.

Replaced previous network core (Cisco SG500 series) with new Cisco ACI spine/leaf infrastructure. Designed and implementated a new security zoning concept based on Cisco ACI, which will gradually replace the previous zoning concept based on multiple traditional Cisco ASA firewalls.

Designed and implemented a new backup and archiving infrastructure based on Veritas NetBackup and a Dell ML3 tape library. Created a new backup and archiving concept using following:

• RedHat 8.5
• NetBackup 9.1
• Network Bonding
• SAN via iSCSI
• Tape Multiplexing
• Tape Encryption
• VMware Integration
• Deduplication
• Storage Lifecycle Policies (SLPs)

back to Resume

• Configured the automatic failover of our virtual infrastructure to our DR site
• Migrated the old VBS logon scripts to an AD group policy to simplify changes and to keep compatibility with future operating systems
• Migrated the DHCP system to Windows Server 2012 R2 and configured failover options

• Scripts for logging print jobs and user logins
• GUI tool to simplify folder permission changes for users
• Intelligent wake and shutdown script for automatic workstation maintenance tasks during the weekend
• Script to automate the creation of RSA token users
• Outlook button to create new SCSM tickets based on emails
• Bulk PDF conversion with user input simulation
• Inventory of VMware VMs and SQL servers
• Customized mutual help desk tool TSTool3 to meet company requirements
• and a lot more…

Analyzed complex historically grown firewall rules on Bluecoat ProxySG 600-20, consolidated them in centralized management platform Panorama and reduced number of rules by over 50% in order to simplify the management on Palo Alto Networks 5020 devices. Enhanced the rules with next-generation features like APP-ID for more granular rules (e.g. social networking pages read-only without allow posting).

Analyzed the user termination process based on an existing checklist and by interviewing IT employees in charge of it. Carefully selected the existing process steps which could be automated and also added new features like supervisor notifications (before, during and after termination). This module simplifies the user termination process and only a few remaining steps must be done manually. To improve the data quality of our Active Directory I've developed another module which runs the recurring synchronization of HR data with Active Directory with notification of inconsistent values and optional automatic correction. Besides some other modules I have also implemented a module that checks the password expiration of the users and informs them in advance via email.

Based on a regulation of the Swiss financial market supervisory authority FINMA Schroders was forced to implement a solution to classify and protect important data. Therefore I have set up an IQProtector server, configured the needed rules for classification and protection and deployed the agent to all affected workstations. Now all important data is encrypted and even if it leaves our network it's not usable.

Planned, developed, implemented and rolled out a concept for Microsoft AppLocker to prevent unwanted files to be executed. Extended the recommended concept from Microsoft to a more user friendly solution with a GUI to easily manage the AppLocker whitelist. Solution includes a Powershell script that writes all AppLocker events to a SQL database. Based on this database the self-developed GUI tool “AppLocker Mgmt Pro” offers comprehensive features to manage the whitelist and helps with troubleshooting in case of any issues. Automatic whitelist backups are included and a mutual documentation has finalized the project.

back to Resume

• Improved the IT internal collaboration by introducing the project management tool Redmine
• Administration of the the enterprise wiki Atlassian Confluence and the project management software JIRA
• Migration and upgrade of Wordpress and SilverStripe website to the latest version on a new webserver
• Assisted in moving complete IT infrastructure (network, servers, phone system) of a branch site into a new office
• Developed a comprehensive PowerShell script with an intelligent GUI to simplify Active Directory user creation

The framework offers essential features like reporting, logging, automatic action handling and scheduling. The main purpose of the integrated modules are automatic user termination and all its corresponding actions. It also checks the Active Directory for non-compliant objects, reports them and is able to automatically fix them. The framework consists of multiple files with a code volume of more than 1500 lines, follows common coding standards and is well documented (in-code comments and manual). Its modularity makes it easily extendible to any needed additional features and with its regular checks and automatic user termination it largely improves the overall security of Active Directory.

