Pierre Gronau - Ansible Automation, Windows Third Level Support

Cologne, Germany

Experience

Dec 2024 - Mar 2025

4 months

Frankfurt, Germany

Ansible Automation, Windows Third Level Support

DB InfraGO AG

PRISMA project
Ansible automation
Windows third level support for Windows NT, Windows 2000, Windows 2013, Windows 2016, Windows 2019

Sep 2024 - Oct 2024

2 months

Frankfurt, Germany

IT Security, IT Compliance

OYAK Bank

Securing Azure
Review of IT security policies
BAIT compliance

Sep 2024 - Sep 2024

1 month

Frankfurt, Germany

IT Security, IT Compliance

Pictet Group

Review of IT security policies
BAIT compliance

Apr 2024 - May 2024

2 months

Munich, Germany

IT Security, IT Compliance

MONTANA Energie Handel

Conducting audit for two VMware environments with HPE Omnistack SAN
Automation with bash, PowerShell, PowerCLI, Ansible and Terraform
Vulnerability scanning
SIEM with Splunk
Penetration tests

Apr 2023 - Apr 2025

2 years 1 month

Wiesbaden, Germany

IT Security, IT Compliance

Stadtwerke Wiesbaden ESWE

Conduct should-is comparison NIS-2
Design data center architecture for a critical infrastructure based on Arc42
Automate an Active Directory Tier 0 environment
Harden Windows with Ansible roles
Harden Linux with Ansible roles
Harden Microsoft 365
Harden Microsoft Azure
Active Directory hardening
Automation with bash, Ansible and Terraform
Automation with Ansible for Linux
Automation with Ansible for Windows
Build CI/CD pipelines with Jenkins under Linux Debian 11.x and 12.x
Implement Configuration as Code (CasC)
Harden Linux Debian 11.x and 12.x
Harden Windows 2019 and Windows 2022
Software deployment with Chocolatey
Implement Nitrokey MFA with ADFS
Build a VMware vSphere 8 environment with vSAN
Migrate VMs from vSphere 7 to VMware vSphere 8
Architecture according to Arc42
Automate control of hardening with PingCastle, Rusthound, Bloodhound, Microsoft ARI, Scoutsuite, Monkey365, Prowler, Scuba gear
Vulnerability scanning
SBOM creation and analysis
Penetration tests
SIEM with Microsoft Sentinel
Log management with Telegraf and InfluxDB
Automate Tier 0 hardened Active Directory environments
Build Linux servers such as Debian Linux and Oracle Linux
Build Windows servers such as Windows NT, Windows 2008, Windows 2012R2, Windows 2016, Windows 2019, Windows 2022
Migration of IVU server
Carve out of an existing Active Directory to a new Tier 0 Active Directory
Design an encryption solution for Microsoft 365 with eperi

Feb 2023 - May 2023

4 months

United States

Incident Response Team Ransomware

MKS Instruments

Recreate VMware ESXi and Hyper-V landscape as part of the incident response team after a successful ransomware attack
Automate CIS-hardened Windows 10 and Windows 11 analyst VMs on AWS with Pulumi, Terraform, Ansible and PowerShell

Jan 2023 - Mar 2025

2 years 3 months

Nuremberg, Germany

Information Security

Federal Office for Migration and Refugees

Conduct an audit for container security (peer review)
Implement role-based access control (RBAC)
Perform IT compliance reviews against BSI "Basic Protection" (BSI Grundschutz)
Conduct should-is comparison NIS-2
Secure OpenShift (based on Kubernetes) usage
Automation with bash, PowerShell, PowerCLI, Ansible and Terraform
Define CI/CD pipelines for automation
Optimize and automate CI/CD pipelines
Integrate static code analysis tools within CI/CD pipelines
Vulnerability scanning
Introduce and implement Software Bill of Materials (SBOM)
Introduce and implement Software Composition Analysis (SCA)
Penetration tests
SIEM with Splunk
Consulting for an IPv6 implementation project
Consulting in the area of VS-NfD IT environments
Create a security policy for patch management
Create a security policy for vulnerability management
Create a security policy for log management
Create a security policy for TLS
Create a security policy for SSH
Create a security policy for logging
Create a security policy for secure software development
Create a security policy for directory services such as LDAP
Create a security policy for backup and restore
Create a security policy for backup and restore evidence
Create auditd rules for specific applications and services
Perform malware analysis for Symantec Protection and ClamAV

Nov 2022 - Jun 2023

8 months

Tuttlingen, Germany

Cloud Computing Audit for Azure

KARL STORZ

Conduct an audit against CIS benchmark for Microsoft Azure and VMware on premise
Perform Azure architecture reviews
Conduct IT security reviews
Vulnerability scanning
Penetration tests
SIEM with Splunk
Introduce and implement Software Bill of Materials (SBOM)
Introduce and implement Software Composition Analysis (SCA)
Create auditd rules for specific applications and services
Create a concept for anonymisation of pictures and videos
Create a security policy for patch management

Jul 2022 - Nov 2022

5 months

Cologne, Germany

Container Security

City Cologne

Conduct an audit for container security (peer review)
Implement role-based access control (RBAC)
Perform IT compliance reviews against BSI "Basic Protection" (BSI Grundschutz)
Vulnerability scanning
Penetration tests
IT security hardening for Keycloak
Secure Kubernetes usage
Define CI/CD pipelines for automation
Optimize and automate CI/CD pipelines
Introduce and implement Software Bill of Materials (SBOM)
Integrate static code analysis tools within CI/CD pipelines
Secure VMware Tanzu

Feb 2022 - Mar 2023

1 year 2 months

Sweden

Cloud Computing Audit for Azure and GCP

H&M

Conduct an audit against customer best practices for Microsoft Azure (peer review)
Perform Azure architecture reviews
Conduct IT security reviews
Vulnerability scanning
Penetration tests
SIEM with Splunk
IT compliance reviews
Define CI/CD pipelines for automation
Conduct an audit against customer best practices for Google Cloud (peer review)
Perform Google Cloud architecture reviews
Automation with bash, Ansible and Terraform
Optimize and automate CI/CD pipelines
Introduce and implement Software Bill of Materials (SBOM)
Introduce and implement Software Composition Analysis (SCA)
Integrate static code analysis tools within CI/CD pipelines

