Christian E. - IT Consulting / IT Rebuild

Go to Website

Stadtallendorf, Germany

Experience

Jun 2022 - Apr 2024

1 year 11 months

IT Consulting / IT Rebuild

(PF)

analyzed requirements and current state
migrated old domain structure (200x) and Tobit to Exchange 2019 with functional connection/integration to MS365
reviewed possible implementation paths, planned approach
planned and prepared protection of sensitive data
planned according to BSI basic protection, Federal Data Protection Act, GDPR
technical project management
IT governance, planning and security back-tests
technology used:
Hyper-V 2016, 2022
Microsoft Terminal Services cluster on 2022
Microsoft Exchange 2019
Office365 / Microsoft 365 / Azure AD / Teams / Salesforce
Cisco, Zyxel and HP switches
Sophos firewalls/UTMs and SecurePoint
Microsoft IIS 2022
IPv4/IPv6
Veeam backup and Wortmann Online Backup
NextCloud (FOSS)
licensing and governance
ERP setup support
securing mail transfer
services: DNS, DHCP, TCP/IP, subnetting, firewalling, routing, VoIP, Group Policy (GPO)
IT consulting, security analysis, VoIP, IT architecture, SIEM, remote work, home office, high availability, failover, VLAN, PRTG

May 2022 - Apr 2023

1 year

IT/Linux Landscape Support

(SIE)

worked as 2nd/3rd level (Linux) system engineer/consultant
migrated physical installs into virtual environments
advised and supported HA implementation
evaluated with test procedures
security consulting on protocols and hardening (e.g. VPN/WLAN)
authentication consulting
guided teams, critically reviewed options and future questions (“future viability check”)
analyzed root causes, weighing “repair” vs “rebuild”
technology used:
Windows VDI
Proxmox VE 7.x
pfSense instead of iptables
VPN: IPSec with smart card auth, WireGuard
load balancing
Office 365, Teams on Linux
licensing and governance
FOSS software
Citrix VDI / NetScaler
evaluated Azure/MS365 connection to Linux
Debian, Ubuntu, VMware, SIEM, 2FA, GitLab, Ansible, Kubernetes

Apr 2021 - Jun 2022

1 year 3 months

Terminal Server Analysis and Rebuild in a Multinational Setting

(ZE)

as 2nd/3rd level (Microsoft) system engineer/consultant + support via ticket system
acted as IT staff unit with external steering and consulting role
assessed environment in multi-hierarchical, multi-national context
troubleshot local and global incidents, some weekends/on-call, escalated issues to responsible teams
trained users on responsive handling of systems and errors
guided teams, critically reviewed options and future questions (“future viability check”)
analyzed root causes, weighing “repair” vs “rebuild”
recommended new setup for future viability
set up proof of concept for internal evaluation as tech benchmark
technology used:
Windows Terminal Services / Remote Desktop Services 2008–2022
VMware ESXi
NetApp storage
TrueNAS/FreeNAS
VMware vCenter
Microsoft clustering
SQL Server, database management
load balancing
Office 365, Teams, hybrid setup, mail encryption
Citrix VDI, NetScaler, app analysis vs TS
Symantec AV among others
licensing and governance
Azure/AWS
Integrity
system monitoring with Prometheus/Grafana, replaced Zabbix
Microsoft Server 2008–2016 (analyzed 2019, 2022)
Microsoft IIS 2008–2016
Terminal Services 2008, 2012R2, 2016
fsLogix, 2FA, SIEM
services: VDI, terminal server, Azure, Active Directory, LDAP(s), doors, integrity, BCM, group policies, rights management, Remedy
scale: 45,000 employees, global
remote, mainly English

Feb 2021 - Mar 2021

2 months

Incident Handling “Hafnium Hack”

affected mainly new mid-sized clients: engineering, medical, consulting, municipalities etc.
unplanned “firefighting” due to global Exchange server attacks
examined hack, analyzed methods
reviewed Exchange setups for direct and indirect clients
isolated potentially or actually infected systems
assessed attack vectors and anomalies, checked for web shells
communicated with management on system security and data leak risk, and GDPR view
system hardening afterwards
reviewed and swiftly replaced compromised systems
applied security measures in all cases, hardened systems, assessed critical entry points
liaised with security teams including Heads of Security Operations at Arvato Systems, Siemens, etc.
general security consulting beyond hack
underlying thought: possible use of NSA-originated zero-day exploits, first of several attacks
technologies: Exchange 2013–2019, Office 365 response, Active Directory, LDAP, Sophos UTM, Fortigate, LanCom, SecurePoint, virtualization, Windows Server 2012R2–2019, various firewalls, proxies, WAF, mail encryption, awareness training

