Forgotten Password

CV – Petar G. Romanov

p.g.romanov@outlook.com

+32 49 848 0242

Belgian and Australian national

MISSION STATEMENT

To take up a contract that will benefit highly from the full range of my infrastructure and application development and deployment skills, and allow me to remain at the leading edge of information technology

PROFESSIONAL PROFILE

Coming from a background of being a top Microsoft systems guru with 20 years of unparalleled and intimate experience across the full stack of technologies in a large scale mission critical enterprise setting, from understanding how it all works under-the-hood and low-level implementation to being able to architect, design, plan for and deploy multi-thousand user systems, I am super capable of transferring my existing knowledge to new or expanded problem spaces in both architecture and software development

I have designed and built from the ground up systems based on the TCP/IP stack (DNS/DHCP/WINS down to packet level), authentication and directory services (AD/LDAP/PKI/Radius/802.1x), client management (SCCM/MSI/GPOs), highly available/geo-clustered Exchange (from 5.5 to 2016 and Office 365 including low level programmatic mailbox and public folder database access and ADFS), multi-node AlwaysOn SQL, Microsoft identity Manager/FIM with business rules logic development in C# (compiled to a DLL), as well as the underlying networking, storage and security technologies (Ethernet and GRE packet-encapsulation/software defined LAN, Frame Relay, leased line/dark fibre, MPLS, VPN and Satellite WAN, static and dynamic VRF routing, network load balancing (F5), fully redundant entry/mid and high end Fibre Channel, iSCSI, NFS, FCoE and software defined SAN/storage, centrally managed anti-virus/anti-malware and network-to-application-layer firewalls, SIEM, IPS and IDS) – at times exceeding vendor specifications for maximum achievable performance and precision

Further expanding my scope to open source technologies, I have also mastered high security Red Hat Linux/Satellite deployment and clustered Oracle and DB, and later Puppet and AWS/Azure infrastructure-as-code scalable networking, IaaS, PaaS and SaaS technologies in a DevOps Agile/CI/CD/test-driven-development setting, coding production use applications in C#, and making forays into a full range of open source technologies – RESTful APIs, PostGre SQL, MuleSoft ESB, NGINX WAF/load balancer, Red Hat OpenShift, Docker/Kubernetes, Kafka, Chef/Ansible, AWS Aurora/RDS/ElastiCache, Jira/Confluence/Bamboo, JSON, Git, Python scripting, Angular.JS and HTML5 for web front-end, Node.JS for server, as well as multi/3 tier application architecture and MVC and C++

I have managed my own and vendor outsourced projects in environments from 250 staff in Asia Pacific region to 75000 staff strong European Commission, acting as a (team) lead consultant, engineer, designer/architect – to vendor design assurance for a 2-billion-dollar new hospital opening project with a 200 million $ ICT budget at Queensland Health in Australia.

Having worked with some of ICT industry’s veterans and best brains who have written code that still forms the basis of MS Windows OS and participated in architectural framework definition, I have learned business (process) analysis and engineering, functional and non-functional requirements gathering, TOGAF and IT4IT architecture governance, information architecture with ontology/taxonomy creation, and enterprise architecture to the point of being able to inform and lead bespoke software design, create and interpret UML diagrams and user stories, and design and code the specific solutions, as well as define an end-to-end computing and security strategic vision for a 3-5 year horizon

ITILv3 and Prince2 Practitioner certified, able to lead, support and manage and influence and act as a trusted business advisor, I possess a deep and broad experience in project and portfolio management and consulting to business stakeholders up to C-level

EDUCATION AND PROFESSIONAL CERTIFICATIONS

Current part time study: Joint Management Degree at Harvard University, Cambridge, MA, USA (admitted)
·        Diploma in Computing (with high distinction), University of Oxford, Oxford, UK, 2009

Diploma, Information Technology, Williams Business College, Sydney, Australia, 2000
Prince2 Project Management Practitioner (v2)
ITIL Service Management Certified (v3)
Technology certifications
Microsoft MCSE and higher on all Windows versions since 1996:
§  MCITP: Enterprise Messaging Administrator Exchange 2007 & 2010

§  MCSE Windows 2003 Specialist Messaging & Cyber Security

§  MCITP: Enterprise Administrator Windows Server 2008

§  MCTS: Windows 2008 AD, Windows 2008 Networking, Windows 2008 Applications

§  MCSE Windows NT4, 2000, 2003

HP Certified specialist and trainer (Compaq ProLiant Servers onwards)
§  HP/Compaq Accredited Engineer/Trainer ProLiant Servers Win 2000

Cisco CCNA, TOGAF 9.1, AWS SA and Oracle DB planned as time permits
SKILLS SUMMARY

 

Core Infrastructure

Windows Clients (NT4, 2000, XP, Vista, Win7/8/10)                                 19 years

Windows Servers (NT4, 2000, 2003/R2, 2008/R2, 2012, 2016)                 19 years

Unix Servers (Red Hat Linux, Solaris)                                                     5 years

Core infrastructure troubleshooting and operations                                  19 years

Systems scripting (vbscript, PowerShell, kiix)                                          10 years

Web servers (IIS, Apache)                                                                     12 years

Active Directory Domains/Forests Design-Implementation                       18 years (Since Beta1)

Email messaging (Exchange Server 5.5 to 2013)                                     13 years

Email migrations (Quest and MS tools, senior architect)                           13 years

Windows and Linux high availability computing                                        14 years

Fax and SMS Gateways (MS, Fenestrae Faxination)                               4 years

RIM Blackberry Enterprise Server (to version 5)                                       4 years

Identity Management (MIIS/ILM/FIM Server)                                           9 years

AD/MIIS/Exchange Integration/User & Mailbox Provisioning                     8 years

Development (C#, C++, XML, JSON)                                                      7 years

RAID/erasure coding config/expansion/upgrades                                    18 years

Compaq/HP Storage (MSA2000/P2000 range, fibre channel)                   9 years

NetApp Storage (3 and 6 series, 7 mode and clustered)                           2 years

Brocade FC switches                                                                             1 year

Tape drives and libraries                                                                        12 years

SAN Storage, MPIO Design-Configuration                                              7 years

iSCSI Storage Configuration                                                                   6 years

Hyper-V clusters                                                                                   5 years

VMWare/vSphere Server                                                                       10 years

