Verified Expert in Engineering
DevSecOps Engineer Architect and Developer
Milan is an experienced DevSecOps engineer specializing in on-premise, cloud, and hybrid infrastructure. He also has a vast experience in virtualization, Linux, LAMP, databases, high availability (HA), business continuity plan (BCP), and disaster recovery (DR). Milan is a dedicated and focused individual, able to take on any infrastructure challenge and provide the most efficient solutions. Over the last few years, Milan focused on AI/ML platforms (MLOps) and security compliance, such as SOC-2.
Amazon Web Services (AWS), Linux, Terraform, Compliance, SOC 2, Cloud Security, High Availability Disaster Recovery (HADR)
The most amazing...
...project I executed is a data center relocation. I did 40+ racks, 100+ services, and two distant data centers with no downtime.
Head of IT Infrastructure
The Mead Group, Inc.
- Automated application deployment. Used Ansible for in-house infrastructure orchestration.
- Reviewed and consolidated infrastructure backups. Proposed and implemented optimization changes and monitoring.
- Proposed a data center upgrade plan (VMware, Dell hardware, and Cisco) with a temporary service relocation to the cloud (AWS).
Head of Infrastructure | CSO
- Prepared the company for SOC-2 certification. Successfully passed year-on-year security assessments conducted by 3rd parties and clients within the organization.
- Successfully rolled out company-wide MDM solution integrated with Endpoint Protection and security policies to comply with compliance requirements.
- Introduced IaaC into the organization (Terraform). Included IaaC as part of the CI/CD pipeline (Jenkins).
- Introduced SSO and mandatory MFA across all internal services, as well as all SaaS partners (where applicable).
- Consolidated legacy infrastructure in the Rackspace cloud.
- Provided recommendations for PHP code changes and migrated services to AWS cloud.
- Established a secure path between end user applications and core systems.
IT Consultant | System Administrator
- Managed and grew a SaaS service used by top brands around the world.
- Contributed to AWS and Azure deployments with CDN in place and a high level of security.
- Provided continuous integration and continuous delivery using Jenkins.
- Implemented single sign-on (SS0) (Okta, OneLogin) integrations.
Head of IT
- Deployed and managed an AI solution (in-house infrastructure) used by one of the largest banks in Singapore.
- Performed AWS deployment and managed an AI solution for a world-renowned retailer.
- Managed Flowcast core IT infrastructure, including AWS, GCP, Attlassian, internal MDM, and RBAC.
Group IT Operations Manager
- Created and maintained secure/scalable/highly available IT/IS infrastructure supporting all group services and key shared hosting platforms.
- Increased high availability of database servers (multi-master replication).
- Moved part of the physical infrastructure into a private cloud (VMware ESXi, Nutanix, 10 Gbps network).
- Provided PaaS to development teams including automated tests and builds.
- Configured a Juniper Firefly virtual firewall in HA mode.
- Created a log search tool allowing support teams to filter and process logs from a shared hosting platform.
- Managed NetScaler VPX load balancer, including SSL certificates.
- Provided GitLab instance to all group members.
- Managed a corporate website—BGP Anycast cache domain (using Varnish) with LAMP back end.
- Upgraded Puppet and used dynamic environments and automatic manifests propagation via r10k.
Senior Systems Administrator
- Migrated three legacy shared hosting platforms onto a new multitenant platform.
- Deployed a highly available database cluster (MySQL).
- Upgraded servers running a legacy OS to the latest LTS versions.
- Performed a security assessment of the infrastructure and platforms.
- Rolled out new BGP any-cast DNS nodes around Europe.
- Managed a mobile content delivery network (in-house CDN).
- Migrated the whole infrastructure from a UK, London-based data center into AWS cloud.
- Created and validated disaster recovery procedures.
- Created and managed business reports supporting marketing campaigns and a sales team.
- Worked with vendors on continuous service improvement (message delivery).
Barda SW, HW, s.r.o.
- Built a framework for SMS processing (a food ordering platform).
- Wrote code for various automatic bank payment systems.
- Wrote code to generate HACCP reports required by local legal entities.
- Wrote code for automated direct debit processing with banks.
- Wrote code for online ordering via a web portal (PHP).
- Managed Linux infrastructure to support the business.