Aug 2021 - Dec 2021

5 months

Walldorf, Germany

VMware Architecture

SAP

VMware architecture review
VMware outside-in view (peer review)

Aug 2021 - Nov 2021

4 months

Germany

KAIT Consulting

Universal Investment

Conduct KAIT BaFin audit preparation
Review technical documentation and policies
Ensure KAIT compliance, especially outsourcing of IT services and related service relationships, and separate procurement of hardware and software
Analyse IAM and PAM regarding corporate compliance and missing implementation of required controls, automation and SoD against regulations (BSI Grundschutz ORP.4, KAIT 5.x, AGB, AIFM-VO, VerfOV, MaRisk, GmbHG, PrüfBV, KWG, WpHG, GDPR)
Perform GAP analysis for user management and define mitigation actions
Draft and define low-level design to mitigate audit issues
Develop a programme structure to accomplish requirements under a fully automated end-to-end solution
High-level design for Compliance as Code for full documentation of user access (devices, services, transactions, data)
Analyse existing IAM integration for use of centralised commodity services
Create guidelines for actions for the extended board of directors

Jul 2021 - Feb 2022

8 months

Saudi Arabia

IT Security, IT Compliance

SABIC / Saudi Aramco

IT security audit
IT compliance
Industry, Industrial Internet of Things (IIoT), Distributed Control System (DCS), SCADA
Vulnerability Management as a Service (VMaaS)
Vulnerability scanning
SIEM with IBM QRadar
Penetration tests
RBAC review
Root cause analysis with Wireshark, TCP dump, Ettercap
Automation with bash, PowerShell, PowerCLI, Ansible and Terraform
Create a security policy for patch management
Create a security policy for Internet of Things
Create a security policy for backup and restore
Create a security policy for backup and restore evidence

Jul 2021 - Dec 2021

6 months

Germany

Microsoft 365, IT Security, IT Compliance

MANN + HUMMEL

Design workflow for alert handling in Office 365
Implement IT data protection under Office 2016 according to GDPR
SOC third level support
Support implementation of Microsoft Sentinel
Design decision papers for stakeholders such as IT security and data protection
Create a security policy for Office 365

May 2021 - Dec 2021

8 months

Germany

Cloud Computing, SDDC, Automation, Architecture, IT Security, IT Compliance

Debeka

Design IT architecture for Kubernetes
Ensure IT security for Kubernetes and CI/CD pipelines
Design IT architecture for service mesh with Istio on Kubernetes
Implement IT documentation as code
Design IT architecture for VMware based on VMware Cloud Foundation
Implement role-based access control (RBAC)
Configure firewalls
Configure load balancers
Design logical separation of networks with special consideration of BAIT and VAIT

Nov 2020 - Jul 2021

9 months

Bonn, Germany

Cloud Computing, SDDC, Automation, Architecture, IT Security, IT Compliance

BWI GmbH

Design IT security architecture for VMware Cloud Foundation
Design IT security architecture for VMware NSX-T
Consulting for VS-NfD (classified for official use only) IT environments
Automation with bash, PowerShell, PowerCLI, Ansible and Terraform
Integrate with IBM QRadar (SIEM)
Build Linux servers such as Red Hat Linux
Build Windows servers such as Windows NT, Windows 2016, Windows 2019, Windows 2022
Perform threat modeling

Jul 2020 - Dec 2021

1 year 6 months

Amsterdam, Netherlands

Cloud Computing, SDDC, Automation, Architecture, IT Security, IT Compliance

Vattenfall AB

Design IT architecture for Kubernetes
Ensure IT security for Kubernetes and CI/CD pipelines
Design IT architecture for service mesh with Istio on Kubernetes
Implement IT documentation as code
Implement IT compliance as code
Use Microsoft Azure
Ensure ISO 17789 and ISO 27001 compliance
Ensure KRITIS/NSI (critical infrastructure) and Atomic Energy Act (AtomG) compliance
Perform threat modeling
Build Linux servers such as Debian Linux and Red Hat Linux
Build Windows servers such as Windows NT, Windows 2012R2, Windows 2016, Windows 2019, Windows 2022
Linux hardening
Kubernetes hardening
Istio hardening
Vulnerability scanning
SIEM with Splunk
Penetration tests
Automation with bash, PowerShell, PowerCLI, Ansible and Terraform
Static application security testing (SAST)
Define CI/CD pipelines for automation
Optimize and automate CI/CD pipelines
Integrate static code analysis tools in CI/CD pipelines
Compare architecture and security between VMware Tanzu and Kubernetes k8s
Implement reverse proxy and application layer gateway (ALG)
Create security policies for patch management, Internet of Things, backup and restore, containers, DHCP and DNS, IPv4 and IPv6

Jul 2020 - Jun 2021

1 year

Coburg, Germany

Cloud Computing, SDDC, Automation, Architecture, IT Security, IT Compliance

HUK Coburg

Develop cloud computing IT strategy
Perform security audit for cloud computing
Conduct VAIT BaFin audit preparation
Ensure VAIT compliance, especially outsourcing of IT services and related relationships, and separate procurement of hardware and software
Ensure BAIT compliance
Apply EIOPA guidelines on outsourcing to cloud service providers
Ensure ISO 17789 and ISO 27001 compliance
Perform threat modeling
Implement vulnerability management and patch management
Implement IT outsourcing directive (Ausgliederungsrichtlinie) according to VAIT and BAIT
Apply IDW PS 860 and IDW PH 9.860.2 for critical infrastructure audits

Sep 2019 - Mar 2020

7 months

Munich, Germany

Senior Security Consultant, Cloud Computing, IT Security, IT Compliance

SWM Stadtwerke München

Harden Windows 10 and Windows 2016
Harden Siemens SCADA software WinCC
Implement hardened VMware ESXi 6.7 Update 3 cluster
Perform VMware health check for about 200 ESXi servers
High-level design for VMware ESXi 6.7 Update 3
Automation via PowerShell and PowerCLI
Use VMware Cloud Foundation, VMware Horizon, VMware vSAN
Conduct penetration tests
Provide Vulnerability Management as a Service (VMaaS)
Patch management
Root cause analysis with Wireshark, TCP dump, Ettercap