HP ProLiant Servers                                                                              15 years

HP ProLiant Servers (Trainer)                                                                3 years

SNMP/WBEM monitoring (Compaq/HP Insight Manager)                         9 years

Fujitsu-Siemens Servers                                                                        4 years

IBM Servers                                                                                          2 years

Wintel server sizing, performance tuning and configuration                      18 years

Software Defined Storage/VMWare VSAN                                               1 year

Software Defined Networking/VMWare NSX                                            6 months

 

Teleworking and Terminal Services

VPNs and dial-in solutions                                                                     15 years

Windows Terminal Services (NT4 – Server 2008)                                    9 years

Citrix Metaframe XP & Presentation server 4, VMware VDI                      6 years

Citrix NFuse and Secure Gateway                                                          4 years

Terminal Server printing and polices                                                       6 years

 

Management

IT Leadership                                                                                        20 years

Project management                                                                              17 years

Stakeholder influencing                                                                          19 years

Programme management                                                                       4 years

System capacity management and sizing                                                18 years

Vendor support/supply management                                                       16 years

External support management                                                                8 years

Incident and Problem management                                                         14 years

Project budgeting and finance                                                                9 years

IT support management                                                                         16 years

Operations management                                                                        18 years

People/team management                                                                      4 years

Vision and Strategy creation                                                                   8 years

 

Enterprise Architecture

Business process architecture                                                                1 year

Information architecture                                                                         1 year

Design Service Management Lifecycle                                                   7 years

Roadmap definition                                                                                6 years

Authentication design                                                                             15 years

Cyber security/logging design                                                                10 years

Monitoring design                                                                                  10 years

Middleware/ESB                                                                                    1 year

3-tier application design                                                                         2 years

Load balancing and HA                                                                          14 years

Architecture Governance                                                                        4 years

Technology evaluation and selection                                                      12 years

Continuous Integration process                                                              1 year

Framework development                                                                        18 months

 

Cyber Security

HP ArcSight Enterprise Security Manager                                               3 years

Hardened Windows configurations (Web servers, IPSec)                         7 years

AD security policies Design-Implementation                                            14 years

Windows Update Services (WSUS)                                                        6 years

Windows PKI Infrastructure                                                                    5 years

Enterprise Antivirus (McAfee ePO, Sophos, GFI)                                     9 years

Hardware Firewalls (Netscreen, Watchguard, Checkpoint)                       8 years

Bluecoat Proxy                                                                                      1 year

RSA ACE/SecurID server (with Citrix, Remote Access)                           6 years

Web HTTP SSL (including client certificate authentication)                       11 years

Microsoft ISA Server (with Exchange, LDAPS, RSA integration

Web and NAT server publishing) ver. 2000, 2004, 2006                           9 years

Backup/Tape management/Restore/Service DR                                      12 years

 

Cloud

AWS IaaS, SaaS                                                                                   2 years

Microsoft Azure/Azure AD/DirSync/RMS                                                 4 years

Office 365/Exchange Online/Lync                                                           BPOS days/10 years

VMWare vSphere/ESX private cloud                                                       10 years

Microsoft Hyper-V/SCVMM priv. cloud                                                    7 years

Cloud storage systems                                                                          4 years

Public cloud networking                                                                         2.5 years

Identity Federation for Cloud                                                                   4 years

 

Databases

MS SQL Administration (v7, 2000, 2005, 2008, 2014)                              11 years

MS SQL Server sizing and implementation                                              10 years

MS SQL Clustering/HA                                                                          11 years

MS SQL Reporting Services                                                                  3 years

Backups/Restores/DR                                                                           11 years

Database Management/query writing                                                      4 years

Oracle (11g) administration                                                                    2 years

 

Software Development

Visual C# (.Net)                                                                                     7 years

Software Development Principles                                                           10 years

Java                                                                                                     studied/academic

Visual C++/MFC                                                                                    2 years

Software design                                                                                     4 years

Enterprise application design                                                                  2.5 years

 

Other

Windows Small Business Server 2000, 2003                                           4 years

Application packaging and deployment (MSI, WISE)                                1 year

Microsoft Project                                                                                   7 years

Microsoft Visio                                                                                       10 years

Orbus iServer                                                                                        1 year

 

PROFESSIONAL EXPERIENCE

Sabbatical, Europe, June 2018 – current

Having achieved my objective of diversifying IT and business skills to a level that covers ‘first class global’, I have taken long service leave/a sabbatical in Europe to define and synchronise my further interests, career steps and personal/life development goals.

Enterprise Technology Architect, NSW Department of Family and Community Services, Sydney, December 2017 – May 2018 (~10 000 users)

The NSW Department of Family and Community Services (FACS) is a government agency tasked with the statutory responsibility of protecting the vulnerable members of the society and achieving the objective that ‘all people are empowered to live fulfilling lives and achieve their potential in inclusive communities’. The cluster works with children, adults, families and communities to improve lives and help people realise their potential, and is responsible for administration, maintenance and expansion of the NSW social housing portfolio comprised of 144000 properties and set to expand by 23000 units over the next 10 years.

Reporting to the Director, ICT Strategy and Architecture, my responsibilities were to:

·        Understand the existing service catalogue, Whole-of-Government standards and capabilities such as dedicated GovDC datacentres and GovDC solutions marketplace, and Lines of Business technology requirements

·        Provide authoritative guidance and own the roadmap for Enterprise Technology Architecture and Enterprise Application Integration

·        Work with the ICT Operations, Security, the CIO and the Deputy CIO to define modern, cloud/software-as-a-service generation Enterprise ICT requirements across the 10 LoBs and the supporting technology platforms

·        Write position papers, option papers and Request for Tender/Request for Proposal specifications for vendor engagements assisting strategy creation and delivery

·        Improve existing Enterprise Architecture practice and work with other members of the EA team to create an engagement model and EA service definition that will increase ICT ability to partner with the business and translate business vision and objectives to implementable technology services solutions

·        Promote a vision I devised for User Experience driven Mobile-First Application Delivery based on an end to end linking of service design, BYO devices, MDM/MAM, cloud and on-premise application architecture frameworks, Identity Management, information/data architecture and technology platforms