- Worked on an ID card management and processing system used by clients for automated food ordering.
Sport Media Group - Go Content Ltd.
- Optimized database schema and indexes for the internal CMS.
- Upgraded and consolidated the DNS platform (BIND).
- Implemented IT policies (configuration, release, and incident management).
- Built a highly available network infrastructure in two distant sites.
- Built, configured, and managed a newsletter mail platform used for mail distribution.
Web and WAP Systems Administrator
T-Mobile Czech Republic a.s.
- Managed network and application load balancers with SSL offload.
- Managed the primary customer portal—T-Zones—using Jakarta EE, Tomcat, and Apache.
- Managed a WAP gateway for all T-Mobile customers (Openwave MAG).
- Implemented the Oracle directory service (LDAP) used by the client portal.
- Directly involved in the roll-out of the 1st unified messaging service in Europe (Paegas Click service).
Data Center Relocation
My role was to prepare a high-level and detailed relocation plan for all services (100+). I was also responsible for actioning the plan with my team of four engineers. I was in charge of designing, purchasing, and delivering the new infrastructure, relocating the services, working closely with service owners, and changing the team. I had to manage my team to split the project work and the BAU work in order to keep on track with the tight schedule.
I am proud I managed to vacate the old DC site in less than nine months. The project delivered a new, completely virtualized, resilient, secure, scalable, and power-efficient infrastructure providing high availability and resiliency to all relocated services.
The new site uses a hyper-converged infrastructure (Nutanix and VMware) running on a 10Gbps network (Cisco, Dell, Juniper, Citrix).
I was in charge of designing, purchasing, and delivering the new geographically dislocated DR site in one of Claranet's data centers in Germany. I managed to prepare the whole site remotely with only a little help from the local DC team (patching and configuring the remote access cards on the blades).
The DR site is fully virtualized, including the networking (Cisco CSR, Juniper Firefly, and Cintrix NetScaler VPX). The project delivered DR plans and HA solutions (in an active-active mode where possible) for business-critical applications such as Exchange, Lync, internal CRM, and customer portals.
Infrastructure Move to AWS
The migration required testing and cooperation with the development team. While working on the transition, I also automated the server build process and deployment (CI/CD).
Bash, Ruby, Java, Visual FoxPro, Python, HTML, PHP, CSS
Puppet.js, Amazon EC2 API, Redis Queue
Jenkins, Amazon CloudWatch, Amazon Simple Email Service (SES), Chef, Apache, Amazon Elastic Container Service (Amazon ECS), AWS CLI, AWS ELB, Amazon Virtual Private Cloud (VPC), VPN, Terraform, Nagios, Zabbix, Apache Tomcat, VMware, Varnish, NGINX, Squid Proxy Server, Helm, Puppet, Quagga, Unbound, Kibana, Logstash, Passenger, Ansible, GitHub, Jira, VMware vSphere
DevOps, DevSecOps, Continuous Delivery (CD), Continuous Integration (CI), Automation
Amazon EC2, Amazon Web Services (AWS), Linux RHEL/CentOS, Percona, FreeBSD, Kubernetes, Docker, LAMP, Oracle, WebSphere, Rackspace, Linux, Windows, Azure, Web, Google Cloud Platform (GCP)
Amazon S3 (AWS S3), Memcached, PostgreSQL, MySQL, MySQL/MariaDB, MariaDB, MongoDB, Redis, Data Centers, Databases
Load Balancers, HAProxy, HTTPS, HTTP, SMTP, DNS, VMware ESXi, HTTP Server, IaaS, Cloud Security, Containers, Security Architecture, Iptables, BIND9, BGP, UDP, TCP/IP, IMAP, SOC 2, ISO 27001, Cisco, Juniper, Exim, PowerDNS, Google, BIND 9, Storage, Corporate, Compliance, IT, High Availability Disaster Recovery (HADR), CI/CD Pipelines, Google Workspace, MDM, Machine Learning, Infrastructure, Web Security, Veeam, System Administration, Virtualization, HTTP2, Data Center Migration, Disaster Recovery Plans (DRP), Networking, Migration, Cloud, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Web Application Firewall (WAF), Content Delivery Networks (CDN)
Ruby on Rails (RoR)
Bachelor's Degree in Information Technology
University of Technology Brno - Brno, Czech Republic