Dec 2020 - Apr 2024

3 years 5 months

ASP Infrastructure Setup

analyzed requirements and current state
reviewed possible implementation paths, planned approach
planned and prepared protection of sensitive data
planned according to BSI basic protection, Federal Data Protection Act, GDPR
technical project management
internal/external monitoring infrastructure
IT governance, planning and security back-tests
load balancing
technology used:
Hyper-V 2016, 2022
Microsoft Terminal Services cluster 2019/2022
VMware
Proxmox PVE, Proxmox Backup Server
VMware vCenter
Citrix
Microsoft Exchange 2019
Windows, Office365 / Microsoft 365 / Azure AD
Cisco, Zyxel, HP switches
Kubernetes
Sophos firewalls/UTMs
Debian Linux, Nextcloud, SeaFile
NextCloud, various FOSS and CSS, licensing and governance
Microsoft IIS 2022
Nginx, MariaDB, MySQL, Varnish
IPv4/IPv6 networking
Zammad, Elasticsearch etc.
backup: Veeam
services: DNS, DHCP, TCP/IP, subnetting, firewalling, routing, VoIP, check_mk, PHP, MySQL, MariaDB
IT consulting, security analysis, VoIP, architecture, SIEM, remote work, home office, high availability, failover, VLAN

Nov 2020 - Apr 2021

6 months

Exchange Migration and Upgrade for a Municipality

Municipality (GS)

analyzed requirements and current state as managing system engineer
reviewed possible paths, advised IT director
planned seamless upgrade path from Exchange 2010 to 2019 for users
supported protection of sensitive data
troubleshot prior configurations
advised on BSI basic protection, Federal Data Protection Act, GDPR
technical project management
cleaned up legacy issues
technology used:
Hyper-V 2016, 2019, VMware
Windows, Exchange 2010, 2013, 2019
Cisco switches, Fortigate firewalls, mail archiving, proxy, mail encryption, Veeam backup
remote: 100% (delays due to municipal datacenter, COVID and elections)
continued 2nd/3rd level support for internal IT and secondary provider
scale: 150 employees

Mar 2020 - Apr 2024

4 years 2 months

External IT Management / IT Architect

Food Industry (P)

took over internal IT management from day one
cooperated with system partner in NRW, reported directly to execs, shared CIO/CISO role, support via ticket system
joint budget responsibility
assessed current state and defined target
built IT infrastructure within four working days and went live over Christmas until Jan 7, 2016 for a team of 20, mostly remote
implemented terminal server functions
developed and enforced IT security policy
set up new IT structure with separate network zones and VLANs
added marketing-visible guest Wi-Fi separated from internal network across two sites
load balancing
guided planning based on Federal Data Protection Act, GDPR, BSI basic protection
downstream interface functionality/sourcing and evaluation
staff training
unified security infrastructure, network and system hardening
rolled out ESET server/client AV
prepared projects for client’s customers
used multi-layer intrusion prevention methods
technology used:
Dell servers and clients
Sophos SG firewall
HPE switches
Microsoft AD 2012R2
Exchange 2016
Microsoft 365, Teams
mail archiving, mail encryption, process integration
Hyper-V 2012R2/2016/2019
IIS 2012–2019
SQL Server, DBA, database management
high availability
Sage DMS, ERP, SuccessFactors
Terminal Services cluster 2012R2/2019
Debian Linux (v8 to current), Ubuntu
VoIP PBX
Zammad, Elasticsearch etc.
QNAP/Synology NAS
backup: Veeam
monitoring with check_mk stack
services: DFS, DNS, DHCP, TCP/IP, subnetting, firewalling, routing
IT consulting, security analysis, architecture, SIEM, PHP, MariaDB, jQuery
licensing and governance
FOSS software
managed external providers
remote: 100%
scale: 60 employees
note: cooperation paused for local build-up, resumed Q1 2020, larger projects from Q3 2020 onward, 2nd/3rd level support