·        Enable coherent and comprehensive Enterprise Service Delivery, participating in the definition of governance structure, project/program management touchpoints, supporting artefacts and flows, to ensure EA practice competently addresses the following (TOGAF ADM based) layers while enabling and supporting the major initiatives:

§  Service Design

§  Business Process Design

§  Information Architecture

§  Application Architecture

§  Technology Architecture

§  Security Architecture

·        Guide and assure internal Solutions Architecture function and vendor delivery of technology related projects

·        Assist the director in chairing bi-weekly team meetings and improving/maturing the practice

Solution Architect & Delivery Lead, Digital Workplace, GPT Group, Sydney, February 2017 – September 2017 (~400 users)

GPT, an ASX 50 company, is an active owner and manager of a diversified portfolio of Australian retail, office and logistics property assets with an annual turnover of $1 billion and with $10.4 billion of property assets under management. The Group owns and manages some of Australia’s most iconic real estate assets, including the ‘MLC Centre’ and ‘Australia Square’ in Sydney, ‘Melbourne Central’ and ‘Highpoint Shopping Centre’ in Melbourne and ‘One One One, Eagle Street’ in Brisbane.

Accountable to the CIO Leadership Team, my mandate at GPT was to lead turning of the Digital Workplace Strategy and vision into a reality of a modern digitally enabled daily workplace.

In an extremely demanding environment – one that:

·        Has ‘one of each’ of a 50 000 user enterprise systems

·        Has a total internal ICT headcount of under 40 and a handful of external vendors

·        Has recently experienced loss of key IT staff

·        Was looking for its social/interpersonal and valued service provider identity

·        With internal expectations a strained IT department will achieve both flawlessly functioning latest and greatest end-to-end technology and an excellent customer satisfaction/staff engagement level

I acted as:

·        A key pillar in bringing various stakeholders to working together and assuring the planned uplift of the End User Compute operations and architecture is a success

·        A technology master and a key influencer trusted to help steer the ship into renewal of productive collaborative working, re-enforcing where needed and unblocking dependencies

·        A lead for the previously stalled programme to transform the IT environment into a Digital Workplace, including:

o   Refinement and expansion of an EUC uplift RFP document and approaching-the-market process

o   Vendor selection criteria consulting

o   Validation of a full suite of underlying security, networking, AWS and Azure/Office 365 infrastructure components and dependencies

o   Client management uplift from SCCM 2007 to SCCM vNext (Current Branch)

o   A switch to user centric self-service/workflow based software deployment (MSI and App-V applications)

o   End User Compute upgrade to a full suite of Windows 10 generation technologies, including the integration of advanced security components:

§  Device Guard (except Code Integrity Policies)

§  Credential Guard

§  Windows Hello

§  Secure/Measured/Trusted Boot and Early Launch Anti Malware

§  Lenovo Thinkpad X1 Yoga (3rd Gen) firmware security

·        A lead and process evangelist for the continuous DevOps like introduction of features and functionality in the new Windows-as-a-Service release model

·        A portfolio lead for integration between the key technology and department identity definition projects:

o   Active Directory reorganisation

o   The Digital Workplace, including Office 365 Identity Management

o   Document Management (SharePoint 2007 to 365, including adoption of OneDrive as the corporate user data repository)

o   Web security infrastructure uplift (TMG to Bluecoat proxy)

o   Citrix XenApp/XenDesktop upgrade to v7.1

The engagement achieved deployment readiness, improved team integrity and morale and transitioning to Evergreen/Windows-as-a-Service continuous SOE release model ahead of schedule.

Enterprise Architect & Delivery Lead, Queensland Health, Sunshine Coast, February 2016 – January 2017 (~4500 users)

This was a role of chief infrastructure advisor for Queensland’s public private partnership with Lend Lease to open the largest new hospital in Australia in the last 20 years, worth in excess of 2.2 billion, with an ICT investment of 200 million; 40000 Cisco Ethernet ports on an array of Nexus 2K/5K and 7K switches, 3500+ Cisco wireless access points and 5 HA controllers, latest generation EMC virtualised VNX/VPLEX storage, HL7 based health integration ESB and a full range of on premises compute, backup and monitoring solutions. Reporting to the Director of Strategy and Planning with a dotted line to the CIO, and working at Enterprise, Solution and Technical Architect levels as requirements dictated – in an Agile setting – I:

·        Provided ICT Infrastructure investment advice and oversight including formulating digital asset management strategy parameters

·        Queried and delivered design assurance and evaluation of vendor proposed solutions for

o   Datacentre, core and edge networking (wired and wireless)

o   Multi VRF local routing and Firewall/IPS infrastructure

o   OSPF/BGP WAN routing and Queensland Health integration/inter-site connectivity with specific goals of extending connectivity to AWS and Azure

o   F5 GTM/LTM load balancers

o   Core storage, compute and virtualisation platform (VNX/VPLEX/Dell/VMware)

o   Systems and application monitoring

o   Facility Active Directory and Identity/Access Management

o   Clinical messaging (voice/text)

o   Data warehousing

·        Solution designed a cross site highly available deployment for ESB service (Orion Rhapsody)

·        Advocated the use of AWS for IaaS and Azure AD and Microsoft Identity Integration products as the future standard for user identity management

·        Working with applications and information enterprise architects, wrote business specific Statements of Direction on the overall ICT strategy covering the 5 Sunshine Coast Hospital and Health Service sites and highly available geo distributed data centres

·        Participated in the Enterprise Architecture practice development, frameworks adoption and refinement and supported pattern/anti-pattern definition

·        Drafted the Health Service local server and storage and cloud position papers and delivered a comprehensive dual site model application hosting platform paper and patterns collection (in terms of products this translated to VMware VSAN/NSX, EMC RecoverPoint, Windows 2016)

·        Consulted and advised on high availability, disaster recovery and business continuity approaches for the mission critical medical and administrative applications

·        Informed the business executives and the senior leadership of contemporary and emerging technology trends, developments and the current/likely future directions

·        Worked with the delivery teams to resolve complex design concerns and delivery/support cases

·        Drafted the complete Request for Quotation for the secondary site Nambour General Hospital compute and storage platform (Dell blade/VMware VSAN hyper-converged) and assured the designs/oversaw deployment and performance testing/pilot deployments (naming the platform ‘Hexis’ after an Aristotelian term)

·        Introduced the topics of software defined networking and storage into emerging technology roadmaps, including the transition from the OS to process virtualisation strategy (Windows/Linux containers)