Apr 2019 - Jun 2020

1 year 3 months

Amsterdam, Netherlands

Cloud Computing, SDDC, Automation, Architecture, IT Security, IT Compliance

Vattenfall AB

Design and create blueprint and high-level design of an SDDC with VMware ESXi, NSX-T and OpenStack, integrating legacy systems with Microsoft Azure
Design and create low-level design for VMware ESXi 6.7 Update 3 and VMware NSX-T
High-level and low-level designs for load balancer, DNS, DHCP and IP (IPv4, IPv6), PAM, cluster design, NTP, IPv6, log management, PKI security vault, high availability and disaster recovery, automation and orchestration
Fulfil all requirements regarding critical infrastructures
Define requirements for disaster recovery concept of four new data centers
Automation with bash, PowerShell, PowerCLI, pandoc, sphinx
Use VMware Cloud Foundation, VMware Horizon, VMware vSAN
Perform penetration tests
Perform DAST and SAST
Provide Vulnerability Management as a Service (VMaaS) and vulnerability scanning
Patch management
Root cause analysis with Wireshark, TCP dump, Ettercap
Ensure ISO 17789, ISO 27001, IEC 62443, KRITIS/NSI (critical infrastructure), BSI IT Baseline Protection and Atomic Energy Act (AtomG) compliance
Define and optimize CI/CD pipelines and integrate static code analysis
Work in industrial environments with IIoT, DCS, SCADA
Perform threat modeling

Apr 2019 - Jun 2019

3 months

Düsseldorf, Germany

Senior Consulting Cloud Computing, IT-Compliance, IT-Security and Automation

ERGO / ITERGO

Threat modeling of multiple OpenShift (Kubernetes-based) environments
Develop hardening concepts for OpenShift, Docker containers, VMware ESXi and NSX, and CI/CD pipelines based on Jenkins and GitHub
Create safety concepts for OpenShift environments
Root cause analysis with Wireshark, TCP dump, Ettercap
Evidence testing for OpenShift environments
Define and optimize CI/CD pipelines and integrate static code analysis tools
Compare SIEM solutions Splunk and Elasticsearch
Ensure VAIT compliance, especially outsourcing and procurement of IT services
Ensure ISO 27001 and KRITIS/NSI compliance
Implement reverse proxy and application layer gateway (ALG)
Perform vulnerability scanning and penetration tests

Feb 2019 - May 2019

4 months

United States

KAIT Consulting

Jamestown

Conduct KAIT BaFin audit preparation
Ensure KAIT compliance, especially outsourcing of IT services and related service relationships, and separate procurement of hardware and software
Review technical documentation and policies

Jan 2019 - Mar 2019

3 months

Cologne, Germany

Cloud Computing, IT Expert, IT-Compliance, IT-Security

Gothaer / Gothaer Systems

IT security under Windows 10, Office 2016 and SCCM (group policy management, firewall, OS detection) according to BSI and VAIT
Implement IT data protection under Windows 10 and Office 2016 according to GDPR
Work with TPM and UEFI
IT security for Citrix XenServer
Automation via PowerShell
Ensure VAIT compliance, especially outsourcing and procurement of IT services
Ensure KRITIS/NSI compliance

Jul 2018 - Jun 2019

1 year

Ditzingen, Germany

Evangelist, Cloud Computing, Automation, IT Security

TRUMPF

Provide IT security consultation for Office 365
Create security policy for mobile devices such as smartphones, tablets and laptops
Ensure ISO 17789 and ISO 27001 compliance

Jul 2018 - Dec 2018

6 months

Netherlands

Evangelist, Cloud Computing, Automation, IT Security, IT Compliance

ING (previous ING-DiBa)

Threat modeling of an OpenShift (Kubernetes-based) and ELK environment
Work with Docker and Linux
Create decision templates
Script with Ansible and Terraform
Implement CI/CD pipeline with Jenkins
Vulnerability scanning and penetration tests
Perform DAST and SAST
Root cause analysis with Wireshark, TCP dump, Ettercap
Ensure ISO 17789, ISO 27001, KRITIS/NSI, BaFin/BAIT compliance
Ensure BAIT outsourcing compliance
Implement reverse proxy and application layer gateway (ALG)
Build Linux servers (Debian, Red Hat) and Windows 2016, 2019, 2022
Create a security policy for containers

Feb 2018 - Jul 2018

6 months

Munich, Germany

Evangelist, Cloud Computing, Automation, IT-Compliance, IT-Security

SWM Stadtwerke München

Azure IoT threat modeling
Azure IIoT threat modeling
Azure compliance analysis
Create decision templates
Ensure KRITIS compliance
Ensure BOStrab compliance (Straßenbahn-Bau- und Betriebsordnung)

Dec 2017 - Dec 2017

1 month

Augsburg, Germany

Senior Consulting Cloud Computing, IT-Security and Automation

KUMAVISION AG

Virtualize a Windows 2000 cluster with SAP instance
Create scripts with PowerShell and PowerCLI

Oct 2017 - Jan 2019

1 year 4 months

Spain

Evangelist Cloud Computing, Automation, IT-Compliance, IT-Security

Coca Cola European Partners (CCEP)

Design cloud computing and automation architecture for VMware Validated Design, Microsoft Azure and IBM Cloud
Design VMware Cloud Foundation 2.2 and VMware vRealize Automation 7.3 architecture
Relocate various data centers from the USA to IBM Cloud
Script with bash, Ansible, Terraform
Build CI/CD pipelines with Jenkins and automate them
Integrate static code analysis tools
Manage lifecycle with Spacewalk, SUSE Manager, Red Hat Satellite, Foreman/Katello
Create hardening guidelines for PostgreSQL, MongoDB and Red Hat 7
Automation via PowerShell and PowerCLI
High-level and low-level designs for NTP
Vulnerability scanning and penetration tests
Implement RBAC
Provide VMaaS and patch management
Root cause analysis with Wireshark, TCP dump, Ettercap
Ensure ISO 17789, ISO 27001, KRITIS/NSI compliance
Perform threat modeling
Configure firewall, reverse proxy, ALG and load balancer