Jan 2020 - Apr 2020

4 months

Network Rebuild with Follow-up Telecom Project

Medical Network (MLOS)

analyzed requirements and current state
reviewed possible paths, advised IT director, support
created rough concept for routing and segmentation
validated roll-out across all sites
rolled out at “Alpha” site as defined
completed tests
started telecom project building on this, resolved 1.5-year rollout issues in 1.5 months, achieved client satisfaction
supported protection of sensitive data
advised on BSI basic protection, Federal Data Protection Act, GDPR, special medical requirements
technical project management
load balancing
technology used:
network troubleshooting
VLAN
network design consulting and implementation
prioritized open source: pfSense, FreeNAS, FOSS, licensing and governance
high-availability datacenter network planning
Proxmox virtualization
Debian, Ubuntu, SIEM, network troubleshooting
Cisco, Ruckus switches
3CX telephony
legacy: bintec elmeg PBX
remote: 100%

Nov 2019 - Dec 2020

1 year 2 months

IT Restructurer / Renovator

Special Electronics (HS)

assessed current state and defined target
troubleshot unstable and inefficient IT based on 2012R2, 2019 and Exchange 2016/2019
developed new IT structure
implemented AD2019 and Exchange 2019
defined groups and security, network segmentation, introduced patch management and VLANs
set up Sage, Datev and industry software
technology used:
HPE / IBM servers
Sophos SG firewall
Microsoft AD 2016/2019
Exchange 2016/2019
VMware ESXi 5.5, 6.x, 7.x
services: DNS, DHCP, TCP/IP, subnetting, firewalling, routing
IT consulting, security analysis, architecture
remote: 100%
scale: 150 employees

Oct 2019 - Jul 2020

10 months

IT Restructuring after Ransomware Attack

Security Service (WS)

alerted around year-end 2019/2020 while preparing new project, cut vacation short, returned for analysis
isolated IT traffic to stop spread
rebuilt IT structure, advised leadership
added strong firewall with IDS/IPS and mail scanning
rebuilt servers with updated software
implemented multi-zone security, hardening
advised on GDPR, BSI basic protection and staff security requirements
developed rights concept
set up Sage, Datev and industry software
technology used:
Dell / IBM servers
Sophos SG firewall
Windows Server 2008/2019
AD 2019
Exchange 2019, O365 hybrid migration
Azure / AWS
Hyper-V 2019
Terminal Services 2019
VMware 6.x, 7.x
services: DNS, DHCP, TCP/IP, subnetting, firewalling, routing
IT consulting, security analysis, architecture, white-hat hacking for forensic assessment
licensing and governance
remote: 100%
managed external providers
scale: 1,250 employees

Sep 2018 - Oct 2023

5 years 2 months

IT Consulting / IT Development, Management Developer

(RY)

engaged for GDPR requirements
IT and security leadership/staff unit role, system engineer, consulting and support via ticket system
fixed flaws in existing processes
closed potential GDPR vulnerabilities
developed internal IT combining on-premise and cloud
integrated unused resources (CRM)
created work-everywhere concepts (pre-Covid19)
set up centralized data repository
secured corporate network
technical project management
training and IT consulting
technology used:
Dell servers and clients
Sophos SG, Cisco firewalls and switches
Windows, AD 2019
ESET antivirus (client/server)
Exchange 2019, O365 re-migration, Microsoft 365, Lync, Skype, Teams
IIS 2019
Hyper-V 2019, VMware
backup: Veeam
licensing and governance
FOSS
load balancing
services: DNS, DHCP, TCP/IP, subnetting, firewalling, routing, VoIP
IT consulting, security analysis, VoIP, architecture, SIEM, remote work, home office, Linux (Debian, Ubuntu), PHP, MySQL, MariaDB, NextCloud
remote: 98%

Jul 2018 - May 2020

1 year 11 months

System Rescue and Restoration

Retail (SD)

client wanted takeover of maintenance for custom website and webshop in Docker
found system unmaintained, outdated, insecure and host underpowered
redesigned environment, documented
extracted data and reimplemented on current OS/module versions
ongoing maintenance
technology used:
Ubuntu, later Debian (Linux, PHP)
Apache, later Nginx
Git
PHP/MySQL/MariaDB stack
Docker
licensing and governance
FOSS software
WordPress, Odoo, e-commerce integration