·        Advised on testing and pilot level validation of the key Identity deployment systems (integrated AD, web directory and telephony) for the hospital go live

Enterprise Infrastructure Architect & Delivery Lead, Healthdirect Australia, Sydney CBD, February 2015 – January 2016 (~250 users)

Healthdirect Australia is a federal and state government funded operator and Agile/DevOps centric application solution provider of digital services to Healthcare sector. With their large entirely AWS (over 600 instances in 17 VPCs) hosted application base comprised of the 24×7 National Nurse Triage service handling over 1million calls per year, web and API accessible National Health Service Directory and National Endpoint Proxy Service allowing e-health records sharing, as well as a number of health and care web sites providing guidance and information, GP video/voice call capabilities and various support services to the Department of Social Services, the Department of Health, Medibank etc. In this role, I:

·        Working with a wide array of AWS services, filled in the gaps in previous hundreds-of-servers infrastructure configuration

·        Participated in the overall application, cyber security, network and infrastructure architecture management and governance forums and process throughout the SDLC

·        Provided expert advice on enterprise technology requirements for the corporate portfolio of services, assisting with request for proposal building by owning/representing the infrastructure requirements

·        Assisted with the leadership of external vendor engagement by shaping the understanding of the topic and the progression of the conversation into workshops and design, and validating the delivery

·        Owned and led the infrastructure agenda and team effort, incorporating it with strong formal cyber security requirements (Attorney General PSPF and Australian Signals Directorate ISM)

·        Owned and led the Corporate Digital Workplace Strategy portfolio and project execution including adoption of the full Office 365 suite, Azure AD Premium, cloud multi factor authentication and Intune BYOD

·        Interfaced with a DevOps Solutions architect to translate infrastructure to code via automation tools like Puppet, Git/Stash/JSON/Python and to develop Dev/Stage/Prod design and operations thinking and culture/practice

·        Participated in risk management, design and progress steering efforts with the Chief Architect and the IT Governance Committee

·        Oversaw and steered high and low level design developments and implementation for:

o   AD upgrade from 2003 to 2012 R2

o   DNS service re-integration between Prod and Corporate (AD integrated and BIND hosted)

o   The tenant registration and authentication design for Dynamics CRM Online deployment

o   Design and deployment of a 4 server load balanced ADFS/ADFS Proxy farm using internal Radius MFA to enable Azure AD SSO (password only internally, MFA externally)

o   Design and deployment of Exchange Hybrid with the existing AWS based Exchange 2010 platform to enable mailbox moves to O365

o   LAN and WAN network redesign:

§  Cisco switch upgrades for the two offices (Small Business 500 and 2100 to Catalyst 2960 and stacked 3850, new VLANs, VTP, STP review, HSRP routing)

§  Wireless network upgrade (Ruckus APs and ZoneDirector 1100 upgrade to HA 1200)

§  Fortigate 1000c active-active cluster design and deployment (oversight of external vendor/engineer effort and test and implementation validation)

§  Establishing of additional S2S VPNs into a new AWS VPC to host Puppet managed Corporate services

§  Design and the implementation of a Windows based PKI, NPS/Radius and 802.1x wired and wireless authentication solution

·        Oversaw and provided governance and architectural guidance for the external workshop and design effort for Azure RMS, S/MIME and endpoint encryption, DLP considerations, Intune/SCCM, SharePoint/OneDrive for Business, Skype for Business and Yammer

·        Provided the roadmap and best practice solution design for identity management across the 5 current AD forests to ensure both ADFS support and Linux server directory integration (MIM based)

·        Owned and continuously improved the infrastructure for data store services, including:

o   SQL 2012 AlwaysOn HA, SSIS/SSRS and data flows for corporate BI

o   Replicated Postgres/PGPool HA and Pentaho ETL

o   Red Hat Satellite/Spacewalk and WSUS patching to achieve strict ISM requirements

o   JBoss Datagrid/Memcached design (being transitioned to AWS ElastiCache)

Solution Architect/Infrastructure Designer, Core Infrastructure, Westpac Banking Corporation, Sydney CBD, October 2014 – January 2015 (~35000 users)

Westpac Banking Corporation, one of Australia’s Big 4 banks, consisting of Westpac and St George retail banks, BT Financial Services as wealth management and Westpac Institutional Banking/WIB as investment banking arm, is a key financial services provider in Australia and New Zealand with more than 12 million customers, 1200 branches and staff count of over 27000.

Hired for two specific streams at BTFG I was responsible for:

·        Panorama – Assisting with both external vendor relationship management and internal deployment efforts for the Avaloq Banking Platform dev environment deployment, based on in house Linux SOE standardisation delivered by RH Satellite and design of a repeatable solution stack (Red Hat 6 and 7)

·        Oracle E-Business Suite CRM to Exchange Server calendaring access via web and EWS APIs – consulted to internal software development teams on building the link between the CRM system used by the bankers and Outlook mailbox calendars

In addition to my own streams, I participated in peer reviews and internal discussions, in topics such as:

·        Active Directory reconfiguration (replication and GPO changes)

·        Citrix XenApp remote administration access

·        Highly available SQL AlwaysOn Clustering (solution design and operational integration)

·        ADFS and Exchange Server migration into the cloud/Office 365

·        Evaluation of viability for transfer of Tivoli Storage Manager backups directly into AWS S3 and Glacier storage for WIB Singapore

Enterprise Technology Consultant, IdM, Cloud and Messaging, Dimension Data, Sydney CBD, June 2014 – October 2014 (client facing/varying size customers)

Dimension Data, part of NTT group, is a leading provider of consulting services, systems integration and cloud solutions globally and especially in Australia.

Working in their professional services division, I was responsible for Technology Consulting to a wide array of government and private sector clients at senior engineer/architect level, leading design and implementation of the next generation systems and services.

Projects delivered in this capacity include:

·        Internal Dimension Data messaging service high availability redesign and enabling of transition to the new strategic DD cloud platform (tasked with recovery after a 12h service failure and production outage)

·        Advanced DFS redesign and operational improvement exercise for Federal Court of Australia

·        Low level design of Active Directory consolidation and IdM service for the New South Wales Department of Justice

·        Jupiter’s Casino Townsville high and low level design and validation for the Active Directory and Computer/Server estate divestiture for The Star Casino/Echo Entertainment Group.

