing PII and ultimately producing the Libraries' privacy and cookie policies.
- Implemented reverse proxy 'strangler fig pattern' to improve resilience of the a sprawling Web portfolio.
- Designed and conducted training programs and lectures on information security and secure development for University staff.
- Pioneered platforms for research publication, blogging, podcasting, digital signage and tourism monetisation at Oxford, much of which I was able to release under a permissive license and which continues to benefit cultural institutions worldwide.
- Key skills: Squiz, Drupal, WordPress, PHP, Ruby, JavaScript, CSS, JSON, LAPP stacks, Electron, GoLang, websockets, team management, procurement.
-
Freelance
Application Security Consultant
— , —
- Offered security training, consultancy, penetration testing and analysis services.
- Conducted original security research and provided 'ethical hacking' solutions, addressing critical issues responsibly.
- Delivered customized software tools to diverse clients with varying sizes, budgets, and needs.
- Demonstrated self-discipline, time management, and prioritization of efficiency to meet client requirements.
- Key skills: Pentesting/fuzzing toolkits, training provision HTML, CSS, Ruby, JavaScript, Perl, web APIs, Drupal, data scraping.
-
Three Rings CIC
Founder / Chief Information Security Officer
—
- Founded nonprofit providing secure, flexible volunteer management SaaS supporting ~22,000 hours of volunteer activity every day.
- Managed, trained, and supported a distributed team of volunteer developers.
- Developed an information management system suitable for charities handling the most-sensitive of personal information.
- Implemented server architectures designed to scale sublinearly, maximising value to charities.
- Served on the board, ensuring best legal practice and strategic direction.
- Key skills: Security engineering, hardened configuration, Ruby, Rails, accessibility, responsive design, Service Workers, JavaScript, Docker, SASS/CSS, LANR stacks.
-
SmartData UK Ltd.
Software Engineer
—
-
Community Transport Association
Database Administrator
—
Education
-
MSc Information Security and Forensics (Hons)
The Open University
—
-
Certificate in Ethical Hacking
EC-Council
—
-
FdA Counselling & Psychotherapy
Aylesbury College & The Open University
—
-
BEng Computer Science with Software Engineering (Hons)
Aberystwyth University
—
Portfolio
I have been an active contributor to the open-source community and research into the evolution of the Web, some of which can be explored via my GitHub profile, my blog, and (for a more-eccentric overview) my "things" page. Projects include:
- FreeDeedPoll.org.uk, which has helped tens of thousands of British citizens to change their names for free and without the need for a solicitor.
- The de-facto standard Ruby implementation of the MOTP authentication mechanism.
- The first public demonstration of what would later be known as HTTP 301 'Evercookies'.
- Original security research and training resources covering topics such as EV SSL spoofing, mobile HTTPS interception, and ethical disclosure. Also, probably the Internet's easiest-to-follow introduction to the fundamentals of SHA1 length extension attacks.
- A Wordle-like game in which players try to guess the daily D&D monster by its stats.
- Pre-filtered RSS feeds of BBC News sources, initially generated to allow me to skip the sports news but now enjoying widespread appeal.
- CapsulePress, a gateway to allow WordPress/ClassicPress sites to publish via the Gemini, Spartan and Gopher protocols.
- Twee2, a command-line compiler for the Twine interactive fiction engine.
- The original implementation of OpenID for WordPress.
- Various projects relating to museum interactive exhibitions both on- and off-premises, and creative applications of digital signage.
- Projects suitable for teaching probability theory (and lottery statistics), OTP cryptography, CSS steganography, screen scraping, reverse-engineering Flash for reimplementation in JS, websockets, mathematics, and decentralised and progressive web applications, among others.