Jun 2018 - Apr 2024

5 years 11 months

Internal IT Support / IT Consulting

Custom Machinery (RM)

called in for network security issues
managing system engineer role, consulting and support via tickets
planned and implemented VLAN structure/routing
advised and deployed firewall solution, hardening
due to positive progress, appointed sole external IT caretaker
IT and security leadership/staff unit role
built new server infrastructure on Server 2016 (2019 delayed)
set security rules, BSI basic protection, GDPR advice
cloud re-migration of services, e.g. O365/Azure back to Exchange 2019
supported protection of special machinery
technical project management
managed external service providers (development, tech)
sourcing and negotiation lead
technology used:
Dell servers and clients
Sophos SG, HPE, Ruckus networking, Cisco firewall and switches
AD 2008R2/2019
Exchange 2010/2019, Office 365/Azure migration
mail archiving, mail encryption
NextCloud
FOSS software and governance
Datev setup, troubleshooting, maintenance
IIS 2019
Terminal Services cluster 2019
VMware 6.x, 7.x
backup: Veeam
SQL Server, DBA, Debian, Ubuntu
services: DNS, DHCP, TCP/IP, subnetting, firewalling, routing, VoIP, Linux, PHP, MariaDB, MySQL, jQuery
IT consulting, security analysis, architecture, SIEM, VLAN, WLAN segmentation, SDSL, fiber, 2nd/3rd level
remote: 100%

Dec 2015 - Aug 2019

3 years 9 months

External IT Management / IT Architect

Food Industry (P)

took over internal IT management from day one
cooperated with system partner in NRW, reported to execs, shared CIO/CISO role, support via tickets
joint budget responsibility
assessed current state and defined target
built IT infrastructure within four working days and went live over Christmas until Jan 7, 2016 for 20 people, mostly remote
implemented terminal server functions
developed and enforced IT security policy
set up new IT structure with separate networks and VLANs
guest network for marketing separated over two sites
load balancing
planning based on Federal Data Protection Act, GDPR, BSI basic protection
downstream interfaces/sourcing and evaluation
staff training
unified security infrastructure, network and hardening
rolled out ESET server/client AV
prepared client projects
used multi-layer intrusion prevention
technology used:
Dell servers/clients
Sophos SG firewall
HPE switches
AD 2012R2
Exchange 2016
Microsoft 365, Teams
mail archiving/encryption, process integration
Hyper-V 2012R2/2016/2019
IIS 2012–2019
SQL Server, DBA
high availability
Sage DMS, ERP, SuccessFactors
Terminal Services cluster 2012R2/2019
Debian (v8–current), Ubuntu
VoIP PBX
Zammad, Elasticsearch etc.
NAS QNAP/Synology
backup: Veeam
monitoring with check_mk stack
services: DFS, DNS, DHCP, TCP/IP, subnetting, firewalling, routing
IT consulting, security analysis, architecture, SIEM, PHP, MariaDB, jQuery
licensing and governance
FOSS software
managed providers
remote: 100%
scale: 60 employees
note: cooperation paused for local competency build-up, resumed Q1 2020, larger projects from Q3 2020, 2nd/3rd level support

May 2015 - Apr 2024

9 years

Webhosting / Application Service Provider / Managed Services

fully took over internal IT for CEO, CIO, CISO
assessed current state and defined target
implemented central server infrastructure including procurement
used new multi-layer intrusion prevention methods
interface functionality/sourcing
achieved A/A++ ratings each time
planning based on Federal Data Protection Act, GDPR, BSI basic protection
technology used:
Dell servers/clients
Sophos SG, HPE, Cisco firewall and switches
AD 2016–2022
Hyper-V 2012R2–2022
Exchange 2013–2019
Office 365, Microsoft 365, Teams, To Do, Lists, SharePoint
mail archiving
Debian Linux (v6 to current)
evaluated and used both closed and open software, FOSS
Lync/Skype servers
Zammad, Elasticsearch etc.
Ubuntu Linux
FreeNAS
Azure/AWS
Veeam
licensing and governance
urBackup
NextCloud, SeaFile
custom backup system (abandoned since 2018)
Terminal Services
monitoring with check_mk stack
services: DNS, DHCP, TCP/IP, subnetting, firewalling, routing, VoIP
IT consulting, security analysis, architecture, SIEM, VLAN, WLAN, segmentation, Postfix, Apache2, Nginx, PHP
remote: 95%

