Project History
German Financial Services Broker
Senior Security Engineer -- Vulnerability Management & Compliance
Düsseldorf, Germany | 2026
Greenfield security engagement at a German brokerage firm: building an enterprise-wide vulnerability management program across the entire IT infrastructure. The project encompasses vulnerability scanning with Greenbone, SIEM integration with Exabeam, development of a security control framework, and compliance documentation for ISO 27001, DORA, and GDPR. Direct collaboration with the CIO and cross-functional teams (IT operations, application development, data privacy) to establish security processes in a regulated financial services environment.
Key Contributions
- Designed and deployed Greenbone Vulnerability Management on dedicated infrastructure with Kali Linux as the scanning platform
- Defined scan schedules, scope, and CVSS-based remediation timeframes
- Integrated vulnerability findings into the Exabeam SIEM platform; designed correlation rules and alerting for vulnerability-related events
- Developed a comprehensive security control framework mapped to regulatory requirements (ISO 27001, DORA, GDPR, KAIT/BAIT)
- Built remediation tracking with defined timeframes based on CVSS severity ratings
- Conducted knowledge transfer sessions with IT operations and application development teams
- Established vulnerability management governance: roles, responsibilities, escalation paths
- Created operational documentation for ongoing vulnerability management program operations
Technologies: Greenbone (OpenVAS), Kali Linux, CVSS, Exabeam SIEM, ISO 27001, DORA, GDPR, KAIT/BAIT, GitLab
European Energy Company
Senior Infrastructure & Resiliency Consultant
Düsseldorf, Germany | 2025 -- 2026
Systematically strengthened IT resiliency and disaster recovery capabilities across the Azure-hosted application landscape. Focused on mission-critical applications: ensuring backup configurations meet defined RTO/RPO targets and satisfy NIS2, BSI KRITIS, and ISO 27001 requirements. Built automated tooling for assessing, reporting, and tracking backup compliance across the entire Azure estate.
Key Contributions
- Designed and built an automated Azure backup compliance assessment system: querying the entire Azure resource estate, mapping to enterprise application management IDs via custom heuristics, validating against defined ER classes (RTO 120h, RPO 12h, retention 14d)
- Developed an automated weekly reporting pipeline: Azure API queries produce JSON data, processed through custom scripts into structured Markdown reports and JSON feeds for Power BI integration
- Identified 7 critical action areas: missing archival policies, backup coverage gaps, geo-redundancy limitations, missing offsite backups, ransomware detection/immutability, encryption at rest
- Conducted DR plan reviews for ~44 applications with gap analysis against defined target states
- Integrated ServiceNow API for asset management data enrichment
- Prepared data integration for Power BI dashboards; transitioned from document-based reporting to an interactive BI platform
- Led stakeholder sessions with application teams to validate backup configurations
Technologies: Azure (Backup, Key Vault, VMs, App Service, Policy, Landing Zones), Azure CLI, Python, NIS2, BSI KRITIS, ISO 27001, GDPR, Power BI, ServiceNow API, Oracle DB
European Sovereign Cloud Provider
Senior Security Consultant & Threat Modeling Architect
Remote (data centers in Germany and Austria) | 2025 -- 2026
Full-time engagement within the security team of a European sovereign cloud provider building a hyperscaler-competitive platform under strict EU data sovereignty requirements. The platform spans multiple data centers in Germany and Austria, built on OpenStack with Kubernetes orchestration. Primary focus: designing and implementing a comprehensive, automated threat modeling framework, external security assessments, and hardening Kubernetes infrastructure per BSI IT-Grundschutz.
