Tom Lindley, Developer in Watford, United Kingdom
Tom is available for hire
Hire Tom

Tom Lindley

Verified Expert  in Engineering

Web Application Developer

Watford, United Kingdom
Toptal Member Since
July 16, 2019

Tom has been a developer since he was 13—a hobby turned career. A lifelong ambition for "cool" software and the skills to deliver it mark Tom out as a leader in his field. He specializes in web application security and application architecture. He strives to build solid, well-thought-out software using PHP/Laravel, VueJS, Docker and is an experienced developer and CTO with a strong business understanding, which complements his technical skills.


OnSecurity, LLP
Amazon Web Services (AWS), PostgreSQL, Docker, HTML5, Vue, Node.js, JavaScript...
Digital Marmalade, Ltd.
Vue, jQuery, JavaScript, Laravel, PHP
Portcullis Computer Security, Ltd.
Bash, Perl, HTML, jQuery, JavaScript, PHP




Preferred Environment

NetBeans, PhpStorm, Docker, Debian, Ubuntu, Git

The most amazing...

...thing I've made is a platform that powers an entire pen-testing vendor from booking, estimate through to reporting, data importing, and PDF generation.

Work Experience

Chief Technology Officer

2017 - PRESENT
OnSecurity, LLP
  • Led the development of a customer and internal facing portal application in PHP/Laravel, Bash, Node.js, and Vue.js.
  • Managed the production environment using AWS, ELB, EC2, S3, ELK stack, and Docker orchestration using Rancher.
  • Planned and managed technical expansion of the business.
  • Managed the development team and personal development of team members.
  • Led the architecture of a large enterprise portal application in Laravel and Vue.js.
  • Provided technical support for external and internal users.
  • Developed and maintained backups and monitoring solutions written in PHP and Node.js.
Technologies: Amazon Web Services (AWS), PostgreSQL, Docker, HTML5, Vue, Node.js, JavaScript, Laravel, PHP

Web Developer

2015 - 2017
Digital Marmalade, Ltd.
  • Led the architecture and development of an internal CMS system used as a base for all client engagements.
  • Developed fully bespoke web applications in PHP, Laravel, and Vue.js for a variety of clients.
  • Provided estimates and quotes for existing and new businesses.
  • Deployed and maintained web applications in a variety of server environments for clients.
  • Led the migration of the company from an old base CMS to new bespoke CMS, and trained developers.
Technologies: Vue, jQuery, JavaScript, Laravel, PHP

Lead Web Developer

2013 - 2015
Portcullis Computer Security, Ltd.
  • Led the development of two large internal applications written in PHP, JavaScript, Perl, and Bash.
  • Led a project to migrate the CRM to a new platform and integrated it with existing internal systems.
  • Managed and expanded a team of developers working on multiple simultaneous projects.
  • Provided support for sales, pen-testing, and operations teams of 100 people across multiple internal applications.
  • Deployed application updates and maintained production systems across three internal networks.
  • Led the development of a new internal application written in PHP and JavaScript for proposal generation, scheduling, and internal workflow.
Technologies: Bash, Perl, HTML, jQuery, JavaScript, PHP

Web Developer

2012 - 2013
Portcullis Computer Security, Ltd.
  • Developed internal applications for proposal generation, consultant scheduling, and internal workflow management in PHP, HTML, and JavaScript.
  • Analyzed many departments to ensure that internal application development met business requirements.
  • Built complex web applications for a security company using PHP and JavaScript/jQuery with Perl import scripts.
  • Designed and architected new features of a variety of web applications including internal workflow management, scheduling of 80 consultants, and CRM integration.
Technologies: HTML, PHP, jQuery, JavaScript

OnSecurity Portal
A PHP Laravel and Vue.js based web application sold as a SaaS and powering the business from prospective clients all the way through to delivery and beyond.

The enterprise grade web application is used for:

• Booking/scheduling penetration tests
• Providing automated and manual estimates
• Generating customisable Proposal and Report PDFs
• Reporting security vulnerabilities with asset association, screenshots/videos, external references
• A high-level overview of a companies security posture
• API integration with Jira and Stripe
• Externally available API
• Booking/scheduling retests and reviews
• Peer review process
• Security finding template management


A startup mobile application for football score predictions in a team.

