Skip to main content
Tristan Findley
  1. About Me/

Professional Experience

My career has two beginnings
#

The first is security. I started out embedded in one of the world’s leading cyber-security research groups — Royal Holloway’s Information Security Group — where I spent eleven years as a systems administrator. The ISG was the first university anywhere to teach information security, and being surrounded by that meant data protection was never an afterthought; it was the starting point for every decision. I even sat in on the lectures for their world-first MSc. That’s where my security-first instinct was forged — and it has shaped every role since.

Those eleven years were also my manual years. Long before I’d heard the term “Infrastructure as Code,” I was building and running systems by hand — racking servers, imaging desktops, migrating data, learning what reliable infrastructure actually takes. Deep, hard-won, hands-on mastery. (The very first spark came earlier still, on a sixth-form IT service desk, where I built my first Red Hat Linux servers for the fun of it.)

The second beginning is automation. In 2017 I moved to the University of Surrey, and the way I thought about the job changed completely. I learned Chef — my first Infrastructure-as-Code tool — and the idea that infrastructure could be defined as code, version-controlled, tested, and deployed automatically across hundreds of machines rewired everything. I went on to self-teach Ansible, which became my signature tool. I’d spent eleven years doing it by hand; now I was learning to automate it — and you can’t automate well what you’ve never done manually. Suddenly all that hands-on experience had a new purpose.

Two threads, converging
#

From there, security and automation became a single thread — and it led somewhere unusual.

I moved into the secure sector, hardening systems and automating deployments for critical national infrastructure at Vodafone. Then into sovereign cloud at UKCloud — the UK’s government cloud provider — automating resilient infrastructure across everything from semi-connected government systems to completely air-gapped, classified environments. Then to SiXworks, a defence digital-innovation partner, where I built a platform team from scratch and delivered automation into classified, air-gapped environments for the RAF’s combat-cloud programme — work that contributed to the capabilities IBM later acquired the company for.

And now to VIB, one of Europe’s leading life-sciences research institutes, where I build secure, automated infrastructure for genomic research and author the governance that keeps it compliant under the EU’s NIS2 directive.

Different domains — telecoms, government, defence, research. The same philosophy throughout: build it once, build it right, make it auditable, automate the parts that shouldn’t be done by hand, and treat your servers like a flock, not a collection of pets.

A second arc: from following the rules to writing them
#

There’s a quieter story running alongside the technical one — about governance.

I learned ITIL at Royal Holloway. At Surrey I worked inside a proper change-management process for the first time — peer-reviewed, staged, with proper rollback. At UKCloud those instincts really formed, inside formal ITIL change control. At SiXworks I made the case for an automation-first way of working all the way to the board — and won. And at VIB I now author the policies and processes myself, chair the Change Advisory Board, and hold formal accountability as the FitSM Process Owner for Change Management.

Practitioner, to advocate, to author. It’s the same progression you’ll see in the technical work: from doing the task, to shaping how it’s done, to defining it for everyone else.

Where it’s led
#

Two decades in, I’m a DevOps engineer with a rare shape: deep, hands-on automation expertise, forged in some of the most security-constrained environments there are — sovereign cloud, air-gapped defence systems, regulated research. Security-first by training, automation-first by instinct. I came to DevOps from the Ops side — systems-rooted, infrastructure-as-code (more on what I mean by that) — and I build platforms that work, and keep working long after I’ve moved on.

What follows is the detail — role by role.

Vlaams Instituut voor Biotechnologie

Role: DevOps Engineer, Data Core · Change Manager · Major Incident Coordinator March 2024 – Present · Ghent, Belgium · Hybrid A New Chapter # In early 2024 I moved to Belgium to join my partner, and started at VIB — a world-leading life sciences research institute — as a DevOps Engineer in the Data Core team. It was a deliberate change of direction — from UK defence and national security infrastructure to European life-sciences research. The skills carried straight over (infrastructure automation, security-first design, ITIL and ISO27001 governance); the domain was completely new.

SiXworks Ltd

Role: Platform Services Team Lead February 2023 – January 2024 · Farnborough, Hampshire (Cody Technology Park) · Hybrid The Company # SiXworks is a defence and national security digital innovation specialist — a trusted partner to the UK Ministry of Defence, focused on accelerating the adoption of secure, experimental technology to improve the operational agility of Defence and National Security.

UKCloud Ltd

Role: Automation and Service Reliability Engineer → DevOps Engineer · Pastoral Manager · Agile Lead January 2020 – February 2023 · Farnborough, Hampshire · Hybrid The Role # I spent three formative years at UKCloud, the UK’s premier sovereign cloud provider for government, public sector, defence, and regulated industries. My time there spanned two distinct phases: infrastructure automation specialist delivering reliability across highly-secure government environments, then emerging leader taking on people management and project leadership while continuing my technical work.

Vodafone Secure Sector (VSS)

Role: Systems Administrator — Vodafone Business, Vodafone Secure Sector (VSS) June 2019 – January 2020 · Farnborough, Hampshire · On-site The Starting Point # VSS is where it began. The roles that followed — UKCloud, SiXworks — was a deepening of the same core thread: secure environments, infrastructure that cannot fail, and systems serving organisations that depend on them. The security hardening mindset, the early automation instinct, the understanding of what it means to work with data that needs to be protected at every boundary — all of it started here.

University of Surrey

Role: Senior Systems Administrator (DevOps focused) — Faculty of Engineering and Physical Sciences February 2017 – June 2019 · Guildford, Surrey · On-site Where I Became a DevOps Engineer # The University of Surrey is where my career changed direction. I arrived as a systems administrator. I left as a DevOps engineer. In between, I learned Infrastructure-as-Code, built CI/CD pipelines, got my first real experience of disciplined change control, and found the specialism that would shape the rest of my career.

Royal Holloway, University of London

Role: Systems Administrator — Departments of Computer Science, Information Security (ISG), and Mathematics September 2006 – February 2017 · Egham, Surrey · On-site Where It All Began # Royal Holloway is where my career started — and where I learned that security is never an afterthought. I joined straight out of university in 2006 as part of a small IT team — four of us at first, growing to five after the Information Security and Computer Science IT teams merged — and stayed for over eleven years. In that time I grew from a graduate putting theory into practice for the first time into an experienced systems administrator responsible for infrastructure, procurement, and platform strategy across three departments.

Larch Computer Services

Role: IT Support Technician & Solutions Architect June 2005 – September 2005 Larch Computer Services provided IT support services to business clients in Hampshire, Berkshire, Surrey and the Thames Valley, through computer service support contracts. During my time at Larch I functioned as both a solutions architect and technician for the company’s contractors. On a daily basis, I acted as a second line technical support agent answering technical queries for companies with existing support contracts. I also frequently worked on-site with contractors, providing them with on-the-ground technical support, systems administration and solution deployment.