Key Contributions
- Designed and built a comprehensive threat modeling framework based on Invariance Analysis and Microsoft STRIDE; created 80+ security invariances and 17 STRIDE threat models
- Implemented the framework as policy-as-code with Open Policy Agent (OPA) and Rego; integrated automated validation via Conftest into CI/CD pipelines
- Three-layer model ("onion" approach): Sovereign Control Plane, Tenant Isolation / Compute Fabric, Service Catalog
- Conducted external security assessment: DNS enumeration across 94 subdomains, identified 50+ publicly exposed dev/QA subdomains, documented 28 unresolved DNS records with subdomain takeover risk
- Discovered publicly accessible infrastructure tools (Keycloak, ArgoCD, Harbor, Nexus, SonarQube, Grafana, MinIO, NetBox) and prioritized remediation steps
- Led BSI IT-Grundschutz APP.4.4 compliance for Kubernetes: created requirements catalog (A1-A21), conducted multi-tenancy review, evaluated security tooling (Kube-bench, Kyverno, Popeye)
- Reviewed OpenFGA authorization service design; identified gaps in latency, caching, multi-tenancy isolation, and threat vectors
- Co-established security forum as a central governance body
Technologies: STRIDE, Invariance Analysis, OPA/Rego, Conftest, BSI IT-Grundschutz, EUCS, ISO 27001, GDPR, Kubernetes (AKS, on-prem), Helm, Calico, MetalLB, Kube-bench, Kyverno, OpenStack, Azure, Terraform, Keycloak, Entra ID, OpenFGA, OpenBao, ArgoCD, Harbor, Azure DevOps, Grafana, NetBox
IT Service Provider / German State Justice System
Senior Infrastructure Consultant & Performance Engineer
Bavaria, Germany | 2025 -- 2026
Engagement to resolve critical performance and availability issues in the eJustice system (eIP/eAkte) of the Bavarian judiciary. The system is a complex, multi-partner, multi-data-center platform for digital court records. As part of a dedicated task force, authored the comprehensive final report: identified 11 prioritized system risks and defined 26 remediation measures. Currently transitioning into implementation of measures and eIP development.
Key Contributions
- Conducted deep-dive infrastructure analysis across a complex multi-partner technology stack spanning two data centers
- Identified and documented 11 prioritized system risks (S-001 through S-011) across network, storage, database, and application layers
- Authored a comprehensive final report (100+ pages) with root cause analysis, remediation measures, benchmark concepts, and coordination frameworks
- Defined 26 structured remediation measures (M-001 through M-026) with KPIs, owners, and implementation timelines
- Designed a 4-stage benchmark and testing methodology (component tests, integration tests, E2E tests, resilience/chaos engineering)
- Developed a multi-partner coordination concept for 6+ organizations
- Oracle database optimization: connection pooling, RAC implementation, SQL tuning, memory management
- Conducted NFS performance optimization in lab; coordinated JDBC connection pool analysis and measurements
Technologies: Oracle Database (AWR, RAC, PGA/SGA), WebLogic Server, Oracle SOA Suite, Coherence Cache, Cisco ACI (Nexus 6000/7000), HAProxy, F5, NFS, Grafana, Splunk, Instana, CheckMK, Apache JMeter, Alfresco, Linux (CentOS/RHEL), Terraform, Ansible
German State Law Enforcement Agency
Senior Network & Security Infrastructure Consultant
Berlin, Germany | 2023 -- 2026
Long-term direct engagement with a German state police agency across two workstreams. Initially planned and executed a full IPv4-to-IPv6 migration across the entire police network infrastructure. After a project-related freeze, pivoted to designing and building a large-scale on-premises Elasticsearch SIEM and observability platform on three large bare-metal servers with a Kubernetes cluster. Additionally drove IT infrastructure modernization: configuration management, project tools, and documentation systems.