·        Exchange 2010 to Exchange 2013 and then Office 365 transformation design and execution for the NSW Forestry Corporation

·        Lotus Notes to Exchange 2013 transition for over 2000 users at George Weston Foods/Associated British Foods using Dell Notes Migrator for Exchange and Coexistence Manager for Notes

·        Participation in internal service improvements workshops and efforts to ensure the next level of service is planned and rapidly becomes achievable as the cloud adoption accelerates

Cyber Security Platform Architect/Team Lead, EU Government/European Commission, Luxembourg, July 2012 – January 2014 (~75000 users)

European Commission, with an annual IT budget of over 170M €, has a dedicated IT organisation of 1200+ staff in HQ in Luxembourg, providing and supporting the EU Technology Platform consisting of 3.5 PB of tier 1 and 45 PT of total storage, 5000+ servers, 5 large datacentres and an impressive array of leading enterprise applications and services both off the shelf and developed in house, serving internal staff, associated agencies and millions of external (EU citizen) customers.

As an SME in infrastructure and cyber security architecture and a trusted advisor already intimately familiar with the internal organisation, systems structure and decision making process, and having previously uncovered foreign malicious code on EC messaging servers from my role at the EU Foreign Service in Brussels (EEAS) and then assisted in the crisis and incident management effort, I was asked to join the EC IT in Luxembourg to evaluate the operational integrity of their newly built private cloud platform and then help build the systems, infrastructure and organisational function for handling of IT security as well as future incident response and mitigation.

·        Initially led a team of 10 infrastructure specialists in the Private Cloud/core platform section (DIGIT.C2) to review the design and operational practices of a large 3500+ virtual instance platform serving as the future compute platform underpinning the EU institutions

·        Delivered design review and monitoring improvements for the existing 7×10-node vSphere 5 clusters private IaaS cloud of 3500+ virtual instances (HP ProLiant 7 series ESX servers, EMC/HDS/NetApp FC & NFS metro replicated storage, System Centre Orchestrator driven, SCOM and vCenter Operations Manager monitored, SCCM configuration managed for Windows OS)

·        Acted as enterprise cyber security architecture advisor for the Security Executive, participating in the enterprise cybersec roadmap definition, programme planning and management of security improvements delivery

·        Provided definitive enterprise architecture advisory for internal security systems as well as architecture cyber security advisory for wider enterprise platforms and applications

·        Moving to Security Operations Centre, led three teams of 12 across backend infrastructure, frontend analysis and reverse engineering of discovered malware groups, motivating analysts and engineers to adopt a can-do attitude and get personally involved with the end-to-end quality of service delivered

·        Infrastructure architected and performance tuned a real time network traffic analysis system based on a VSS vBroker 220 fail open tap, SourceFire sensors and Suricata IPS/IDS running on Ubuntu and inspecting up to 10Gbps of real time network traffic (2-4Gbps over 2 FireEye WebMPS devices)

·        Was a go-to point for the Head of Operations and held operational responsibility for event analysis, service availability, performance and cost (Cisco LACP, Oracle DB, ArcSight ESM, 4 vSphere 5 clusters, ArcSight Loggers, McAfee vulnerability scanners, tens of event connector servers and the underlying FC and NFS/iSCSI storage, with a licensing budget of 5M €)

·        Played a catalyst and advisor role in the organisational problem definition in cybersecurity space and formulation of strategies to address the most serious APT threats (continuing effort)

·        Advised to cyber security breach response programme board to Director, level helping steer this large IT organisation of key influence through the landscape of emerging security threats, topics and issues

·        Was tasked with resolving a problematic existing deployment of HP ArcSight SIEM engine which I reshaped into a solution handling one of the world’s highest capacity security event engines (up to 1 billion events per day from sources such as Domain Controllers, Email servers, proxy, firewall and web access logs using parallel distributed writing to Oracle DB over multiple connectivity channels/dNFS multipathing – HP support considered it a one off globally in terms of the scale and complexity)

·        Validated configuration changes, defined desired target states and established a Dev environment for ESM to PoC/validate data transfer steps prior to executing them in production

·        Rapidly mastered the technologies required for provisioning of this design to be able to guarantee the highest service levels (NetApp 3 and 6 series clusters in NFS, iSCSI and FC accessed storage, 64 core/256GB ProLiant Servers, security hardened and large memory optimised Red Hat Linux, high capacity Oracle 11r2 backend DB and HP ArcSight 5.5 SIEM engine)

·        Redesigned the existing partial event collection tier on a large VMWare vSphere 5 FC/iSCSI/NFS cluster hosting Win2008R2 and Red Hat 6.3 guests to ensure 0 event loss and predictable performance/operations (an improvement over up to 30% event loss previously)

·        Managed vendor relationship with HP to improve product selection and purchasing, operational suitability of the platform and increase system performance

·        Managed the architecture for event generation, collection and forwarding to a correlation engine as well as team efforts around it

·        Provided the definitive architectural guidance on Intel server, IP and SAN networking and storage systems usability, best practices and limitations

·        Led the systems hardening exercises for Red Hat and Windows servers engaged in the cyber security domain, and plans for the infrastructure segregation to separate the security monitoring environment from the general IT one

Platform Architect & Delivery Lead, EU Foreign and Defence Service/EEAS, Brussels, October 2010 – March 2012 (~8000 users)

EEAS is the Diplomacy Service/Organisation of the EU managing the external efforts and the truly global network of the EU Delegations in ~130 countries worldwide. The EEAS IT is comprised of HQ with about 110 IT staff, a globe spanning MPLS and satellite network to around 100 major and 30 minor embassies in capitals around the world, approx. 850 servers, 7000 users and an annual IT budget of 22M €.

