CV

Jonny Stoten

Senior Software Engineer

Senior software engineer with 14 years’ experience working with a wide variety of tech stacks and languages. Currently working mainly with Go, with previous experience in Elixir, React, and Typescript.

A firm believer in automated testing and continuous monitoring, with a strong commitment to code quality and maintainability.

Experienced with all parts of the development lifecycle, all the way from design to deployment.

Experience

Senior Software Engineer, Docker

November 2020 – Present

• Improving software supply chain security for millions of developers by adding digital signatures to Docker Official Images.
• Creating and maintaining new open-source libraries, including docker/attest.
• Collaborating with others across industry and academia in open standards working groups.
• Founding and serving as a member of the Technical Steering Committee for the OpenPubkey project.
• Writing blog posts to explain our work to developers across the industry.
• Various smaller projects across Docker Hub, Docker Desktop, and Docker Scout.

Senior Software Engineer, Technical Lead, Pirate.com

March 2018 – October 2020

• Developed software using an eclectic mix of languages and technologies for the world’s largest network of music studios.
• Lead rewrite of the core booking system from a Ruby on Rails MVP to a scalable backend API written in Elixir and a responsive frontend using TypeScript with React.
• Designed and implemented Pirate’s in-studio audio recording system for DJ mixes, using Raspberry Pi devices and a cloud recording storage backend.

Senior Software Engineer, Rocketmakers

September 2013 – March 2018

• Worked with startups and scaleups developing minimum-viable-products and production ready applications, including:
• TravelLocal, a web application for connecting travellers with local travel agents, who can create and refine itineraries for bespoke luxury holidays.
• PDMS, a system used by the UK Sports Institute to track performance and medical records of elite athletes competing at Olympic and Paralympic Games.

Software Engineer, Technical Lead, Ansys

August 2010 – September 2013

• Worked on GRANTA MI, a materials science database product for use in the aeronautic and automotive industries.
• Responsible for the implementation of new features across almost every aspect of the system, as well as the high-level technical strategy for API and Server products.
• Designing and implementing solutions to maintenance problems typical in large legacy systems.

Projects

attest https://github.com/docker/attest

Maintainer

• Open-source project for Docker for applying policy to supply-chain attestations on container images.
• Combines several open standards (SLSA, in-toto, TUF) into a simple solution for attestation verification.

OpenPubkey https://github.com/openpubkey/openpubkey

Maintainer and Technical Steering Committee member

• Open-source community project for binding public keys to OIDC identities without the need for a Certificate Authority.
• Implemented GQ signature support to prevent replay attacks when publicly sharing OIDC ID tokens.
• Engaged with the wider community to gather feedback and address concerns.

Writing

• Signing Docker Official Images Using OpenPubkey, Docker Blog, Oct 2023
• How to Use OpenPubkey to Solve Key Management via SSO, Docker Blog, Feb 2024

Education

Bachelor of Science (Hons)

October 2007 – June 2010

Computer Science
First Class
Royal Holloway, University of London