Key Contributions
- Designed a comprehensive 5-phase project roadmap for IPv4-to-IPv6 migration of the entire police address spaces
- Authored the IPv6 framework specification for the migration; planned dual-stack network configuration
- Architected and deployed production-ready Elasticsearch clusters for SIEM and centralized log management on three bare-metal servers
- Deployed and configured a Kubernetes cluster as the orchestration platform for the SIEM stack
- Set up TLS/X.509 certificate infrastructure for secure inter-node and client communication
- Configured Kibana dashboards for security event visualization and analysis
- Deployed a GitLab instance for configuration management; evaluated and proposed OpenProject, Nextcloud, and MediaWiki for police IT
- Deployed all services as IPv4/IPv6 dual-stack from the outset
- Configured proxy and VPN connectivity for secure remote access
Technologies: Elasticsearch (Multi-Node, X-Pack Security), Kibana, Kubernetes, Docker, IPv4/IPv6 Dual-Stack, VPN, TLS/X.509, Linux (CentOS/RHEL, Ubuntu), Bare-Metal Server, GitLab, OpenProject, Nextcloud
Swiss National Logistics Corporation
Platform Architect -- Cloud & Identity Integration
Remote (Switzerland / Germany) | 2024 -- 2025
Full-time engagement as platform architect in a newly formed logistics organization created through the consolidation of 30+ acquired companies in Switzerland and Germany under the national postal service provider. Responsible for migrating and consolidating application platforms (SAP, custom applications) and collaboration tools (Microsoft 365, Outlook, Teams) from each subsidiary into a central Azure tenant and M365 environment.
Key Contributions
- Architected a central Azure tenant and M365 environment for absorbing 30+ acquired organizations
- Migrated collaboration tools (Outlook, Teams, SharePoint) from subsidiary tenants into the unified platform
- Integrated Microsoft Entra ID with SAP SuccessFactors for HR-driven identity lifecycle (joiners/movers/leavers)
- Configured Entra ID federation with SAP Fiori for application access
- Steered cross-tenant identity synchronization during subsidiary onboarding
- Served as central technical point of contact for subsidiary project managers during migration
Technologies: Azure, Entra ID (Conditional Access, Cross-Tenant Sync), Microsoft 365, SAP SuccessFactors, SAP Fiori, Tenant Migration
European Energy Corporation
Senior Security Consultant -- Threat Modeling & Cloud Security
Essen, Germany | 2024 -- 2025
Security engagement at one of Europe's largest energy corporations: threat modeling and security audits of the Endur Energy Trading and Risk Management (ETRM) platform on AWS. Comprehensive STRIDE-based threat analysis of database infrastructure, backup systems, and data flows. Delivered actionable remediation roadmaps with prioritized short-, medium-, and long-term security improvements.
Key Contributions
- Conducted STRIDE threat analysis of the Endur trading platform database infrastructure on AWS
- Modeled the complete system architecture: RDS across 3 availability zones, automated backup processes, S3 long-term storage
- Documented trust boundaries and data flows with associated risks and controls
- Designed layered mitigation strategies using AWS-native security services (IAM, KMS, CloudTrail, GuardDuty, Shield, WAF)
- Recommended immutable backup strategies with AWS Backup Vault Lock (WORM) against ransomware
- Delivered a prioritized remediation roadmap: immediate actions, medium-term, and long-term improvements
Technologies: AWS (RDS, S3, IAM, KMS, CloudTrail, GuardDuty, Shield, WAF, Backup, VPC, Config), STRIDE Threat Modeling, Endur ETRM
Baltic Port Operator (KRITIS)
Senior Infrastructure & Security Consultant
Lübeck, Germany | 2023 -- 2025
Multi-year engagement at a KRITIS-classified Baltic Sea port operator. Three workstreams: building an open-source SIEM on OpenSearch, modernizing network infrastructure (segmentation, firewalls, redundancy), and security audits across Active Directory, endpoints, and network components.
Key Contributions
- Designed and deployed an open-source SIEM based on OpenSearch; established the organization's first centralized security monitoring capability
- Designed a network segmentation strategy for the distributed port campus across multiple locations in Lübeck
- Evaluated firewall architecture: redundancy, configuration, DMZ requirements, monitoring
- Conducted an Active Directory health assessment with SIEM integration
- Performed security audits across multiple domains: AD, Windows clients, firewall, ransomware readiness
- Created a protection class catalog for risk-based security prioritization
- Advised on IT infrastructure outsourcing strategy; planned ISO 27001 and KRITIS compliance
- Steered SIEM transition to a commercial managed service solution and conducted handover
Technologies: OpenSearch (SIEM), Network Segmentation, Firewall Architecture, Active Directory, VPN, KRITIS, ISO 27001, Microsoft 365, SharePoint
Solar Energy Storage Company
Architect -- Logging Infrastructure
Leipzig, Germany | 2023 -- 2024
Migrated the logging infrastructure at a solar energy storage company: ElasticSearch to OpenSearch, Filebeat-Logstash pipelines to vector.dev. Deployed the entire infrastructure via CI/CD; coordinated with application teams for uninterrupted migration.