Feb 2017 - Aug 2017

7 months

Netherlands

Senior Consulting Cloud Computing, IT-Compliance, IT-Security, Automation Architect

ING (previous ING-DiBa)

Define and establish security controls for cloud computing
Perform ISPL4 reviews and security consulting
Work with vSphere 6.0 Update 3, DELL EMC VxRail, Pivotal Cloud Foundry, DELL EMC ECS
Automation with bosh, Ansible, Terraform
Develop PowerCLI scripts for compliance and IT security review
Implement CI/CD pipeline with Jenkins
Use ELK and Kafka
Create decision templates
Provide VMaaS and vulnerability scanning
Penetration tests and patch management
Ensure ISO 17789, ISO 27001, KRITIS/NSI compliance
Configure firewall, reverse proxy, ALG and load balancer

Jan 2017 - Jan 2017

1 month

Vierkirchen, Germany

Senior Consulting Cloud Computing, VMware

MicroNova AG

Perform VMware SAN health check for 9 ESX servers with IBM SVC

Jul 2016 - Dec 2017

1 year 6 months

Senior Cloud Computing Consultant, Automation Architect, IT Compliance, IT Security

ERGO / ITERGO

Perform VMware VDI / XenDesktop and terminal server health checks
Upgrade ESX 5.0 to ESX 5.5 U3 (>150 hosts)
Use Docker with Kubernetes
Design and migrate Amazon AWS and Microsoft Azure architectures
Use Microsoft Azure as a failover data center for AWS
Work with vSphere Cloud, VMware vRealize Automation and VMware NSX
Create high-level and low-level designs for NTP
Ensure compliance with ISO 27001, the German Federal Data Protection Act/GDPR, the Insurance Supervision Act, Cloud Security Alliance, BaFin and critical infrastructure regulations
Plan ISPL3 and conduct ISPL4 audits
Use TheForeman, ELK and Kafka
Provide consulting for CISOs and support audits
Implement DevSecOps, SharePoint and Windows Server 2016 hardening concepts
Perform threat modeling and risk analysis
Handle data protection requests under the German Federal Data Protection Act and GDPR
Create C-level decision templates
Script with Bash and Ansible
Develop security concepts for IoT/IIoT in Deutsche Telekom and Azure clouds
Provide VMaaS, vulnerability scanning, penetration tests and patch management
Ensure compliance with ISO 17789, ISO 27001 and critical infrastructure/NSI regulations
Configure firewalls, reverse proxies, ALG and load balancers

Apr 2016 - Apr 2016

1 month

Munich, Germany

Senior Cloud Computing and Exchange Consultant

b.i.t.s.

Develop an architecture concept for Exchange 2016 on a vSphere 6.0 U2 platform with iSCSI and active/active data centers

Feb 2016 - Jul 2016

6 months

Cologne, Germany

Senior Cloud Computing, Automation, IT Compliance and IT Security Consultant

GALERIA Kaufhof GmbH

Conduct a health check of the ESX environment in a PCI-DSS environment

Dec 2015 - Nov 2016

1 year

Unterföhring, Germany

Senior Cloud Computing Consultant, Automation Architect, IT Security

Vodafone Kabel Deutschland GmbH

Serve as Scrum Master and Scrum coach for the DevOps team
Support the adoption of agile methodologies
Support automated deployment of Linux SLES11 using Jenkins
Automate configurations with Puppet
Define and optimize CI/CD pipelines and integrate static code analysis tools
Integrate Jenkins
Administer Linux SLES 11
Implement an OAuth2 server and a microservices architecture
Manage lifecycle with Spacewalk, SUSE Manager, Red Hat Satellite and Katello
Use AWS and Zend Server
Perform a Trend Micro proof-of-concept for VMware ESX hypervisors
Use TheForeman and ELK
Provide VMaaS and patch management
Ensure compliance with ISO 27001 and critical infrastructure/NSI regulations
Perform threat modeling
Use Atlassian Bitbucket

Sep 2015 - Sep 2015

1 month

Frankfurt, Germany

Senior Cloud Computing Consultant and Automation Architect

DFV Deutsche Familien Versicherung AG

Optimize the NTP concept for virtualization, Linux and Windows

Aug 2014 - Oct 2014

3 months

Walldorf, Germany

Senior Consulting Cloud Computing, Automation Architect

InterComponentWare AG (ICW)

Perform VMware health check
Perform iSCSI Equalogic health check
Develop SAN architecture

Jul 2014 - Dec 2014

6 months

Dresden, Germany

Senior Consulting Cloud Computing, Automation Architect

Cyberport GmbH

Perform VMware health check
Size a new VMware vSphere 5.5 environment
Design cloud computing and automation environment based on VMware

Jul 2014 - Jul 2014

1 month

Frankfurt, Germany

Senior Consulting Cloud Computing, Automation Architect

DFV Deutsche Familien Versicherung AG

Assess existing vSphere 5 environment with connected NetApp filers

Feb 2014 - Apr 2014

3 months

Bonn, Germany

Senior Consulting Cloud Computing, Automation Architect

Deutsche Post AG

Evaluate architecture of planned cloud computing environment
Work with vSphere 5.1x
Use Amazon Web Services

Nov 2013 - Dec 2015

2 years 2 months

Halle (Saale), Germany

Senior Consulting Cloud Computing, Automation Architect, IT Security, Disaster Recovery

Deutsch Bahn Connect GmbH (previous DB Rent GmbH)

