Please note that the dates in this resume are not in strict chronological order due to the parallel nature of many freelance projects. Some of the projects are still running today.
Sumary
Dipl. Inf. Stephan Gitz
Seasoned IT Security Specialist with over 17 years of experience, blending a rich background in Linux, networking, complemented by specialized expertise in Cisco systems and a focus on Kubernetes. Empowering organizations to leverage the full potential of cloud computing and containerization, ensuring a competitive edge in technology deployment.
- Steinbergstraße 42, 31139 Hildesheim
- 9231 0469 671 94+
- ed.ztiG-nahpetS@tcatnoc
Education
Diplom Medieninformatik
2000 - 2007
University of Applied Sciences Bremen, Germany
I completed my studies in Media Computer Science in April 2007, graduating with distinction. My focus was on networks and information security, areas where I developed a deep understanding and expertise.
Recent Certifications
Certified Kubernetes Security Specialist (CKS)
Certified Kubernetes Administrator (CKA)
Certified Kubernetes Application Developer (CKAD)
Professional Experience
DevOps Engineer
05/2022 - 12/2022
Housing cooperative, Germany
Development of a CI/CD infrastructure for a tenant app on Azure AKS
Implementation and management of a DevOps CI/CD infrastructure in Azure AKS with Jenkins X, Terraform and Github. Implementation and management a logging and monitoring platform for real-time monitoring and performance performance analysis using Prometheus, Loki, Grafana. Creation of Kubernetes manifests. Use of Azure Spot VMs for cost optimization for development development environments and staging. Creating network policies in Azure AKS to ensure network security and control network traffic between pods and services. Configuration of the Cert-Manager for handling SSL/TLS certificates. Use of Azure Key Vault for the secure storage and distribution of secrets.
Technologies: Azure AKS, Azure Cosmos DB, Azure Key Vault, Git, Github, Gradle, Grafana, Helm, Java, Jenkins X, Kubernetes, Loki, Prometheus, SpringBoot, Tekton.
Cloud Engineer
02/2021 - 04/2022
PritUG, Germany
Setup and operation of a self-managed Kubernetes cloud on the Hetzner Cloud.
Setup, automation and operation of the Hetzner cloud infrastructure with Terraform and the High-Availability Kubernetes Cluster with Ansible. Writing of Kubernetes manifests and customization for test, staging and production production environments with Kustomize. Help with the integration into an existing CI/CD pipeline, complemented by Selenium for automated web browser web browser testing. Setting up a monitoring system with Prometheus, Loki and Grafana. Configuration of the Cert Manager for handling SSL/TLS certificates and use of SecretsOPerationS (sops) for secure storage and distribution of secrets.
Technologies: Ansible, Bash, Cert-Manager, Containerd, Django, Docker, Grafana, Hetzner Cloud, KVM, Kanban, kubeadm, Kubernetes, Kustomize, Jenkins, Nginx, Nginx Ingress Controller, PKI, Postgresql, Prometheus, Python, QEMU, Rook/Ceph, SecretsOPerationS(sops), Selenium, Terraform
Cloud Engineer
03/2017 - 01/2018
PritUG, Germany
Scalable Python application infrastructure in Google Cloud with Kubernetes, Helm and Google Cloud Builder
Setup of a Managed Kubernetes Cluster (GKE) in the Google Cloud. Integration of the Google Container Builder for the build, test and deploy process of a Python application. Creation of Kubernetes manifests such as e.g. Ingress, Services, Secrets, ConfigMaps. Creation of a Helm package for the deployment of the Python application in the Kubernetes cluster. Integration of of the Postgres Operator for the administration of PostgreSQL databases within the Kubernetes cluster. Development of the Zalando Selenium Grid for automation of web browser tests. Integration of SecretOPerationS for the secure management and distribution of secrets.
Technologies: Bash, Docker, Git, Google Container Builder (renamed: Cloud Build), Google Kubernetes Engine (GKE), Helm, Kanban, KVM, Kubernetes, Nginx, Postgresql, Python, QEMU, SecretOPerationS(sops), Selenium, Wagtail
Cloud Engineer
03/2017 - 01/2018
PritUG, Germany
Scalable Python application infrastructure in Google Cloud with Kubernetes, Helm and Google Cloud Builder
Setup of a Managed Kubernetes Cluster (GKE) in the Google Cloud. Integration of the Google Container Builder for the build, test and deploy process of a Python application. Creation of Kubernetes manifests such as e.g. Ingress, Services, Secrets, ConfigMaps. Creation of a Helm package for the deployment of the Python application in the Kubernetes cluster. Integration of of the Postgres Operator for the administration of PostgreSQL databases within the Kubernetes cluster. Development of the Zalando Selenium Grid for automation of web browser tests. Integration of SecretOPerationS for the secure management and distribution of secrets.