Analyzed several alternatives for a HA solution for MS SQL Server in consideration of following aspects: implementation and maintenance effort, failover capability and necessary investments. Created a requirement plan considering the expected performance needs of the hosted databases. Designed the detailed set up and implemented it thoroughly from scratch. Afterwards created automated maintenance and backup plans, tested the failover and restore procedure and documented the setup and general handling. Planned and performed the migration of stand-alone SQL Server databases to the SQL Server cluster to improve maintenance effort, availability and costs.

Created the design for the company-wide SCCM infrastructure with a focus on simplified management. Installed and configured SCCM 2012 from scratch with several distribution points. Rolled out client agents for more than 800 workstations. Created standardized processes for software deployment and wrote detailed manual for support operators about general usage of SCCM.

Analyzed the server and workstation infrastructure of about 150 Windows servers and more than 900 Windows workstations on 10 sites world-wide. Planned, designed and implemented the required WSUS infrastructure concerning replication topology, OS languages, computer groups and patch approval handling with a heavy focus on a safe patch deployment (three layered patch approval cycle). Created detailed documentation of the configuration and the regular patch approval steps.

Elaborated the most efficient anti-virus (AV) infrastructure for the existing IT environment when it comes to simplified AV management, effortless maintenance, resource usage optimization and minimizing network traffic. Accurately implemented the company wide AV infrastructure based on enterprise AV solutions of McAfee consisting of a central management server, several on-site package repositories and client AV agents. Also set up several server-side AV agents optimized for the company's VMware infrastructure to offload scanning operations from production servers.

Created a requirements plan based on the available Excel inventory file. Analyzed several alternatives for a mutual infrastructure inventory application. Implemented the core application and the automated inventory scripts. Customized the application to meet the company's requirements. Created several reports to simplify the daily handling. Wrote detailed documentation about the setup, handling and customization of the application.

Designed the whole process of automatic disk encryption for Windows workstations from a central management point including central encryption key storage and data recovery. Implemented it thoroughly with Microsoft BitLocker, SCCM, TPM and Active Directory. Created detailed documentation about the whole process and the application configuration. Introduced first-level support to the required steps. Benefits to the company are a more secure IT environment and compliance to customer regulations.

back to Resume

• Planned and performed the migration of the user workstations to Windows 7 64bit with Microsoft System Center Configuration Manager
• Planned and implemented an enhanced Wi-Fi infrastructure
• Analyzed and improved various business processes to speed up daily business
• Created detail orientated IT documentation for preserving important knowledge about the IT infrastructure and related tasks and processes
• Planned and implemented the process and application to send out email newsletters
• Planned and performed the network migration to a greater subnet range to enhance the network capacity

Analyzed the requirements based on storage needs. Planned and designed the backup strategy considering data life cycle, tape rotation and backup schedule based on the grandfather-father-son method. Implemented the backup concept with Symantec Backup Exec 2012 and HP Tape Autoloader.

back to Resume

• Developed and implemented the concept for corporate mobile devices
• Planned and performed various server migrations (upgrade and physical-to-virtual)
• Implemented an enterprise video conferencing system for interbranch communication
• Planned and set up a safe antivirus infrastructure based on TrendMicro
• Planned and set up a solid patch management infrastructure based on WSUS
• Developed and implemented concepts for improved Active Directory management
• Planned and performed the Active Directory and system migration of a company that has been taken over
• Assisted in network migration of a whole site to a greater subnet

back to Resume

Final thesis for university, topic: “Conception and implementation of a Rich Internet Application based on an existing intranet application”

See Shiftconnector

back to Resume

Planned hardware and software requirements based on current and future business needs. Ordered needed hard and software. Designed and implemented the central server based on Microsoft Windows Small Business Server 2003 for file storage, Microsoft Exchange as email server and Bibliotheka 2000 as library management application. Added Windows XP workstations for library employees and visitors managed and restricted by Active Directory. Set up internet connection, printers and backup solution.

Initiated the planning of the public website. Created frontend template and content based on content management system Joomla. Added plugin for simplified event publication.

back to Resume