Create and implement virtualization architecture based on vSphere 5.5/6.0 and OpenStack Juno/Kilo
Evaluate vSphere 6 RC and perform migrations between versions
Create and implement automation architecture based on VMware vRealize, Puppet and Foreman
Create and implement Docker development process
Perform P2V and V2V migrations for Linux systems
Design disaster recovery architecture based on two data centers and new network concepts
Design new security concept for virtualization platform
Design software architecture (load balancer HAProxy, proxy, Apache)
Act as Scrum product owner for software and IT operations/DevOps projects and as Scrum master/coach
Establish deployment pipelines with Jenkins
Manage data center relocation
Script with VMware PowerCLI and bash
Configure firewall, reverse proxy, ALG and load balancer
Use IBM Bluemix, Icinga2, Graphana, syslog-ng with TLS, ELK
Use Docker with Kubernetes and microservices architecture
Design OAuth2 IAM architecture based on Keycloak
Lifecycle management with Foreman and Katello
Use VMware Orchestrator
Provide VMaaS, vulnerability scanning, penetration tests and patch management
Perform Oracle DB optimization and MySQL/MariaDB administration
Root cause analysis with Wireshark, TCP dump, Ettercap

Sep 2013 - Nov 2013

3 months

Gütersloh, Germany

Senior Consulting Cloud Computing, Automation Architect

Arvato Systems GmbH

Create cloud computing and automation architecture concept based on OpenStack and Chef

Jan 2012 - Jul 2012

7 months

Germany

Senior Consulting, Disaster Recovery

R + V Versicherungs AG

Create architectural concept for CommVault Simpana 9
Construct PoC for CommVault Simpana 9
Implement architecture concept for CommVault Simpana 9

Dec 2011 - Dec 2011

1 month

Hockenheim, Germany

Senior Consulting Cloud Computing, Automation Architect

Suzuki International Europe GmbH

Implement VMware ESX 5.0 server environment
Create LUN design
Attach VMware ESX server environment via iSCSI to Dell MD3220i
Implement vCenter Server 5.0 with vMotion, DRS and HA

Aug 2011 - Sep 2013

2 years 2 months

Munich, Germany

Senior Consulting Cloud Computing, Automation Architect

AutoScout24 GmbH

Act as technical project manager and cloud architect
Evaluate vSphere 5.1 and 5.5 beta
Design architecture for mass storage, networks, security and vSphere 5
Evaluate and benchmark HP ProLiant G7 and Gen8 servers
Create private cloud concept based on vSphere 5 and vCloud Director 1.5
Work with SAN IBM SVC and Storwize V7000, including SVC plugin for VMware
Connect to public cloud
Set up 12 HP c-class 7000 enclosures with 10 Gbit/s
Evaluate and benchmark Dell Equalogic
Deploy vCenter Server 5.0 Update 2 and 5.1 with vMotion, HA and FT
Build orchestrator environment and workflows
Operate environment with more than 200 ESX servers
Create templates for Windows 2003, 2008 R2, 2012
Design disaster recovery solutions
Create test and acceptance concepts
Integrate IBM TSM backup with VADP
Use vCenter Orchestrator and CI/CD pipelines with TeamCity
Script P2V and V2V migrations
Migrate Lab Manager to vCloud Director
Use VMware Capacity Planner and vCenter Operations Manager
Virtualize Hadoop big data solution
Evaluate Trend Micro Deep Security Platform
Administer SAN IBM SVC and Storwize
Implement firewall, reverse proxy, ALG and load balancer
Use Puppet
Provide VMaaS and patch management
Root cause analysis with Wireshark, TCP dump, Ettercap
Ensure ISO 17789, ISO 27001, KRITIS/NSI compliance

Jun 2011 - Jun 2011

1 month

Hanover, Germany

Senior Consulting

Hannover Rückversicherungs AG

Perform health check of VMware and SAN infrastructure environment

Feb 2011 - Mar 2011

2 months

Berlin, Germany

Senior Consulting Cloud Computing, VMware, IT Security

Berlin Hannoversche Hypothekenbank AG

Design private cloud environment based on VMware vSphere ESXi 4.1 Update 1 (8 ESX servers)
Connect VMware ESX server environment to redundant SAN EVA 8400
Deploy vCenter Server with vMotion, HA and FT
Integrate Atempo Time Navigator backup with VADP

Dec 2010 - Aug 2011

9 months

Hanover, Germany

Senior Consulting Cloud Computing, Automation Architect, IT Security

Benecke-Kaliko AG / Continental AG

Act as technical project manager and cloud architect
Design private cloud environment based on vSphere ESX 4.1 Update 1 for multiple locations
Connect ESX environment to SAN HP MSA2000 G3
Implement vCenter Server with vMotion, HA and FT
Virtualize existing servers with VMware 4.1
Create data protection concept according to BSI
Implement HP Data Protector 6.11 and 6.2
Capacity planning with VMware Capacity Planner
Deploy Socomec JNC UPS software for vSphere
Root cause analysis with Wireshark, TCP dump, Ettercap

Nov 2010 - Nov 2010

1 month

Koblenz, Germany

Hybrid

Senior Consulting Cloud Computing, VMware, IT Security

CompuGroup Medical Deutschland GmbH

Troubleshoot hybrid cloud environment based on VMware Lab Manager 4.01 under vSphere 4

Oct 2010 - Oct 2010

1 month

Berlin, Germany

Senior Consulting Cloud Computing, VMware, IT Security

Berlin Hannoversche Hypothekenbank AG

Develop private cloud with vCenter Server 4.1 for data migration to SAN EVA 8400

Jun 2010 - Dec 2010

7 months

Ludwigsburg, Germany

Senior Consulting Cloud Computing, Automation Architect, IT Security, VMware

W&W Informatik GmbH

Design cloud architecture and private cloud concept
Provide ESX 4.0 Update 1 operating support and migration to ESX 4.1
Operate ESX 4.1, View 4.0, Lab Manager 4.0
Provide operational support, Lab Manager 4.02 and View 4.5
Use VMware Consolidated Backup with IBM TSM
Work with SAN HDS (USPV) and EMC CX4
Migrate to vSphere 4.1 with more than 40 ESX servers
Create templates for Windows 2008 R2 and Red Hat 5.5
Script conversion of virtual network adapters to vmxnet3
Virtualize existing servers on ESXi 4.0 and 4.1
Extract Lab Manager 4.02 into standalone environment
Implement VMware Capacity IQ and vCenter Orchestrator
Capacity planning with VMware Capacity Planner
Provide VMaaS and patch management

