Working for multiple clients (Latin America/UK/France) as CISO/SRE/DevOps/IT (Cloud/Solution) Architect and this is a little part of what I did: - Moved the entire infrastructure from built and maintained by developers to standardized and automation first using Terraform and Ansible - Responsible about security and hardening for workstations and mobiles (ex. using Mobile Device Management), ensured and reported about security, budget, IT designing (Hardware, VM, containers, IP architecture) - Implemented configuration hardening (fstab, ssh) integrated in Ansible, vulnerability scanners setup with alerting and scan for unexpected settings (sysctl) - Privileged contact with providers for IT infrastructure and IT services - Built Real Time web service - Analyze, define and build from scratch the right cloud architecture for cost-efficient, scalability on public cloud provider - Improved automation and CI
Working on Microsoft Azure platform to prepare the migration from on-premise to cloud.
Client : streaming company (Molotov TV) - Migrated Scality servers from Ubuntu to CentOS and improved all Ansible roles needed to be compliant to CentOS and not only Ubuntu
Client : French cloud provider (Orange Cloud for Business) using OpenStack Managed and supported entire cloud provider (Cloudwatt — Orange Cloud for Business) OpenStack platform: 1000 servers Contributed to be SecNumCloud compliant (Security/System/Network) and more specifically on Public Key Infrastructure (internal PKI) part: - evaluated existing solutions and choice the right solution related to requirements - contributed to chosen solution: changes in master branch (Hashicorp Vault on GitHub) successfully made - automated install shell script for emergency install (disaster recovery) Improved configuration management: Ansible and Chef Added and Optimized monitoring for NetApp using NetApp Harvest and help teams using it Contributed to monitor and test vulnerabilities (Meltdown/Spectre), scan for unexpected settings (sysctl) and incorporate changes into configuration management Worked with other teams (IAAS, SDN ...) on transverse subjects
Managed, supported Linux system and network administration, also firewall and VPN management with clients and critical provider (SWIFT), IP address management, DNS management and Security system (badge) management Improved configuraton management: Ansible roles Successfully built weathermap using observium and Python, resolve all problems identified by OpenVAS Provided client support
Managed and supported ads infrastructure (no downtime authorized) and all other infrastructures when needed Improved configuration management: SaltStack states and pillars
Managed and supported Health and Ministry infrastructure (company certified personal health data hosting provider) and all other infrastructure Provided client support
Made webapp embedded on mobile payment terminal using Ingenico Desk/5000, NodeJS, Python and Shell scripting
Optimizing PHP/MySQL platform Writing fail2ban rules depending on the needs Writing shell script to improve tasks (very specific) with Apache2 Settings on the kernel and firewall Information and choice on some applications
Build infrastructure (Debian based) Writing fail2ban rules depending on the needs Settings on the kernel and firewall Information and choice on server hardware and some applications (ACID for DBMS and more)
Trusted Platform : Backup as a Service Storage using Self-Encrypting Drives (FIPS 140-2) Protection forms with reCaptcha Installation of operating systems Debian GNU / Linux and Scientific Linux via KVMoIP (KVM over IP) for installation LUKS PKI Implementation of SSL VPN Sharing of SSL Port (TCP 443) Compilation of custom Linux kernel Settings on the kernel, firewall and routing Monitoring via Shinken Developments: - IPN (Instant Payment Notification) for PayPal and AlertPay - Several shell scripts using arguments - Request Features with sorting columns Title and Status