Following on from my original partnership with EC DG Relex (European Union External Relations department precursor to the new Foreign Service) in 2004-2007, as a trusted advisor and an authoritative source on matters of enterprise infrastructure services, I was asked to re-join the organisation during their second key period of becoming a new institution with own IT services, owning the portfolio comprised of the Identity Management, Directory Services and Messaging platforms, all being spun off into a new independent service. I:

·        Led the solution architecture I previously helped establish at the organisation through delivery of a comprehensive Enterprise Technology Roadmap and evolution discussions for the future technology selection and adoption according to business strategic requirements

·        Acted as a trusted technical authority, business advisor and a centre of excellence for the  complete range of end user computing, datacentre, storage, directory services, messaging and collaboration and cyber security services

·        Designed the target state and the transition steps from previous DG/sub-organisation to target independent ICT service provider service state

·        Delivered the high and detailed level design, implementation and production migration from existing systems to a clustered new platform forming the basis of the new IT service (Windows/AD 2008R2 forest, 2x vSphere cluster on HP MSA2000 and EVA iSCSI/Cisco and FC storage, Exchange 2003 and 2007 clusters, SharePoint and SQL DBs, PowerShell scripts) including a time critical project of migration of the Exchange Email/Public Folder service, data and permissions, and extensions to Identity Management flows in order to meet a very aggressive deadline with significant consequences while ensuring no adverse user impact (InterOrg replication utility, MailMig, MIIS/ILM reading from an AD LDS instance, McAfee endpoint protection)

·        Custom developed C# code for the client SMIME/email encryption certificate migration and continuous synchronisation of mailbox and public folder permissions from source to target identities

·        Managed the business application architecture and timely delivery of a new Identity Management system for the service, required to enable the Email migration and support the business logic of a new independent organisation

·        Based on Microsoft FIM (ILM 2007) with C# compiled DLLs and XML stored configuration and logging parameters as driving logic, AD LDS/ADAM as identity store and the EC corporate (Unix) LDAP metadirectory as information source, implemented the new User Identity Management System

·        Designed, tested and piloted the client PC and branch office server migration plans and process for HQ in Brussels and the 10 centrally managed (high speed network links) delegations (using ADMT as tool)

·        Conceived and delivered standalone resource forest Lync Server implementation as proof of concept while Siemens tools were being considered, provisioning the required accounts/identities and SIP addresses automatically to a trusting AD forest using MIIS

·        Managed external vendor support interactions (mainly EC IT/DIGIT and Microsoft)

·        Trusting own infrastructure integrity, guided and directed Microsoft PSS into escalating the memory dump/reverse engineering analysis of a mysterious services.exe memory leak to Security Response Centre, which resulted in the discovery of a new advanced persistent threat, as well as a loading/storage method (loadable DLL data in otherwise unused and barely documented file system extended attributes), and being a first case of large EC (presumed state level) cyber espionage. Malware code was described as an advanced light operating system by MS SRC, running on hundreds of European Commission and Foreign Service Exchange servers and domain controllers. I later discovered additional attack vectors clearly targeting globally sensitive information

·        Assisted senior management of the organisation (Department Heads and Directors) in understanding the scope and impact of the issue, uncovering related incidents and formulating a response and remediation strategy in what was another European Commission first I ended up leading, including coordination with MS SRC and the Diplomatic Service wide server estate auditing, reconfiguration, updating and monitoring improvement exercises (leading to a request for my assistance and a move to the EC central IT division’s HQ in Luxembourg)

·        Consulted to IT executives on the programme and roadmap management, and coached junior team members

Technology Project Manager, Aviva Investors, London City, September 2009 – September 2010 (~1200 users)

Aviva Investors (formerly Morley Fund Management) is the investment banking arm of the UK based Norwich Union Insurance, renamed when all of Norwich Union businesses were rebranded to a single Aviva name in the autumn of 2009.

I joined the global uplift programme of this finance house situated across the road from the Bank of England after it was repeatedly delayed and side-tracked and requiring expert validation for steps impacting trading systems and Group Executive identity, email and mobility management environments. Using my strong infrastructure background and signature delivery focused impetus well aligned with the in house trading SDLC process, I helped turn things around and deliver key components in record time

·        Led the platform upgrade effort and rollout of a global Hub/Spoke Datacentre infrastructure with redundant hub sites in London and Singapore (IBM Servers, NetApp iSCSI storage)

·        Acted as a trusted infrastructure delivery adviser, being a key driver in program delivery

·        Developed, triple tested and validated the migration process and scripts prior to impacting the mission critical production and the dependent trading systems, Group Executive email and Blackberry BES services

·        Migrated Aviva Investors 2500+ mailboxes from Exchange 2003 to Exchange 2007 without any interruptions using custom developed PowerShell scripts

·        Managed the Lotus Domino 7 to Exchange 2007 inter-organisational migration for Aviva Group mailbox move to Aviva Investors Exchange clusters using Microsoft Transporter Suite, Quest Notes Migrator for Exchange and Microsoft MIIS/ILM Server

·        Oversaw the deployment of the base server build for the datacentre in Singapore

·        Coordinated Blackberry Enterprise Server 5 HA deployment and the initial post migration service testing

·        Liaised with the external support delivery organisation (Cap Gemini) to ensure maintenance of the production environment during key change operations and transition of the new, project delivered services, to the BAU

Enterprise Architecture Specialist, LGC Group/LGC Forensics, London, September 2008 – September 2009 (~2200 users)

LGC, the former UK Laboratory of Government Chemist, is a scientific measurements, genomics and forensics analysis company based in the UK and present in 22 countries worldwide, providing lab and science services to pharmaceuticals and biotechnology, food, agricultural biotechnology, sports as well as the government (police force and criminal justice system).

I was hired by LGC, traditionally a Novell/GroupWise environment, to advise to the CEO and the CIO on a transition to a modern Microsoft Windows/AD Domain/Exchange platform and ERP and LIMS system integration and evolution, to help pilot and support it so they can get closer to achieving a strategic objective of readiness to embrace future technology:

·        Assisted with creation of the laboratory data collection and retention vision and strategy

·        Evangelised the transformation to a modern Microsoft/VMWare private cloud based house to a conservative Novell technology IT group

·        Managed VMware/Windows/AD/Exchange/Cisco infrastructure and support, including server builds, DNS, GPOs, Etherchannel and VLANs, the cyber security, service monitoring and reporting, bringing acceptance of Windows and Exchange as platform to business forefront

·        Managed and supported the existing VMWare ESX private cloud platform on HP Blades and EVA storage and Cisco switching and routing

·        Designed and implemented a high security Hyper-V hosted Exchange 2007/ISA2006 environment to be used for the connectivity to a private Criminal Justice Secure Mail (CJSM) cloud to demonstrate the system reliability and security for production use

·        Delivered Windows Update Service to scope including all 7 UK sites (1200+ clients, 140+ servers), resulting in 97% of Windows clients updating automatically within 3 days.