Mar 2010 - Jun 2010

4 months

Hanover, Germany

Senior Consulting

Hannover Rückversicherungs AG

Design private cloud environment with more than 50 ESX servers and NetApp SAN in metro cluster
Design mass storage, network, security and vSphere 4.1 architecture concepts
Perform health check of environment

Mar 2010 - Mar 2010

1 month

Prague, Czech Republic

Senior Consulting VMware

Airport Prague

Deliver workshop on VMware Site Recovery Manager 4.01 with HDS and IBM SAN
Build test environment for VMware Site Recovery Manager 4.01

Feb 2010 - Jun 2010

5 months

Cologne, Germany

Senior Consulting

DEVK Versicherungen

Create data backup concept according to BSI with focus on SAP and Oracle RAC under Linux SLES 10 SP3 with NetApp MetroCluster, IBM SVC and vSphere
Create catalogue of measures based on target-actual comparison

Feb 2010 - Mar 2010

2 months

Mannheim, Germany

Senior Consulting

Sensus GmbH

Health check for XenApp and XenDesktop
Create requirements profile and sizing for 600 users
Evaluate Dell Equalogic

Feb 2010 - Feb 2010

1 month

Hamburg, Germany

Senior Consulting

H & R InfoTech GmbH

Perform health check for ESX 3.5i environment with IBM DS 4500 and IBM DS 4800 SAN

Feb 2010 - Feb 2010

1 month

Cologne, Germany

Senior Consulting

Lufthansa Consulting GmbH

Implement Veeam Backup & Replication 4.1.1
Patch VMware vSphere ESX 4.0 Update 1 server farm

Dec 2009 - Feb 2010

3 months

Weinheim, Germany

Senior Consulting

Freudenberg IT KG (Project Deutsche Wertpapier Service Bank AG)

Operate VMware vSphere ESX 4.0 Update 1 server farm (46 ESX servers, approx. 150 VMs)
Connect ESX farm to redundant SAN EMC CX4-960
Review VMware infrastructure concept
Implement vCenter Server with vMotion, HA and FT
Set up HP c-class 7000 enclosure with redundant Virtual Connects Flex 10
Integrate Cisco Nexus 1000V and PowerPath VE
Implement vCenter Site Recovery Manager 4.0
Create test and acceptance concepts
Integrate CommVault backup with VCB

Dec 2009 - Dec 2009

1 month

Cologne, Germany

Lorem ipsum dolor sit amet

Lufthansa Consulting GmbH

Design virtualization environment (high-level and low-level)
Deploy VMware vSphere ESX 4.0 Update 1 server farm
Connect ESX farm to SAN Dell MD3000i
Implement vCenter Server with vMotion and HA
Virtualize existing servers under VMware 4.0 Update 1
Deploy Windows 2003 templates
Deliver workshop on VMware vSphere ESX 4.0 Update 1 and vCenter Server 4.0 Update 1 with vMotion and HA

Jun 2009 - Jun 2009

1 month

Hanover, Germany

Senior Consulting

DRK-Krankenhaus Clementinenhaus

Perform health check of ESX 3.5 / VDI View environment

Mar 2009 - Mar 2009

1 month

Stuttgart, Germany

Senior Consulting

Cardif Allgemeine Versicherung

Upgrade ESX 3.5 Update 1 to ESX 3.5 Update 3 including patching
Upgrade Virtual Center 2.5 Update 1 to 2.5 Update 4
Implement performance overview function in Virtual Center

Mar 2009 - Mar 2009

1 month

Kempten, Germany

Senior Consulting

ESK Ceramics GmbH & Co. KG

Upgrade Virtual Center 2.5 Update 1 to 2.5 Update 4
Implement performance overview function in Virtual Center
Deploy Windows 2003 templates
Integrate CommVault backup with VCB

Summary

My strengths for critical infrastructure and regulated sectors such as banking (e.g. ING-DiBa, Deutsche Wertpapier Service Bank AG) and insurance (like ERGO, HUK Coburg and Hannover Rückversicherungs AG) include:

IT Security and IT Compliance: I have extensive experience in designing and implementing IT security policies and measures for various critical infrastructures. I have created security policies for patch management, vulnerability management, log management, TLS, and backup/restore. I also have experience with auditing and implementing IT compliance policies such as BSI Grundschutz, BaFin (BAIT, VAIT and KAIT), ISO 27001 and GDPR.
Cloud Computing: I have extensive expertise in cloud computing and have designed and implemented cloud architectures for various platforms such as Microsoft Azure, Amazon AWS and IBM Cloud. I have considered security measures for cloud infrastructures such as Role-based Access Control (RBAC), firewall configuration, and load balancing.
Incident Response and Recovery: I implemented effective incident response strategies and recovered systems such as VMware ESXi, and Hyper-V after successful ransomware attacks.
Container Security: I conducted audits for container security and developed hardening concepts to safely use Docker and Kubernetes.
Automation and CI/CD pipelines: I defined, optimized and automated CI/CD pipelines to ensure efficient and secure application deployment. In the process, I also integrated security tools into the CI/CD pipelines to perform static code analysis.
Industrial Internet of Things (IIoT) and SCADA: I have created security concepts for IIoT and SCADA environments and have experience with the specific security requirements of such critical infrastructures.
Experience in a variety of companies and industries: I have worked with a variety of companies including utilities, banks, insurance companies, manufacturers, and IT service providers, giving me a broad understanding of the various requirements and challenges in regulated sectors.

Overall, I have a wealth of knowledge in IT security, cloud computing, automation, and compliance that is valuable to critical infrastructure and regulated sectors. My experience and expertise enable me to develop and implement effective security policies and measures to ensure at least the integrity, availability, and confidentiality of systems in such environments.