Key Contributions
- Migrated ElasticSearch logging infrastructure to OpenSearch
- Converted logging pipelines from Filebeat-Logstash to vector.dev
- Deployed the new infrastructure entirely via CI/CD pipeline (ArgoCD, Terraform, Ansible)
- Developed test plans; validated system performance, security, and compliance
Technologies: OpenSearch, vector.dev, Elasticsearch, Logstash, Filebeat, Kibana, Azure, Kubernetes, Terraform, Ansible, ArgoCD, GitLab
Global FinTech Infrastructure Provider
Architect & Project Lead -- Infrastructure and Software Deployment
Germany | 2021 -- 2023
Architected and led infrastructure and software delivery for a payment-as-a-service platform at a global FinTech infrastructure provider. Designed cloud, hybrid, and on-premises infrastructure across IBM Cloud, AWS, and Google Cloud. Full lifecycle responsibility: solution design, development oversight, testing, disaster recovery with regular fire drills, and deployment/release management -- under PCI-DSS, PSD2, ISO 27001, and BaFin/BAIT compliance.
Key Contributions
- Designed cloud and network architecture across IBM Cloud, AWS, and Google Cloud
- Created system and integration design for the payment-as-a-service platform
- Planned, implemented, and operated disaster recovery, business continuity, and backup; conducted regular fire drills
- Ensured PCI-DSS, PSD2, ISO 27001, and BaFin/BAIT compliance
- Developed test plans and strategies; coordinated SIT, performance tests, regression tests, and UAT
- Planned and coordinated system deployment and releases; implemented change management
Technologies: IBM Cloud, AWS, GCP, OpenShift, Podman, Kubernetes, Apache Kafka, Spring Boot, Vert.x, Stripe, Braintree, Adyen, Mulesoft, Apigee, Kong, Datadog, Oracle, Java, Python, JavaScript, Jenkins, GitLab CI, PCI-DSS, PSD2, ISO 27001, TOGAF
National Sports Association
Project Lead & Infrastructure Architect
Frankfurt, Germany | 2020 -- 2021
Introduced and customized an open-source productivity suite at a national sports association. Architected cloud and network infrastructure on GCP, deployed containerized services with Kubernetes, implemented CI/CD pipelines, and established disaster recovery with regular fire drills.
Key Contributions
- Designed cloud and network architecture on GCP
- Implemented disaster recovery, business continuity, and backup with regular fire drills
- Set up CI/CD pipelines (Jenkins, GitLab CI, Travis CI) and IaC (Terraform, Ansible)
- Validated system performance, security, and compliance
Technologies: GCP, Kubernetes, Docker, Terraform, Ansible, Jenkins, GitLab CI, ELK Stack, Grafana, ISO 27001, BSI Grundschutz, TOGAF
Global MedTech Corporation
Architect
Germany | 2020
Migrated the production delivery infrastructure at a global MedTech company: applications from native Windows to Linux/Docker containers, deployed on Azure with Kubernetes, integrated Azure Machine Learning Services, and established CI/CD pipelines.
Key Contributions
- Designed technical architecture and cloud infrastructure on Azure
- Rewrote existing applications from native Windows to Linux Docker containers and deployed them into Kubernetes clusters
- Implemented CI/CD pipeline (Jenkins, GitHub Actions); integrated Azure Machine Learning Services
- Set up monitoring, alerting, and disaster recovery plans
Technologies: Azure, Azure Machine Learning, Kubernetes, Docker, Terraform, Ansible, Jenkins, GitHub Actions, Python, C#, C++, ELK Stack, Grafana, ISO 27001, BSI Grundschutz
Global Industrial Gas Engine Manufacturer
Cloud Architect HPC
Jenbach, Austria | 2019
Cloud architecture for migrating high-performance computing workloads (CFD simulation, engineering analysis) to IaaS. Evaluated AWS, GCP, and Azure for HPC suitability; designed a scalable multi-cloud and hybrid HPC architecture with automated cost optimization (FinOps).