·        Managed the backup infrastructure turning it into a reliable and dependable enterprise DR service (based on Symantec Backup Exec 12/12.5, multisite/multi library)

·        Managed the Sophos endpoint protection central configuration and updating

·        Delivered an SQL 2005 Reporting web part and code required to report Windows Update status in SharePoint

·        Continuously added value by advising on IT infrastructure, supported and consulted to the CIO on the upcoming migration to Exchange 2007 as a new messaging platform

·        Reshaped the existing rudimentary HP SIM implementation into a solid tool which included monitoring of all HP servers, iLO processors, server Blades and ESX hosts as well as HP software and firmware mass deployment framework

·        Provided technical support to the CEO office, finally resolving several long outstanding major technology support issues

ITIL Problem Manager/Tech Advisor to Global Services CEO, British Telecom Executive Services, Brussels, September 2007 – September 2008 (~12000 users)

BT Executive Services provide the technology advisory, infrastructure and IT services to top BT executives (CEO and the next two levels of direct reports – C-level roles, Presidents and their staff).

10000+ staff strong BT Global Services was headquartered in Brussels, with the CEO, Francois Barrault and his team based there. Hired to be the global enterprise technology advisor and head of local support service delivery to the GS CEO, I evangelised BT GS Webtop desktop platform based on end-to-end integration of standardised Windows 7 and pod-like backend service packages bundled with custom in house developed components, achieving what is in essence a first generation private cloud offering intended as BT’s future compute platform and the basis for external service offering, just as Francois was appointed to the BT Group board and considered the likely next chairman:

·        Brought deep systems expertise to support given to BT’s Executive Team in Brussels

·        Resolved several complex and long standing service networking, Exchange ActiveSync and Blackberry Enterprise Server problems affecting the Executive Team in Brussels complex needs

·        Coordinated IT infrastructure projects and escalation to infrastructure owner teams in Benelux (networks and proxy) and the UK (authentication, email, BES, VPN etc.)

·        As the key re-enforcement of a support structure within a wider services organisation, directly assisted and coordinated wider support for BT Design CEO, BT Global Services CEO, Presidents, Vice Presidents and their immediate teams

·        Managed and evangelised BT WebTop platform adoption and visibility within the local Executive user base

·        Maintained an excellent relationship with Francois and BT GS Executives

Global Program Architect & Project Manager, European Commission External Relations DG, Brussels, June 2004 – September 2007 (~7500 users)

Leading the EC Diplomacy arm on their journey from a central support helpdesk to becoming an IT organisation of an autonomous EU Diplomatic Service/Policy function responsible for the IT estate of ~130 EU Delegations in most countries around the world, I joined as a global platform architect tasked with guiding the newly forming organisation into a programme which was their first large scale effort to achieve a private cloud style system for delegations ranging in size from 2-5 up to 250 staff. I designed reusing existing enterprise components and services where suitable, and producing own configuration components to enable an uplift from support ending variety of Windows NT4/Exchange 5.5 systems to a uniformly configured, rolled out and supported state-of-the-art Windows/Exchange 2003 digital platform with managed identities – as well as assisting the EEAS to become the EU Ministry of Foreign Affairs as planned under the then proposed EU Constitution.

Rising to become the star of the team, a service delivery pivot and a trusted advisor to the Head of Unit and IT governance structure, and acting as an accepted definitive authority on all systems Microsoft and IT market evolution, I led the high level design efforts centred around global scope definition and systems delineation, delivered low level designs and sandboxed configuration blueprints, designed the least invasive migration path and then managed the deployment of an effort seen as a key reputation builder in a global clout environment of the EU Diplomatic Services, where getting the large scale uplift programme right was paramount:

·        Guided the organisation though the technology and projects aspects of growth from a central global service desk to an enterprise IT Provider

·        Provided both the industry insight/proven practices experience and forward looking advice on how large scale technology needs are to be handled for successful outcomes (today’s Solutions/Infrastructure Architect work mixed with Programme/Portfolio Management)

·        Established IT architecture as a required and accepted organisational function

·        Designed the multi forest, multi-site Windows Server, Active Directory and Exchange platform for the EU Delegations globally (approximately 130 countries, 300+ servers, 150 Exchange servers, 6500 users)

·        Identified the current state, designed and validated the target state and the transition steps in a series of PoCs

·        Persisted in structured project management of the migration effort to ensure a methodology of clear conceptualisation, design, testing and validation, pilot and initial deployment phases always preceded mass rollout, ensuring consistent delivery of top levels of service (rewarded by a complete project success and a more senior partnering engagement 3 years later)

·        Managed the platform roadmap and interactions with various EU internal services and stakeholders required for the transition to be seamless (corporate email routing, centrally reverse proxied webmail and mobile device access, S/MIME PKI and LanDesk configuration management), ensuring service uplift dependencies were clearly defined, delivered and tested prior to deployment

·        Project led Microsoft effort to design a global identity management solution to support the automated user provisioning to Diplomatic Service HQ and 130 delegations worldwide (based on a global ILM server driven deployment using the central LDAP Metadirectory service of the EU as the source of truth)

·        Using Exchange deployment tools and scripts, seamlessly migrated pilot and key delegation forests from NT4 to AD and Exchange 2003 in Georgia, Armenia, Nicaragua, Vienna, Paris, Rome, Singapore, Macedonia/FYROM and Norway

·        Documented the mass rollout process and provided platform training to the local IT staff in delegations performing bulk of the local systems uplift work

·        Managed remote sites platform uplift during the mass rollout stage, acting as the 3rd level support and central resolution/escalation point for any issues not resolved by local engineers and junior HQ team members in L2 and L1 in the Delegations

·        Coordinated systems changes and evolution continuously with the EC HQ Directorate General for IT/DIGIT (e.g. switchover from X400 to SMTP email routing, introduction of McAfee ePO)

·        Delivered a set of test criteria and questions for hiring of support officers for worldwide embassy technology operations

·        Conceptualised, designed, tested and migrated a passwords/security information database at the HQ in Brussels from a legacy single user clear text MS Access solution to multi user, connection and storage certificate TLS encrypted SQL Server 2005 engine.

