Milan Jezdik, Developer in Prague, Czech Republic
Milan is available for hire
Hire Milan

Milan Jezdik

Verified Expert  in Engineering

DevSecOps Engineer Architect and Developer

Location
Prague, Czech Republic
Toptal Member Since
February 1, 2016

Milan is an experienced DevSecOps engineer specializing in on-premise, cloud, and hybrid infrastructure. He also has a vast experience in virtualization, Linux, LAMP, databases, high availability (HA), business continuity plan (BCP), and disaster recovery (DR). Milan is a dedicated and focused individual, able to take on any infrastructure challenge and provide the most efficient solutions. Over the last few years, Milan focused on AI/ML platforms (MLOps) and security compliance, such as SOC-2.

Portfolio

The Mead Group, Inc.
VMware, Veeam, VMware vSphere, System Administration, Virtualization...
Tillful
Cloud Security, Web Security, Intrusion Detection Systems (IDS)...
PriceBlink
Amazon Web Services (AWS), Rackspace, MySQL, PHP, Web Security

Experience

Availability

Part-time

Preferred Environment

Amazon Web Services (AWS), Linux, Terraform, Compliance, SOC 2, Cloud Security, High Availability Disaster Recovery (HADR)

The most amazing...

...project I executed is a data center relocation. I did 40+ racks, 100+ services, and two distant data centers with no downtime.

Work Experience

Head of IT Infrastructure

2022 - PRESENT
The Mead Group, Inc.
  • Automated application deployment. Used Ansible for in-house infrastructure orchestration.
  • Reviewed and consolidated infrastructure backups. Proposed and implemented optimization changes and monitoring.
  • Proposed a data center upgrade plan (VMware, Dell hardware, and Cisco) with a temporary service relocation to the cloud (AWS).
Technologies: VMware, Veeam, VMware vSphere, System Administration, Virtualization, Automation, PHP, HTTP, HTTP2, HTTPS, HTTP Server

Head of Infrastructure | CSO

2021 - 2023
Tillful
  • Prepared the company for SOC-2 certification. Successfully passed year-on-year security assessments conducted by 3rd parties and clients within the organization.
  • Successfully rolled out company-wide MDM solution integrated with Endpoint Protection and security policies to comply with compliance requirements.
  • Introduced IaaC into the organization (Terraform). Included IaaC as part of the CI/CD pipeline (Jenkins).
  • Introduced SSO and mandatory MFA across all internal services, as well as all SaaS partners (where applicable).
Technologies: Cloud Security, Web Security, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), MDM, Web Application Firewall (WAF), Content Delivery Networks (CDN), SOC 2, ISO 27001

IT Consultant

2016 - 2022
PriceBlink
  • Consolidated legacy infrastructure in the Rackspace cloud.
  • Provided recommendations for PHP code changes and migrated services to AWS cloud.
  • Established a secure path between end user applications and core systems.
Technologies: Amazon Web Services (AWS), Rackspace, MySQL, PHP, Web Security

IT Consultant | System Administrator

2016 - 2022
One Door
  • Managed and grew a SaaS service used by top brands around the world.
  • Contributed to AWS and Azure deployments with CDN in place and a high level of security.
  • Provided continuous integration and continuous delivery using Jenkins.
  • Implemented single sign-on (SS0) (Okta, OneLogin) integrations.
Technologies: Amazon Web Services (AWS), PostgreSQL, Ruby, Azure, DevOps, Jenkins, CI/CD Pipelines, Bash

Head of IT

2017 - 2019
Flowcast Inc.
  • Deployed and managed an AI solution (in-house infrastructure) used by one of the largest banks in Singapore.
  • Performed AWS deployment and managed an AI solution for a world-renowned retailer.
  • Managed Flowcast core IT infrastructure, including AWS, GCP, Attlassian, internal MDM, and RBAC.
Technologies: Python, GitHub, Amazon Web Services (AWS), Google Cloud Platform (GCP), Jenkins, CI/CD Pipelines, Google Workspace, MDM, Cloud Security, Compliance, Machine Learning, Infrastructure, Load Balancers, SMTP

Group IT Operations Manager

2010 - 2015
Claranet Group
  • Created and maintained secure/scalable/highly available IT/IS infrastructure supporting all group services and key shared hosting platforms.
  • Increased high availability of database servers (multi-master replication).
  • Moved part of the physical infrastructure into a private cloud (VMware ESXi, Nutanix, 10 Gbps network).
  • Provided PaaS to development teams including automated tests and builds.
  • Configured a Juniper Firefly virtual firewall in HA mode.
  • Created a log search tool allowing support teams to filter and process logs from a shared hosting platform.
  • Managed NetScaler VPX load balancer, including SSL certificates.
  • Provided GitLab instance to all group members.
  • Managed a corporate website—BGP Anycast cache domain (using Varnish) with LAMP back end.
  • Upgraded Puppet and used dynamic environments and automatic manifests propagation via r10k.
Technologies: Juniper, Cisco, MariaDB, Puppet, Linux, VMware, DNS, Storage, Web, Corporate

Senior Systems Administrator

2009 - 2010
Claranet UK
  • Migrated three legacy shared hosting platforms onto a new multitenant platform.
  • Deployed a highly available database cluster (MySQL).
  • Upgraded servers running a legacy OS to the latest LTS versions.
  • Performed a security assessment of the infrastructure and platforms.
  • Rolled out new BGP any-cast DNS nodes around Europe.
Technologies: Unbound, PowerDNS, Exim, MySQL, Ruby on Rails (RoR), Quagga, LAMP