Key Contributions
- Assessed existing on-premises HPC infrastructure; compared cloud providers
- Designed a scalable and secure HPC architecture with FinOps principles
- Planned multi-cloud and hybrid scenarios; created data storage and management strategy
- Developed deployment plan, monitoring setup, and training documentation
Technologies: AWS, GCP, Azure, Ansible, Terraform, Elasticsearch/ELK, Python, ConvergeCFD, ANSYS
German Investment Bank
Project Lead & Cloud Infrastructure Architect
Frankfurt, Germany | 2018 -- 2020
Migration to a finance cloud environment at a major German banking group. Architected and executed network segmentation, service migration, and cloud infrastructure deployment across Azure, AWS, GCP, and Specialized Financial Services Cloud. Full lifecycle from infrastructure discovery through target architecture to post-migration review -- under BaFin/BAIT, PCI-DSS, Basel III, and SOX compliance.
Key Contributions
- Inventoried existing infrastructure; analyzed network traffic patterns and data flows
- Designed target architecture with disaster recovery plan and network security concept
- Implemented security controls and policies per network segment
- Inventoried services, assessed dependencies, developed migration plans with rollback strategies
- Executed prioritized service migrations; monitored migrated services for stability and performance
- Created post-migration review and project closure report
Technologies: Azure, AWS, GCP, Specialized Financial Services Cloud, Cisco Firewalls, Checkpoint Firewalls, Datadog, ELK Stack, Power BI, PCI-DSS, PSD2, Basel III, SOX, BaFin/BAIT, ISO 27001, TOGAF
National Railway Operator
Architect & Project Lead
Frankfurt, Germany | 2017 -- 2018
Designed and implemented the IP infrastructure for regional trains at a national railway operator. Hybrid solution combining on-board edge computing with AWS cloud services: IoT sensors, Wi-Fi connectivity, real-time data streaming, and predictive analytics.
Key Contributions
- Designed high-level system architecture: integrated sensor systems, network, and cloud components
- Selected IoT communication protocols (MQTT, OPC-UA); planned IEEE 802.11-based Wi-Fi infrastructure
- Deployed AWS components (CloudFront, S3, EC2); developed RESTful APIs and API Gateway
- Implemented real-time data streaming with Apache Kafka
- Set up containerization and CI/CD pipeline (Docker, Kubernetes)
- Implemented performance monitoring and log management (ELK Stack)
- Designed and tested disaster recovery and contingency plans
Technologies: AWS (CloudFront, S3, EC2), Apache Kafka, MQTT, OPC-UA, Kubernetes, Docker, ELK Stack, Grafana, Nagios, Hadoop HDFS, TensorFlow, PyTorch, IPv4/IPv6, ISO 27001, NIST
European Investment Bank
Security Vulnerability Scan & Discovery Project Lead
Frankfurt, Germany | 2016 -- 2017
Led a comprehensive vulnerability scanning and discovery program at one of Europe's largest investment banks. Defined project scope across target systems, network ranges, and software components. Assembled and led a team of security specialists (network security, application security, cryptography). Full vulnerability assessment cycle: reconnaissance, scanning, penetration testing, analysis, remediation design, and post-implementation validation.
