Projects

deutsch🇩🇪

Examination of 25 Kubernetes Cluster in Critical Infrastructure

Timeframe: October – November 2024

Role: Consultant to prepare the audit

Topics: Recommendations according BSI Grundschutz Container APP 1.6, Kubernetes SYS 4.4 and Supplychain Security according DevSecOps

German administration cloud

Timeframe: September 2023 – June 2024

Role Consulting Cloud, DVC, Security

Topics

• Work on version 3.0 of the German Administrative Cloud – Target Architecture Framework
• Recommendations for the IT Planning Council
  • Open Source
  • AI
  • Cloud
    • Kubernetes
    • Public clouds
  • Networks
    • Federated Networks
    • Mutual TLS

Open Desk

Timeframe September 2022- – April 2024

Role DevSecOps Architect

Topics

• Cloud Native Architecture and the implementation of US DoD DevSecOps flow
• Mainly contributions to TOGAF Phase D
• reviews
• Open source licences
• Coordination with the BSI
  • IT basic protection
  • SABSA
• Security concept
• Coordination with project partners

Workshops introduction DevSecOps for Fintech

Timeframe November 2023 – January 2024

Role Security Architect

Topics

• Implementation of DevSecOps
• CNCF DoD processes
• Importance for NIS-2
• Implementation strategy for CISO, development and operations
• Rancher on Premises
• Azure

Kubernetes and DevSecOps for transmission system operators / transmission grid

Timeframe April 2020 – March 2023

Topics

• Openshift 4 Introduction
• Security of Kubernetes
  • Security trainings
  • Container security BSI basic protection SYS 1.6
  • Kubernetes security BSI basic protection APP 4.4
  • DevSecOps
  • Software Supply Chain
  • Introduction Cloud Native in Air Gapped Environments
    • Harbour
    • Trivy
    • GitOps
    • Container Signing
  • Consulting Service Provider Containerisation
    • Redispatch
    • Energy trading
    • Weather forecast

Workshops on DevOps

Role Trainer Topics Kubernetes, OpenShift, Kritis Security, Google Cloud, GCP, Azure, AKS, Container, Architect, Cloud Services, Microservices, Security, DevSecOps, containers, Kubernetes, security, agile software development, Scrum

period since 2016, several workshops per year

Training courses and workshops Kubernetes security for Kritis operators

Topics DevSecOps, Airgapped Kubernetes, Container Scan, Signatures, SLSA, Generalisation of Trusted Compute Boundaries

Role Trainer

period 2018 - today

Kubernetes Masterclasses for Google

period March 2016 – September 2019

Role Trainer, DevOps

Topics

• Google Kubernetes Engine, GKE
• Ingress, Istio, Calico
• Google Cloud Platform, GCP
• Networks, Virtual Private Cloud VPC
• Firewall, Network Policies
• Databases, SQL, NoSQL

---

Kubernetes for secure public authority radio

Timeframe August 2021 – May 2022

Role DevSecOps Architect

Topics

• Consulting on the implementation of Kubernetes in the security area
• BSI basic protection container and Kubernetes
• Georedundancy
• with Rancher and connection to NetApp
• Kubernetes security

Honorary introduction of Kubernetes in the public administration

period since May 2020

Role voluntary consulting as DevSecOps architect

Topics

• Conception of OpenCode.de
• IT Planning Council Cloud Working Group
• German Administrative Strategy Framework](https://www.it-planungsrat.de/fileadmin/beschluesse/2022/Beschluss2022-47_Rahmenwerk.pdf)
• Sovereign workplace
• Container
• Kubernetes
• Security

Kubernetes health system

Timeframe August 2019 – March 2020

Role Security Architect

Topics

• Architecture of applications for the healthcare system
• Trainings, workshops for Kubernetes, beginner to security
• Migration concepts for applications in the programming languages/frameworks
• Java, Spring Boot (Quarkus, GraalVM), Dotnet, Python Machinelearning on NVIdia GPUs
• Design of a basic architecture based on VMWare PKS (Pivotal)
• Architecture, integration with Active Directory
• Automated project templates
• Security perimeter with JWT (Json Web Token)
• On Premises with VMWare PKS and in Azure
• Edge computing protection with service meshes (Istio)

Kubernetes for IoT for a mechanical engineering company from NRW

Role Trainer

Time period February 2020

Topics Helm Charts, Advanced Containers, 12factor, Cloud Native Apps
Distributed Databases
Container Design Patterns
Sidecars

Security in the Kubernetes ecosystem
Monitoring of Kubernetes operation & app deployment
Kubernetes audit logs
Network segmentation & security using Calico, Cilium
Istio, Linkerd
Container security
NetworkPolicies
Signing Images

Applying security policies to pods and containers
Linux Kernel features used in containers
Container Isolation Patterns
DevSecOps, SecDevOps, Automation
Network Security Patterns
Sidecars for Authorisation and Transport Security
| Knowledge: |

DevSecOps, Network, Oauth2

with

Calico, Istio, Cilium, Linkerd, AKS, KeyCloak

Workshop Kubernetes networks in the Google Cloud Platform GCP

Topics Kubernetes networks
Ingress,
Istio,
Knative,
Helm, Ingress Role Trainer

Kubernetes Security Training**

Role Trainer

Topics PodSecurityPolicies, NetworkPolicies, GitOps, Istio and much more. see Training Kubernetes Security on GitHub

Timeframe November 2019

Kubernetes Security for a major news magazine

Role Cloud Security Architect

Topics general Kubernetes security, PodSecurityPolicy, NetworkPolicy, user and rights management, protection of Helm, GCP

Timeframe August 2019 – October 2019

Kubernetes Security Training**

Period September 2019

Content Kubernetes security, PodSecurityPolicies, NetworkPolicies, GitOps, Istio

Role Trainer

CoreOS for SAP**

Content Design, installation and operation of CoreOS clusters for SAP

• Many trainings, project management, security, network, Python
• Kubernetes, containers, agile project management, training, GPU, security, Continuous Integration, Machine Learning as a Service, Python, CoreOS, Docker, NVIDIA, glusterfs, Jenkins

Summary Rolling out Enterprise Kubernetes Clouds at SAP

Timeframe October 2015 – September 2019

Role Cloud and system architect

OpenShift Cluster for internet comparison portal

Content

Design and project management of an OpenShift Origin cluster, training, security, networks Calico

Timeframe April 2017 – August 2019

Role Architect

Kubernetes on CoreOS in AWS for startup in the telecommunications sector

Content Implementation of video telephony in the Amazon Cloud based on CoreOS and Kubernetes Integration of various databases
Securing communication in the cluster with TLS, Vault and HSM

Project management and training
Containers, Kubernetes, Java, Python, Ruby

Period October 2015 – August 2017

Role Architect, DevOps

Summary

Launching a complex application in a Kubernetes cloud, Youtube Video

Berlin Buzzwords 2016 in Berlin

Shaping Applications for Docker, CoreOS, Kubernetes and Co

---

• ← Previous Post
• Next Post →