Consulting Engineer

Project: Data center renewal with transition of the existing environment

Activities: Defining the project charter including setting project goals and tasks Creating a project plan with schedules, milestones, and resource requirements Calculating the business case Preparing the scope of services for the tender documents for the managed service providers Evaluating the MSP offers Identifying potential risks and developing risk mitigation measures Creating a cost and resource plan Coordinating with the PMO and steering committee Preparing regular project status reports Regularly reporting to management and other stakeholders on project progress Creating and maintaining all project-related documentation, including plans, reports, and minutes Conducting daily meetings and status meetings with the project participants

Project: Migration of an enterprise key management solution for Bloombase StoreSafe storage encryption

Activities: Installing and configuring a test and development environment with virtual machines for Thales KeySecure, Utimaco ESKM, and Bloombase StoreSafe Connecting the key managers to StoreSafe using OpenSSL keystore and certificate exchange Extracting keys from KeySecure via KMIP using Curl and KMIP/XML code Developing a PowerShell script for key migration via KMIP/XML and REST API into the ESKM Documentation Implementation

Project: Improving the virtual infrastructure for a logistics service provider in Bonn with about 500 systems

Activities: Planning, designing, and further developing the network and data center infrastructure Ensuring highly available data center operations, especially the Hyper-V virtualization environments Administering the network, server landscape, and central storage systems Advising business units on the architecture for delivering new services Coordinating and managing service providers during projects and incidents Creating an as-is analysis of the existing patch management process Developing and implementing a new Windows patch management concept for headquarters and regional hubs via WSUS (clients and servers) Aligning with product owners and management on the patch management process implementation (finding time windows, rolling out patches in waves at different times for different stages, performing tests, etc.) Designing group policies for antivirus with Microsoft Defender Deploying and configuring new and existing VMs with SCVMM Supporting configuration and troubleshooting in the Veeam Backup area Third-level support for Active Directory, Azure AD, Hyper-V, VMM, Windows operating systems, HPE ProLiant servers, and HPE 3PAR storage Customizing SCOM monitoring (configuring overrides for management packs, setting up and adjusting subscriptions, etc.) Administering and migrating Windows print servers Supporting risk analyses and creating a measures catalog according to BSI IT Baseline Protection, ISMS documentation, and ISO 27001/27002 Implementing security monitoring for Active Directory (adding/removing users from highly privileged groups, clearing security event logs) Supporting the selection (cloud vs. on-premises) of cryptographic measures (HSM) for a multi-tier Microsoft PKI to protect private keys Maintaining firewall rules in the Sophos firewall Assessing and remediating vulnerabilities with CrowdStrike Falcon (EDR/XDR) Building and commissioning a CheckMK infrastructure based on Ubuntu Server to replace a SCOM environment including rolling out CheckMK agents Developing PowerShell scripts to automate processes and extend/adjust CheckMK monitoring Introducing LAPS (Local Administrator Password Solution) Analyzing and fixing Active Directory vulnerabilities with Ping Castle

Technologies used: Active Directory, Azure AD, Azure AD Connect, EDR and XDR with CrowdStrike Falcon, Hyper-V, System Center Virtual Machine Manager (SCVMM) 2016, System Center Operations Manager (SCOM) 2016, Windows patch management (with WSUS, Cluster-Aware Updating (CAU), and Microsoft System Center Configuration Manager (SCCM)), Windows 7/10/11, Windows Server 2012 R2/2016/2019/2022, Ubuntu Server, Fibre Channel SAN, HPE ProLiant servers, HPE iLO, HPE 3PAR storage, HPE OneView Management, Dell PowerEdge servers, PKI, DFS, Microsoft Defender, Sophos UTM9, Veeam Backup & Replication 12, Thales DPOD and Thales Luna HSM, CheckMK monitoring, Ping Castle