Key Contributions
- Conducted network reconnaissance and vulnerability scanning across the bank's infrastructure
- Executed penetration testing against identified targets
- Analyzed vulnerabilities for exploitability and business impact
- Developed security recommendations for patching, configuration hardening, and secure coding
- Created detailed technical reports with CVSS-based risk ratings and presented to stakeholders
Technologies: Nmap, Nessus, OpenVAS, Qualys, Burp Suite, Splunk, LogRhythm, Snort (IDS/IPS), Cisco, Fortinet, Palo Alto, SSL/TLS, VPN, PGP, IPv4/IPv6
Global Healthcare & Life Sciences Corporation
IT Infrastructure Consultant & Legal Workstream Lead
Bad Homburg, Germany | 2014 -- 2016
Multi-year engagement at the IT services subsidiary of a DAX-listed healthcare corporation. Phase 1 (2014--2015): led the legal workstream in the global IT infrastructure consolidation program -- data privacy requirements across European jurisdictions. Phase 2 (2016): operational IT projects: MobileIron MDM deployment, Citrix thin client rollout for European clinics, email encryption initiatives.
Key Contributions
- Led the legal workstream for global IT infrastructure migration; researched and documented data privacy requirements per target country (Romania, Serbia, Poland, and others)
- Designed and authored a comprehensive 6-phase procedure for user data access
- Led MobileIron MDM migration project; resolved S/MIME encryption issues on mobile devices
- Deployed IGEL thin clients with Citrix VDA/SDA for clinics in Spain and Slovakia
- Led mail spoofing mitigation project
Technologies: Citrix XenApp/VDA/SDA, IGEL Thin Clients, MobileIron, SharePoint, S/MIME, Active Directory, Cisco, Steelhead WAN, VPN, Remedy, ITIL
Data Center Startup
Interim CTO
Dresden, Germany | 2015
Interim CTO at a startup for distributed data center infrastructure using waste heat for building heating. Led "Future of Compute" product development: distributed IaaS platform built on OpenStack and KVM. Built and led the software and hardware engineering teams. Simultaneously drove fundraising: investor relations, financial modeling, and negotiations.
Key Contributions
- Designed and implemented distributed data center architecture for IaaS
- Upgraded and optimized cloud infrastructure platform on OpenStack
- Planned and deployed distributed network infrastructure
- Built and led software and hardware engineering teams
- Secured funding through investor relations and pitch presentations
Technologies: OpenStack, KVM, SDN, NFV, Load Balancing, IPv4/IPv6, TIA-942, ISO 27001, Jenkins, GitLab, CI/CD
European Investment Bank (Cloud Project)
Software Project Manager -- Cloud Project
Frankfurt, Germany | 2015
Software project for a cloud initiative at a major European investment bank: introduction of a new tooling landscape. Coordinated Java software development, analyzed the existing IT landscape, project planning and risk management.
Key Contributions
- Coordinated Java software development for cloud tooling introduction
- Analyzed the existing IT landscape (as-is analysis)
- Created project plan, risk reports, and technical documentation
Technologies: Java, Cloud Infrastructure Tooling
Global Specialty Chemicals Corporation
Project Lead -- SAP HANA Introduction
Essen, Germany | 2013 -- 2014
Led the SAP HANA introduction as part of a global server and infrastructure consolidation at a DAX-listed specialty chemicals company. Full lifecycle: solution design, architecture, installation, data migration, testing, go-live, and post-implementation support.
Key Contributions
- Designed SAP HANA system architecture and data model
- Developed and executed data migration strategy
- Planned and executed go-live; provided post-implementation support
Technologies: SAP HANA, SAP BW, SAP HANA Studio/Cockpit, SAP SLT, ISO 27001, TOGAF, ITIL, ASAP
Mobile IoT Platform Startup
CIO & Co-Founder
Berlin, Germany | 2013 -- 2014
Co-founded and led the technical direction of an iBeacon-based mobile app platform enabling users to create location-based applications without programming. Participated in a European top startup accelerator.
Key Contributions
- Architected the technical platform for iBeacon app creation
- Built and led the engineering team
- Designed iBeacon hardware sourcing strategy; developed the technical prototype
Technologies: iBeacon, Bluetooth Low Energy (BLE), iOS, Web CMS, Template Builder
Global Law Firm
Technical Project Lead & Architect
Frankfurt, Germany (colocation sites: USA, Europe, Asia) | 2012 -- 2013
Global compute infrastructure consolidation for a major international law firm. Planned, designed, and executed the migration of server, storage, and network infrastructure into colocation data centers across the USA, Europe, and Asia.