Sep 2013 - Aug 2017

4 years

External IT Management / IT Architect

Media/Events (MAH)

assessed current state and defined target
troubleshot unstable and inefficient IT
developed new IT structure
interface functionality
technical project management and organization in various projects
staff training
budget responsibility
used multi-layer intrusion prevention (digital and analog)
technology used:
Dell servers/clients
Sophos SG firewall
HPE switches
FreeNAS
ESET AV
AD 2012R2
Exchange 2013
Hyper-V 2012R2
Debian/Ubuntu
FOSS software
licensing and governance
monitoring
services: DNS, DHCP, TCP/IP, subnetting, firewalling, routing
IT consulting, security analysis, architecture
managed other providers
remote: 100%

Sep 2013 - Nov 2013

3 months

IT Restructurer / Renovator

High-End Hospitality (B)

assessed current state and defined target
troubleshot unstable and inefficient IT
developed new IT structure
interface functionality
staff training
budget responsibility
used multi-layer intrusion prevention (digital and analog)
technology used:
HPE/IBM/Dell servers, Dell clients
Sophos SG firewall
AD 2003/2008
Terminal Services cluster and high-availability load balancing
Exchange 2013, mail archiving, encryption
backup: Veeam
services: DNS, DHCP, TCP/IP, subnetting, firewalling, routing
IT consulting, security analysis, architecture
remote: 100%

Oct 2012 - Apr 2024

11 years 7 months

External IT Lead / IT Architect

Hospitality (KS)

fully took over internal IT management as “CIO”, “CISO”, system engineer (2nd/3rd level for internal IT), consulting and support via tickets
assessed current state and defined target
implemented central server infrastructure including procurement
enabled remote access
enforced IT security policy and hardening
set up new IT structure with separate networks/VLANs
separated guest Wi-Fi from internal networks
replaced old inter-site communication with high-speed wireless link
used multi-layer intrusion prevention
interface functionality/sourcing
planning based on Federal Data Protection Act, GDPR, BSI basic protection
technology used:
Dell servers/clients
Sophos SG, HPE, Cisco firewall and switches
AD 2008R2/2019
Exchange 2010/2019
Hyper-V 2008–2019
IIS 2010–2019
Debian Linux, FOSS (v6 to current)
FOSS evaluation
licensing and governance
monitoring (check_mk stack)
backup: urBackup, Veeam, custom scripts
services: DNS, DHCP, TCP/IP, subnetting, firewalling, routing, VoIP
IT consulting, security analysis, architecture, SIEM, VLAN, WLAN, segmentation, security awareness, MariaDB, MySQL, InfluxDB, PHP, jQuery
remote: 90%

Aug 2010 - Apr 2024

13 years 9 months

External IT Lead / IT Architect

SME (MN)

fully took over internal IT management with interface functionality, consulting and support
assessed current state and defined target
developed and implemented IT security policy
system hardening, new IT structure with separate zones and VLANs
separated production machinery from exec and staff networks
used latest multi-layer intrusion prevention
live case: two execs plugged infected USB sticks; no breach beyond exec networks and no negative impact
project management/rescue for failing software project
technology used:
HPE/Dell servers and clients
Sophos SG, HPE, Cisco firewall and switches
AD 2003/2008R2/2019
Exchange 2010/2019
mail archiving
IIS 2010–2019
SQL Server, DBA
Hyper-V 2008–2022
Debian Linux (v6 to current)
various closed and open source, FOSS
backup: urBackup, Veeam, custom scripts
rolled out Kaspersky, replaced ESET AV
VoIP PBX
services: DNS, DHCP, TCP/IP, subnetting, firewalling, routing, NextCloud
IT consulting, security analysis, architecture, SIEM, VLAN, WLAN, segmentation
remote: 95%

Summary

First, I’d like to thank you for taking the time to review my résumé.

with well over ten years of hands-on experience in both depth and breadth of IT implementation while running my own ventures (privately about twice as much)
with planning, consulting and hands-on implementation experience
industry-agnostic but mindful of industry-specific elements
practical knowledge in data protection, security, licensing & legal aspects to assess and contribute to your environment (not legal advice!)
consulting, planning and implementing with Microsoft, SaaS, closed source and open source expertise
real know-how working with employees, shareholders and stakeholders of IT and the business, leading and supporting
with my own enthusiasm to carry projects long-term for everyone’s benefit

I look forward to discussing how I can bring my skills to your company’s advantage.

I will reach out to you for sure, and I’m excited about the upcoming project and fruitful collaboration.