Technologies: Bash, Docker, Git, Google Container Builder (renamed: Cloud Build), Google Kubernetes Engine (GKE), Helm, Kanban, KVM, Kubernetes, Nginx, Postgresql, Python, QEMU, SecretOPerationS(sops), Selenium, Wagtail
Professional Experience (continued)
System Engineer
02/2016 - 08/2016
PritUG, Germany
Migration of an existing Python application into containers
Design and implementation of Docker containers for the migration of an existing existing Python application. Execution of comprehensive tests to ensure functionality and performance in the new architecture. Ensuring the smooth transition of the application into production within the container-based infrastructure. Documentation of the migration process and adaptation of existing operating procedures.
Technologies: Ansible, Bash, Django, Docker, Docker Compose, Firewall, Git, KVM, Kanban, libvirt, Nginx, Packer, Postgresql, Python, QEMU, Vagrant
Teaching in the field of computer networks and information security
04/2012 - 09/2018
University of Applied Sciences Bremen, Germany
Higher Education Lecturer for Computer Networks and Information Security
Development and implementation of courses in the field of Computer networks and information security for Bachelor and Master students. Supervision of student projects and theses in the field of information information security.
Technologies: 802.1x, ACL, ARP, DHCP, Docker, EIGRP, Ethernet, Firewalls, Honeynet, Honeypods, Icinga/Nagios, Intrusion Detection, Kubernetes, NAT, Nessus/OpenVAS, OSI-Model, OSPF, PPP, RIP, Routing, SNMP, Snort, Spanning Tree, SSH, Switching, TCP/IP, VLAN, VPN, VTP, Wireshark
System Engineer
05/2011 - still active
Housing cooperative, Germany
Establishment, maintenance and further development of a Linux and Cisco-based IT infrastructure
Establishment, maintenace and development of the IT infrastructure for the administration of a housing cooperative, including network infrastructure with Cisco hardware. Introduction of FAI-based Linux automation, replaced by migration to Ansible in 2015 to optimize processes. Development and implementation of a comprehensive backup concept to ensure data integrity and system resilience. Continuous responsibility for maintaining the security and stability of the infrastructure.
Technologies: 802.1x, ACL, ARP, DHCP, Docker, EIGRP, Ethernet, Firewalls, Honeynet, Honeypods, Icinga/Nagios, Intrusion Detection, Kubernetes, NAT, Nessus/OpenVAS, OSI-Model, OSPF, PPP, RIP, Routing, SNMP, Snort, Spanning Tree, SSH, Switching, TCP/IP, VLAN, VPN, VTP, Wireshark
Cisco Instructor at a regional Cisco Academy
05/2011 - 09/2020
Cisco Academy Bremen
Training of future Cisco Instructors
Responsibility and implementation of the training of Cisco instructors. Conception and implementation of specialized training courses for Cisco instructors in the areas of information security and network security. Implementing best practices and security protocols into curricula to increase information security awareness.
Technologies: AAA, ACL, Attac Vectors, BGP, DHCP, DNS, EIGRP, Ethernet, Firewalls, IPSec, NAT, NTP, OSI-Model, OSPF, PEX, RADIUS, RIP, Routing, SNMP, SSH, Switching, syslog, TACACS+, TCP/IP, TFTP, VLAN, VPN, WLAN, WPA
Network Engineer
11/2007 - 04/2011
University of Applied Sciences Bremen
Edinet - E-learning in Distributed Data Network Laboratory
Building and integration of a net lab into a semi-virtual campus between international international universities and integration of an existing hacking game into this campus.
Technologies: AAA, BGP, Cisco, EIGRP, FAI(Fully Automatic Installation), Firewall, IPSec, Linux, OSPF, Routing, SAML, Shibboleth, single sign-on, SSL, STP, Switching
Network Engineer
07/2008 - 00/2010
University of Applied Sciences Bremen
SiWear - Safe wearable systems for picking industrial goods as well as for diagnosis, maintenance and repair
Evaluation and development of a secure WLAN localization system for guidance of workers to the appropriate shelves for order picking picking, incorporating robust security and privacy measures. data protection measures.
Technologies: 802.1X, AAA, BSI IT-Grundschutz, EAP, ISO 27001, Linux, PKI, RADIUS, Routing, Switching, VLAN, WLAN
Network Engineer
04/2007 - 06/2008
University of Applied Sciences Bremen
Simoit - Secure access of mobile employees to the IT infrastructure of medium-sized companies
Implementation and setup of a Trusted Network Connect architecture. Extended Strongswan and programmed a FreeRadius plugin for Trusted Network Connect. Prototype built at ThyssenKrupp Krause and test phase accompanied.
Technologies: AAA, Bash, Cisco, C, DMZ, EAP, Firewalls, FreeRadius, IPSec, Linux, PKI, strongSwan, VPN, VLAN, Windows, Xsupplicant