Key Contributions
- Assessed existing hardware, software, network, and DC infrastructure globally
- Designed consolidation plan with migration strategies and target architectures
- Steered the RFP process for data centers in Europe, USA, and Asia; negotiated contracts
- Executed server virtualization, storage consolidation, and network optimization
- Conducted testing, validation, and operational handover
Technologies: VMware vSphere, SAN/NAS, IPv4/IPv6, Firewalls, Colocation (global), ISO 27001, COBIT, ITIL, TOGAF
European Telecom Operator
Project Manager -- Product Development (satellite-based IPTV product)
Darmstadt, Germany | 2011
Product development within the Products & Innovation division: a satellite-based IPTV product extending the streaming platform to customers without DSL coverage. Coordinated parallel workstreams (hardware, software, satellite infrastructure, content acquisition, marketing) using PRINCE2 methodology.
Key Contributions
- Defined project scope and objectives for the satellite-based IPTV product
- Coordinated parallel workstreams: hardware, software, satellite, content, marketing
- Selected and steered external vendors; monitored vendor performance
- Supported product launch; conducted handover to operations
Technologies: Microsoft Media Room, DVB-S, IP Multicast, H.264, MPEG-2/4, HLS, DRM, PRINCE2
Global Internet Technology Corporation
Data Center Engineer / Project Lead
Frankfurt, Germany (global: Atlanta, The Dalles, Dublin, Beijing, Belgium, Netherlands, and others) | 2006 -- 2011
Five years as a full-time employee in global data center operations. Based in Frankfurt, deployed to data center sites across multiple continents. Four major infrastructure projects: CDN deployment (video platform integration), data center build-out and cluster migration, network capacity expansion, and large-scale server rotation.
Key Contributions
CDN Deployment for Video Content (video platform)
- Planned and executed deployment with a team of 10 specialists; steered procurement, project reporting, and budget control
- Installed and configured streaming servers (RPM-based Linux distributions)
- Set up local networking and peering to backbone operators; tested fiber optic connections and configured peering hardware
- Integrated monitoring tools into the global monitoring system (services, hardware health, network traffic, intrusion detection, power, cooling)
- Defined and coordinated SLAs and OLAs between internal service owners and DC providers
- Coordinated video platform insourcing and integration into corporate infrastructure
Cluster Relocation to New Data Center
- Led the project team; planned and built out technical building infrastructure: power and cooling infrastructure (chiller, failover), fire suppression, network cabling (copper and fiber optics)
- Executed capacity calculations for cooling, power consumption, and compute
- Installed and configured network components (Juniper, Force10, Siemens Infinera, Cisco)
- Deployed server hardware; mass-rolled out operating systems and software
- Planned, implemented, and tested contingency plans (technical failures, cyberattacks, fire); integrated into enterprise-wide failover concept
- Steered logistics: warehousing, freight management, customs and import of technical equipment from the USA
Network Capacity Expansion
- Led the deployment team; conducted capacity calculations
- Installed and configured network components (Juniper, Siemens Infinera)
- Deployed server and network hardware; QA of hardware, software, and OS customizations
- Revised and tested contingency plans after expansion
Server Rotation across Data Centers
- Planned and executed the replacement of more than 5,000 servers while maintaining uninterrupted cluster operations
- Developed rotation plan: maximum 20 machines offline simultaneously
- Deployed hardware and software; updated SLAs and OLAs
- Configured monitoring tools; adapted and tested contingency plans
Technologies: BGP, RIP, IGRP/EIGRP, QoS, WDM, Peering, Load Balancing, Juniper, Cisco, ADVA, Siemens Infinera, Force10, KVM, MOSIX, XEN, Linux (RPM-based), JuniperOS, Fiber Optics, Cooling Infrastructure, UPS, Fire Suppression, Rack & Stack, Linux Kernel Development (Modules), BSI, ITIL