I am a security-driven IT professional with more than twenty years of experience in both SME and Enterprise environments. In my work, I often fulfill the role of a hands-on architect: a hybrid position at the intersection of security, architecture, and coordination. I independently perform in-depth analyses of environments, risks, and dependencies and translate these into concrete design and operational decisions that are directly applicable for specialists.
I act as a subject-matter partner for DevOps, security, and infrastructure teams to gather information, align designs, and support technical decision-making. In doing so, I connect business, DevOps, and technology by translating complex technical matters into clear, actionable advice.
My approach is based on security-by-design and zero-trust principles. I treat infrastructures as code: predictable, automated, and verifiable. I combine architectural and hands-on advisory work by reviewing designs, validating implementations, and improving policies and technical configurations. By embedding policy in tooling and automating processes, I ensure that security becomes a structural part of every design and operational decision.
In a team environment, I enjoy working with technologies such as microsegmentation, SDN, policy monitoring, and Infrastructure as Code, where security, stability, and integrity are always leading principles. I consider knowledge sharing essential; I help teams raise security awareness and encourage the adoption of proven modern techniques that deliver measurable value in risk reduction and reliability.
My experience with large-scale segmentation, migration, and modernization programs has taught me how crucial collaboration is. I perform best in organizations where humanity, clarity, and security demonstrably have priority. I am broadly deployable as an advisor, solution architect, and implementation lead for organizations that aim to sustainably increase their security maturity.
Specializations
- Enterprise infrastructure architecture & Infrastructure as Code (security policies and segmentation as code)
- Network segmentation (macro- and microsegmentation, zero trust, segmentation matrices)
- PAM architecture (CyberArk, JIT access, secrets management, auditing)
- Cloud and infrastructure transitions (VMware, Azure, encryption, IAM, security-by-design)