Skills

Focus Areas

Automation/orchestration
Infrastructure As A Code (Ansible, Terraform, Pulumi)
Documentation As A Code (Sphinx)
Compliance As A Code (Prevent, Detect And Remediate)
Continuous Integration (Ci)
Continuous Delivery (Cd)
Casc (Configuration As Code)
Jcasc (Jenkins Configuration As Code)
Threat Modeling As A Code
Cloud Computing (Hyperscaler)
Ibm Cloud
Microsoft Azure
Google Cloud
Amazon Aws
Architecture
Zero Trust Architecture
Data Center
Sddc (Software Defined Data Center)
Resilience
High Availability
Disaster Recovery (Dr)
Business Continuity Management (Bcm)
Concept
Linux
Windows
Management
It Security
Active Directory Security
It Compliance
Cryptography
Atomg
Bsi
Kritisv Critical Infrastructure
Bsi “Basic Protection” (German: Bsi Grundschutz)
Log Management
Siem (Security Information And Event Management)
Bafin
Bait (Based On Kwg (Kreditwesengesetz))
Kait (Based On Kagb (Kapitalanlagegesetzbuch))
Vait (Based On Vag (Versicherungsaufsichtsgesetz))
Zait (Zahlungsdiensteaufsichtliche Anforderungen An Die It Von Zahlungs- Und E-geld-instituten)
Conducting Bafin Audit Preparation
Digital Operational Resilience Act (Dora) - Regulation (Eu) 2022/2554
European Cyber Resilience Act (Cra)
Nis 2 Directive, European Union As Directive (Eu) 2022/2555
Critical Entities Resilience Directive (Cer), European Union As Directive (Eu) 2022/2557
Public Transportation And Rail Transport
Straßenbahn-bau- Und Betriebsordnung (Bostrab)
Vdv 400 (Maßnahmen Für Personelle, Organisatorische Und Bauliche/physische Sicherheit Sowie Branchenspezifische Technik)
Vdv 4400
Data Privacy
Gdpr (Eu-dsgvo; Bdsg Neu)
California Consumer Privacy Act (Ccpa)
California Privacy Rights Act (Cpra)
Iso 17789 (Cloud Computing - Reference Architecture)
Iso 2700x Series
Iec 62443
Vdi/vde 2182 Guidelines
Identity And Access Management (Iam)
Role-based Access Control (Rbac)
Payment Card Industry Data Security Standard (Pci-dss)
Health
Health Insurance Portability And Accountability Act Of 1996 (Hipaa Or The Kennedy–kassebaum Act)
Medizinproduktegesetz (Mpg)
Vmware (E.g. Vmware Cloud Foundation)
Openstack
Kubernetes K8s (Also Openshift)
Container (E.g. Docker, Podman)
Root Cause Analysis
Internet Of Things (Iot)
Industry
Industrial Internet Of Things (Iiot)
Distributed Control System (Dcs)
Supervisory Control And Data Acquisition (Scada)
Vulnerability Management As A Service (Vmaas)
Vulnerability Scanning
Penetration Tests
Requirements Engineering
Review / Audit / Assessment / Health Check
Devsecops
Site Reliability Engineering (Sre)
Platform Engineering (Pe)
Process Modeling
Secure Coding
Dynamic Application Security Testing (Dast)
Static Application Security Testing (Sast)
Software Composition Analysis (Sca)

Sectors

Automotive
Banking
Chemical
Consulting
Energy
Financial Services
Healthcare
Industry
Information Technology
Insurance
Logistics
Public Sector
Telecommunication
Trade
Transportation

Hardware

Apple
Dell Equalogic San
Ibm, Ibm Server, Ibm Powerpc, Ibm Blade
Brocade
Dell Emc Vxrail
Cloudian Amazon Simple Storage Service (S3)
Dell Compellent
Lenovo, Lenovo Server
Nutanix
Compaq, Compaq Server
Fujitsu, Fujitsu Primergy Server
Netapp Fas San & Nas
Cisco Ucs Blade Server
Hp, Hp Proliant Server
Sun, Sun Server
Dell, Dell Poweredge Server
Hpe, Hpe Proliant Server, Hp Blade, Hpe Energy
Dell Emc Clariion, Vnx Unified Storage San & Nas, Vplex, Powermax, Vmax
Hpe 3par
Vmware Vsan Ready Nodes
Hpe Omnistack San
Supermicro
Toshiba

Operating Systems

Apple Ios
Apple Macos (Previously Mac Os X And Later Os X)
Bsd
Openbsd
Freebsd
Netbsd
Ibm Os/2
Linux
Debian
Ubuntu
Red Hat Rhel/centos
Almalinux
Rocky Linux
Suse Sles
Oracle Linux
Ms-dos
Novell Netware 2.x, 3.x
Unix
Hp-ux
Sun Solaris
Siemens Sinix
Interactive Unix
Windows All Flavours (From Windows Nt 3.5, Windows Nt 4.0 Up To Windows Server 2022)

Network

Atm
Dwdm
Ethernet
Fddi
Fibre Channel
Frame Relay
Infiniband
Mpls
Tcp/ip
Token Ring

Programming And Scripting Languages

Python
Pascal (Ucsd Pascal, Object Pascal)
Latex
Restructered Text
Markdown
Bash

Databases

Clipper
Dbase
Foxpro
Elasticsearch
Mongodb
Ms-access
Ms-sql Server
Mysql (Also Mariadb)
Oracle Db
Influxdb
Cockroachdb

Vmware By Broadcom

Vmware Vcenter (Server)
Vmware Capacity Planner
Vmware Vcenter Appliances Ha
Vmware Certificate Authority (Vmca)
Vmware Cloud Foundation
Vmware Consolidated Backup, Vstorage Api, Vsphere Data Protection
Vmware Drs (Distributed Resource Scheduler)
Vmware Esx
Vmware Esxi
Vmware Ft (Fault Tolerance)
Vmware Ha (High Availability)
Vmware Lab Manager
Vmware Nsx (Nsx-v, Nsx-t)
Vmware Orchestrator
Vmware Powercli
Vmware Site Recovery Manager
Vmware View (Horizon)
Vmware Vcloud Director (Vcd)
Vmware Vrealize Orchestrator
Vmware Vrealize Log Insight (Vrli)
Vmware Vrealize Network Insight (Vrni)
Vmware Vrealize Operations (Vrops)
Vmware Vsphere Suite
Vmware Validated Design (Vvd)
Vmware, Dell Emc Vxrail
Vmware Tanzu
Vmware Aria Automation (Replace Vra)
Vmware Aria Automation Config
Vmware Aria Automation For Secure Hosts
Vmware Aria Suite
Vmware Aria Operations (Replace Vrops)
Vmware Aria Operations For Logs (Replace Vrli)
Vmware Aria Operations For Networks (Replace Vrni)

