About

Work Experience

• Senior Security Cloud Engineer, Knowledge Lab AG

  Jun, 2019 - Present

  Bringing secure DevOps best practices to the banking industry.

  • Designed, built, and deployed the security infrastructure for a banking mobile app with around 16,000 active users.

  • Implemented Device Token authentication for a mobile banking application, integrating seamlessly with existing authorization framework.

  • Built an in-house Terraform Provider (Golang) for a partner company's web-application firewall software.

  • Performed the first cloud-based integration on Amazon Web Services of proprietary API Gateway, including automated configuration management using Ansible.

  • Advocate for the adoption of and migration to Google Cloud Platform. Installed Gitlab on GKE, configured IAM policies for runner Workload Identities, and enabled my colleagues to start implementing CI/CD best practices as part of their daily work.

• Postdoctoral Researcher, Paul Scherrer Institut

  Jul, 2017 - May, 20191 year 11 months

  Performed cutting-edge research on unconventional magnetic and superconducting systems using muon-spin spectroscopy. Also responsible for aiding external users with their experiements, as well as designing new instruments for the future.

  • Analysed large time-series datasets using machine learning algorithms (Python), extracting knowledge and insights into the underlying physical processes

  • Pioneered a novel approach relating directly physical simulations of a system to the observed muon timeseries data.

  • Provided support to external experimental teams, including advising on experimental design and architecture, technical support, data analysis, and theoretical modelling and interpretation.

  • Authored and co-authored 17 papers during my tenure of two years, including journals such as Nature Physics and Physical Review Letters

• Lecturer (Dozent), Berlin International College

  Jan, 2017 - Jun, 20175 months

  Taught courses in Classical Mechanics, Electrical Engineering, and Mathematics for pre-university students, in preparation for the German Studienkolleg examinations.

  • Designed 3 six-month long courses in physics and mathematics from scratch.

  • Set homework assignments and examinations, and gave tailored feedback to each student

  • Delivered courses to 8 students from a variety of different backgrounds

  • All of my students made it to their desired universities.

• Laboratory demonstrator, University of Warwick

  Oct, 2012 - May, 20152 years 6 months

  Demo-ed labs in for third-year masters students and first-year electronics students.

Projects Experience

• Security Cloud Migration to AWS

  Nov, 2021 - Present

  Enterprise 'lift-and-shift' of WAF, API Gateway, and IAM software to AWS for a customer.

  • A big challenge was lack of Kubernetes - nonetheless, I was able to quickly adapt and deployed IAM containers to Elastic Container Service EC2 cluster.

  • Achieved a working migration within 20 working days, and a production-ready system passing tests within 30 days.

  • Wrote extensive documentation and held knowledge transfer sessions at the close of the project.

  • Initially a short-term project, my performance encouraged the client to sign-up for an ongoing maintenance contract and SLA.

• Google Cloud Platform foundation setup

  Jan, 2022 - Present

  Laid the groundwork for future development in Google Cloud Platform.

  • Adopted best-practices based on the Google Cloud Security Framework and Beyond-prod whitepapers.

  • Managed a team of developers to bootstrap the K-Lab GCP organization, including user and group federation from Azure AD.

  • Configured hub-and-spoke network model with HA VPN connection to the on-premises network, and DNS forwarding between GCP Cloud DNS and on-prem Active Directory Domain Controllers.

  • Over 200 pipelines are run on a typical workday, with more than 10 projects in active development.

• Self-managed Gitlab implementation.

  Jan, 2022 - Mar, 20222 months

  Introduced Gitlab as the standard for version control and continuous integration/delivery at K-Lab.

  • Deployed highly-available, resilient, scalable, and cost-effective self-managed Gitlab on Google Kubernetes Engine in GCP in a production environment. Everything is managed with Terraform.

  • User identities federated from Azure AD authoritative IdP, with internal permissions managed with Gitlab groups (again with Terraform).

  • System is highly-available, resilient, scalable, and cost-effective.

  • Setup Workload Identities for specific Gitlab runners, linked to specific Gitlab groups, providing granular access control to Foundation, Infrastructure, and Application pipelines.

  • Conducted knowledge transfer sessions and wrote extensive documentation, which encouraged a high-user uptake.

  • Over 200 pipelines are run on a typical workday, with more than 10 projects in active development.

• Device Token authentication for Mobile Banking Application

  Sep, 2021 - Jan, 20225 months

  Enabled users to login using biometric means (TouchID / FaceID) by implementing Device Token authentication for a mobile banking application.

  • Device Token authentication flow integrates seamlessly with existing OAuth2 authorization framework, and is fully backwards compatible.

  • Reduced the percentage of failed or aborted logins by 73% since introduction of Device Token authentication.

  • Configuration recorded as code in version control, with changes continuously integrated and delivered using Gitlab pipelines.

• Terraform Provider for proprietary WAF and API Gateway

  Apr, 2021 - Oct, 20216 months

  Built Golang HTTP client and Terraform Provider for partner cybersecurity software.

  • Successful PoC, with support for creating and importing Virtual Hosts and attaching TLS certificates.

  • Test-driven development approach with unit and acceptance tests - current overall coverage of 82.3% (HTTP client)

  • Continuous integration, testing, and deployment across multiple Golang versions using Github Actions pipeline.

• Cloud Security Infrastructure for Mobile Banking application

  Oct, 2020 - Jan, 20221 year 4 months

  Designed and built the authentication and authorization infrastructure for a mobile banking application

  • App has gone-live successfully with around 16,000 e-banking users

  • Designed OAuth2 Authorization Code Grant flow incorporating federation of user identities across realms

  • Highly-available and fault tolerant API Gateway and web application firewall deployment, with automated configuration on scale-out

  • Used GitOps to realise 100% infrastructure- and configuration-as-code, with continuous integration and deployments on-demand, and minimal manual hacks

• Next Best Offer for Banking Products

  Jun, 2019 - Oct, 20201 year 4 months

  Built a recommendation system based on implicit customer ratings of banking products.

  • Used RFM analysis to model implicit customer ratings for particular banking products.

  • Leveraged open-source Python library to train a model to generate Top N predictions for additional products customers may appreciate.

  • Implemented business logic on top of ML predictions, in collaboration with domain experts and SMEs.

  • FastAPI written to expose training and prediction endpoints, with the whole thing deployed to OpenShift.

Skills

Education

Awards

Publications

Interests

References