The back-end API used data from Betfair, William Hill, and Sportmonks to generate real-time odds and recommended bets based on team predictions.

The PHP Laravel-based API powered the mobile application and was deployed into DigitalOcean and AWS.

A wallet within the application took funds from SMS messages, PayPal payments and mass payouts using Pay360.

The API handled requests for login, registration, wallet top-ups, wallet extraction, avatars, predictions, real-time scores, historic performance, teams, team join/leave, and recommended bets.

Sadly, the application did not make it beyond the testing phase due to lack of funding.

LinkedIn Scraper

Named Subtle Scraper, this node-based tool imitated a human user and scraped information from LinkedIn for business development purposes.

Written using Node.js and headless Chrome in response to the ban of automated tools on LinkedIn, the tool would mis-click, have extended pauses, and vary the order of certain activities to scrape user data from the social network.

A long-term financial planning web application written in Laravel PHP and React.

Utilizing Neo4j graph database and PostgreSQL to provide insights into spending using data from Open Banking and Bank/Credit Card excel exports, the app implemented complex actuarial functions to provide financial estimates and plans for long-term saving and investment.

Docker To Elasticsearch

A Node.js application to stream PostgreSQL audit data into an Elasticsearch cluster.

Created to allow trigger based PostgreSQL audit to be streamed out of the database without losing data in the event of a restart/crash of either Elasticsearch or PostgreSQL, it uses an in-memory cache and asynchronous database triggers.

EC2 Scheduler
A bash-based microservice to allow EC2 instances to be stopped and started using a schedule defined in environment variables, built to save AWS costs for non-essential services that could be turned off during weekends and evenings to save costs.

You Only Code Once
A brochure-ware website written in JavaScript and PHP to promote my own company. I designed it to use service-workers and HTTP 2.0 as a proof of concept allowing offline usage and lightning-fast load times, utilizing preloading and cache-first service workers.


PHP, PHP 7, PHP 5, HTML, HTML5, CSS2, CSS, JavaScript, Perl, Sass, Bash, Bash Script, XML, XSLT, XSL-FO, ECMAScript (ES6), SCSS, Less


Laravel, Laravel 5, Laravel Mix, Bootstrap, Swagger, Bootstrap 3, PHPUnit, Lumen


Vue 2, Vuex, Slack API, Moment.js, Vue, Node.js, PayPal API, jQuery, JSON API, Stripe API, Google Maps, Google Maps API, Google Maps JavaScript API 3, Cesium.js, Lodash, React


Web Application Architecture, REST, Database Design, Web UX Design, Web App Design, Scrum, Agile, Asynchronous Programming, Test-driven Development (TDD)


Web Applications, Web App Security, Vue-router, Axios, SSL Certificates, HTTP, APIs, Web App UX, Web App UI, Web App Deployment, HTTP REST, Server-side PDF Generation, Endpoint Security, Scrum Master, SSL Configurations, TCP/IP, FTP, HTTPS, Authentication, API Design, PHPDoc, Service Workers, Cookies, User Permissions, Servers, HTTP Server, Ajax, ES6 Promises, Session Handling


Apache, Slack, PhpStorm, CVS, Webpack, AWS ELB, Amazon EBS, AWS CLI, Docker Compose, Nessus, cURL Command Line Tool, Kibana, Logstash, Git, GitHub, GitLab, Bitbucket, Google Docs, Google Sheets


Rancher, Google Chrome, Docker, Ubuntu, NetBeans, LAMP, Debian, Firefox, Ubuntu Linux, Windows, Apache2, Burp Suite, Linux, Amazon Web Services (AWS)


Databases, Database Triggers, PostgreSQL, MySQL, Amazon S3 (AWS S3), Elasticsearch, SQLite, Neo4j, JSON, XML Parsing, Linux File Systems, LAMP Server, Google Cloud

Industry Expertise

IT Security, Security


Certified Scrum Master

Scrum Alliance