Tools And Platforms

Active Directory
Amazon Aws
Ibm Cloud
Microsoft Azure
Microsoft Hyper-v
Linux Kvm
Openstack
Sddc (Software Defined Data Center)
Ldap
Jboss
Kubernetes
Tomcat
Wildfly
Xen
Vmware Esxi
Root Cause Analysis With E.g. Wireshark, Tcp Dump, Ettercap

Methodologies

Arc42 Architecture Framework
Togaf (The Open Group)
Naf (Nato Architecture Framework)

Processes

Agile
Kanban
Scrum (Certified Scrum Master)
Pdca Iterative Management Of Projects
Prince2
V-model Xt
Waterfall Model
Gitops
Devops
Devsecops
Site Reliability Engineering (Sre)
Platform Engineering (Pe)
Digital Transformation
Itsm Process Management Itil V1-v4
Threat Modeling

Other Skills

Linux Auditd Best Practice (Contributor To [Link] [Link]
Application Layer Gateway (Alg)
Amazon Aws
Atlassian Confluence
Atlassian Jira
Automation
Author
Cert
Data Center
Ddi (Dns, Dhcp, Ipam)
Coredns
Route53 (Dns)
Infoblox
Ntp
Meinberg Appliance
Privileged Access Management (Pam)
Ipv4 And Ipv6
It Compliance
Cloud Computing
Continuous Integration (Ci)
Continuous Delivery (Cd)
Cyber Security
Dell Emc Ecs (Elastic Cloud Storage)
Docker
Docker With Kubernetes
Elk (Elasticsearch, Logstash, Kibana)
Firewall (Packet Filtering, Packet Inspection)
Fog Computing
Graphana
Hardening Concept
Opsi (Open System Integration)
Ibm Cloud
Iam
Icinga2
Infrastructure As A Service (Iaas)
Iot (Internet Of Things)
Kafka
Keycloak
Kubernetes
Load Balancer Such As Haproxy
Log Management
Malware Protection With Trendmicro
Malware Protection With Sophos
Malware Protection With Symantec
Ibm Qradar
Arcsight
Microsoft Sentinel
Microservices
Monitoring
Nist
Network Time Protocol (Ntp)
Oauth2
Openid Connect
Red Hat Openshift
Openstack
Pivotal Cloud Foundry
Platform As A Service (Paas)
Public Key Infrastructure (Pki)
Penetration Tests
(Reverse) Proxy
San
Secret Vaults Such As Hashicorp Vault
Security Audits
Sigma Rules
Security Information And Event Management (Siem)
Software Composition Analysis (Sca)
Software As A Service (Saas)
Sddc (Software Defined Data Center)
Sonarqube
Splunk
State Of The Art And Science
Syslog
Syslog-ng With Tls Encryption And X.509 Certificates
Platespin
Teamcity
Wireshark
Tcp Dump
Ettercap
Proxmox
Cloud Enum
[Link]
S3-account-search
Awseye
Cloudsplaining
Prowler
Lithnet Password Protection (Lpp)
Netbox
Cleanupmonster
Powerhuntshares
Gpozaurr
Pspkiaudit
Ad Miner
Chainsaw
Logontracer
Syft (For Sbom Generation)
Grype (For Vulnerability Scanning)
Trivy (For Vulnerability Scanning)
Yara Rules (See E.g. [Link] [Link] [Link]
Eperi Gateway

Regulatory Skills

Atomg
Kritisv Critical Infrastructure
Bsi “Basic Protection” (German: Bsi Grundschutz)
Bafin
Bait (Based On Kwg (Kreditwesengesetz), Bankaufsichtliche Anforderungen An Die It)
Kait (Based On Kagb (Kapitalanlagegesetzbuch), Kapitalverwaltungsaufsichtliche Anforderungen An Die It)
Vait (Based On Vag (Versicherungsaufsichtsgesetz), Versicherungsaufsichtlichen Anforderungen An Die It)
Zait (Zahlungsdiensteaufsichtlichen Anforderungen An Die It Von Zahlungs- Und E-geld-instituten)
Versicherungsaufsichtsgesetz (Vag)
Mindestanforderungen An Das Risikomanagement (Marisk)
Conducting Bafin Audit Preparation
Digital Operational Resilience Act (Dora) - Regulation (Eu) 2022/2554
European Cyber Resilience Act (Cra)
Nis 2 Directive, European Union As Directive (Eu) 2022/2555
Critical Entities Resilience Directive (Cer), European Union As Directive (Eu) 2022/2557
Public Transportation And Rail Transport
Straßenbahn-bau- Und Betriebsordnung (Bostrab)
Vdv 400 (Maßnahmen Für Personelle, Organisatorische Und Bauliche/physische Sicherheit Sowie Branchenspezifische Technik)
Vdv 4400
Data Privacy
Gdpr (Eu-dsgvo; Bdsg Neu)
California Consumer Privacy Act (Ccpa)
California Privacy Rights Act (Cpra)
Iso 17789 (Cloud Computing - Reference Architecture)
Iso 2700x Series
Iec 62443
Vdi/vde 2182 Guidelines
Payment Card Industry Data Security Standard (Pci-dss)
Health
Health Insurance Portability And Accountability Act Of 1996 (Hipaa Or The Kennedy–kassebaum Act)
Medizinproduktegesetz (Mpg)
Idw Ps 860: It Prüfung Außerhalb Der Abschlußprüfung
Idw Ph 9.860.2: Prüfung Bei Betreibern Kritischer Infrastrukturen
Kritis
Sox 404