Principal Technology Consultant & Technical Account Manager, Xylos NV/SA, Belgium, May 2001 – June 2004 (customer facing/varying size organisations)

This is where my consulting experience comes from – Xylos was a top boutique European ICT Consultancy with offices in Brussels, Antwerp, Paris and Moscow with a Europe wide customer network, having an exclusive sole authorised training centre for Benelux agreement with Compaq at the time when ProLiant was the server platform of choice, and being a leading Microsoft training partner and centre of excellence. I was a key consultant with both the intimate knowledge of Compaq storage, industry standard server and management software products and roadmaps, as well as the full suite of Microsoft servers, project methodologies and 3rd party tools, together forming a key delivery partnership in the region to roll out some of the most advanced next generation clustering, HA and performance benchmark setting projects in North Western Europe.

Becoming a certified Compaq trainer directly in Houston, Texas, working on blade servers several years before their general availability release, and already possessing excellent customer focus and systems management experience from my previous role in Australia, I was engaged as a principal consultant and lead for mission critical Active Directory, Exchange and application/SQL systems, designing and delivering a number of key highly available computing solutions:

·        Led the practice by leveraging Compaq and Microsoft skills and knowledge to offer best in class, high performance/reliability infrastructure solutions

·        Mastered the technologies required and delivered a number of clustered Exchange, multitier application optimised SQL, and File/Print instances (based on various ProLiant 3, 5 and 7 series servers, and MSA SCSI and FC storage)

·        Carried out multiple complex directory and messaging migration projects for key Benelux enterprises (NT4/Ex5.5 via ADC and Quest to AD and Ex2000/2003, ADMT, sIDHistory)

·        Delivered large scale Fax and SMS gateways (Outlook CDO based) to venture capital funded projects

·        Provided multiple detailed AD, GPOs, Sites, OUs, DNS/WINS name resolution designs and implementations

·        Was the expert delegated to Microsoft Benelux to present Small Business Server 2003 and Exchange 2003 at a roadshow in 7 locations throughout Belgium, Netherlands and Luxembourg, holding demo presentations and hands on labs

·        Acted as a go-to person for the engineers and junior consultants on all Microsoft, Compaq, infrastructure/networking and performance optimisation matters

·        Designed and implemented multiple remote working Windows Terminal Server/Citrix Metaframe/NFuse web access solutions (RSA SecurID and client SSL auth protected)

·        Supported and troubleshot various complex Windows, AD/GPO/DNS/FRS, IIS, SQL, Oracle, Altiris, RSA SecurID McAfee Antivirus, Netscreen and Watchguard firewalls, Cisco IP routing,  switching and VPN related systems issues, refining my low-level system skills and understanding

·        Carried out a comprehensive mobile systems cyber security study at the European Flight Control (EuroControl), making key recommendations on a full range of enterprise security systems and practices required for laptop security

·        Designed and implemented numerous cyber security solutions based on McAfee anti-virus, CA ArcServe and Backup Exec, Microsoft ISA, Netscreen and Watchguard firewalls

·        Provided Compaq and HP training, being one of a handful of authorised Compaq and Microsoft trainers for Benelux region, including core Windows 2000 platform, Exchange Server, SIM32, Insight Manager 7 and HP SIM

·        Made initial forays into virtualisation as it was taking off (VMWare workstation and GSX server, virtual Microsoft clustering, Virtual PC/Virtual server)

·        Time/Relationship managed own projects and coordinated team efforts over the 3 year period, acting as trusted advisor and technical account manager to clients, achieving excellent customer references and lasting advisory relationships

Systems Manager, Newbridge Networks/Alcatel, Sydney, March 1999 – March 2001 (~250 users in Asia Pacific)

Newbridge Networks was a leading dot com enterprise/carrier grade networking company and one of the founding vendors for backbone Internet infrastructure (later acquired by Alcatel), providing some of the world’s fastest and most manageable high-end routing and switching platforms to the likes of Telstra, Optus C&W, AAPT as well as Westpac/CommBank/Woolworths etc.

Managing and supporting the APAC ICT estate and vendor relationships, reporting to APAC executives and Asian head of IT directly, I was responsible for systems evolution in the region, managing:

·        Two engineering resources/trainees

·        Windows server, NT4 domain, Netscape email (running on Solaris 9) and remote access IT Infrastructure for South-Pacific Region (5 offices, 180 users)

·        New projects and day-to-day operations, including IT infrastructure,  PABX, voice and VoIP/VoFR integration, regional WAN links, staff remote access and corporate mobile telephony accounts

·        Regional and global corporate systems evolution, guiding desktop support contractors and interns and advocating improvements to meet the region specific needs with the HQ in Canada (i.e. teleworking during the Sydney Olympics)

·        Managing relationships with Optus as mobile telephony provider, C&W as Frame Relay WAN link vendor, HP and Ricoh as printing solution sources, Telstra as fixed telephony providers and Siemens as PABX telephony support vendor

·        Coordinated infrastructure (Windows domain, WAN network, telephony) merger with Alcatel systems at company acquisition

·        Automation of systems deployment scripts using Ghost and Sysprep, achieving an environment similar to SCCM SOE/MDOP today

·        Maintaining an excellent relationship with staff, corporate IT organization and external service suppliers to enable the technology uplift projects

Systems/Network Administrator, Williams Business College, Sydney, Dec 1998 – July 1999 (~450 students and staff)

Williams Business College is the oldest Australian private technology training institution, having been founded in 1894 by Hugh George Williams to equip students with modern workplace skills.

As a top student and an already experienced IT specialist from previous business support engagements during secondary school in Yugoslavia, I was recommended by the tutors for the role of Systems and Network Administrator, and managed and supported the college ICT assets:

·        Two site, Cisco routed, ISDN Internet connected 10BaseT network

·        2 Windows NT 4 and 1 Windows NT 3.51 servers, including MS Internet Proxy and POP3 email service

·        350 Windows NT Workstation student PCs, including service pack upgrades, roaming and mandatory profiles, file sharing, printing and a partial PC refresh

·        Evolution of computer platforms, advising on procurement of new server, networking and end user compute devices.

 

REFERENCES

Available upon request

LANGUAGES

English – close to native speaking (and sometimes better)

French – entry conversational/written

Croatian/Serbian – birth language

 

 

Leave a comment

Your email address will not be published.