Infrastructure Specialist

2008 - 2009
Boltblue International
  • Managed a mobile content delivery network (in-house CDN).
  • Migrated the whole infrastructure from a UK, London-based data center into AWS cloud.
  • Created and validated disaster recovery procedures.
  • Created and managed business reports supporting marketing campaigns and a sales team.
  • Worked with vendors on continuous service improvement (message delivery).
Technologies: Amazon Web Services (AWS), Google, Apache, Apache Tomcat, Java, Oracle, HAProxy

Lead Architect

1998 - 2009
Barda SW, HW, s.r.o.
  • Built a framework for SMS processing (a food ordering platform).
  • Wrote code for various automatic bank payment systems.
  • Wrote code to generate HACCP reports required by local legal entities.
  • Wrote code for automated direct debit processing with banks.
  • Wrote code for online ordering via a web portal (PHP).
  • Managed Linux infrastructure to support the business.
  • Worked on an ID card management and processing system used by clients for automated food ordering.
Technologies: Visual FoxPro, Java, Apache, PHP, Linux

Systems Administrator

2006 - 2008
Sport Media Group - Go Content Ltd.
  • Optimized database schema and indexes for the internal CMS.
  • Upgraded and consolidated the DNS platform (BIND).
  • Implemented IT policies (configuration, release, and incident management).
  • Built a highly available network infrastructure in two distant sites.
  • Built, configured, and managed a newsletter mail platform used for mail distribution.
Technologies: Iptables, Apache Tomcat, PostgreSQL, BIND9, BIND 9, Apache, Java

Web and WAP Systems Administrator

2005 - 2006
T-Mobile Czech Republic a.s.
  • Managed network and application load balancers with SSL offload.
  • Managed the primary customer portal—T-Zones—using Jakarta EE, Tomcat, and Apache.
  • Managed a WAP gateway for all T-Mobile customers (Openwave MAG).
  • Implemented the Oracle directory service (LDAP) used by the client portal.
  • Directly involved in the roll-out of the 1st unified messaging service in Europe (Paegas Click service).
Technologies: WebSphere, Oracle, Apache Tomcat, Apache

Data Center Relocation

Based on a business decision to close one of the main DC sites in the UK, I had to power off and relocate 40+ racks and all related services to a new site.

My role was to prepare a high-level and detailed relocation plan for all services (100+). I was also responsible for actioning the plan with my team of four engineers. I was in charge of designing, purchasing, and delivering the new infrastructure, relocating the services, working closely with service owners, and changing the team. I had to manage my team to split the project work and the BAU work in order to keep on track with the tight schedule.

I am proud I managed to vacate the old DC site in less than nine months. The project delivered a new, completely virtualized, resilient, secure, scalable, and power-efficient infrastructure providing high availability and resiliency to all relocated services.

The new site uses a hyper-converged infrastructure (Nutanix and VMware) running on a 10Gbps network (Cisco, Dell, Juniper, Citrix).

DR Site

http://www.claranet.com
I was tasked with building a new DR site in a distant location that would support Claranet Group Business Continuity Plans.

I was in charge of designing, purchasing, and delivering the new geographically dislocated DR site in one of Claranet's data centers in Germany. I managed to prepare the whole site remotely with only a little help from the local DC team (patching and configuring the remote access cards on the blades).

The DR site is fully virtualized, including the networking (Cisco CSR, Juniper Firefly, and Cintrix NetScaler VPX). The project delivered DR plans and HA solutions (in an active-active mode where possible) for business-critical applications such as Exchange, Lync, internal CRM, and customer portals.

Infrastructure Move to AWS

Based on the cost analysis, a decision was made to virtualize the whole Boltblue Ltd. infrastructure into the AWS cloud. I was tasked with the preparation of the new AWS environment and moving the physical infrastructure into the cloud. One of the most challenging tasks on this project was to migrate an Oracle 10i 32-bit instance into the 64-bit virtual environment. This project utilizes AWS services such as EC2 and S3 and CentOS-based images running Java/Apache/Tomcat application stack.

Architecture Update

The conversion of the PHP source code and underlying operating system into supported (LTS) versions of PHP and OS.

The migration required testing and cooperation with the development team. While working on the transition, I also automated the server build process and deployment (CI/CD).
2002 - 2005

Bachelor's Degree in Information Technology

University of Technology Brno - Brno, Czech Republic

Libraries/APIs

Puppet.js, Amazon EC2 API, Redis Queue

Tools

Jenkins, Amazon CloudWatch, Amazon Simple Email Service (SES), Chef, Apache, Amazon Elastic Container Service (Amazon ECS), AWS CLI, AWS ELB, Amazon Virtual Private Cloud (VPC), VPN, Terraform, Nagios, Zabbix, Iptables, Apache Tomcat, VMware, Varnish, NGINX, Squid Proxy Server, Helm, Puppet, Quagga, Unbound, Kibana, Logstash, Passenger, Ansible, GitHub, Jira, VMware vSphere

Languages

Bash, Ruby, Java, Visual FoxPro, Python, HTML, PHP, CSS

Paradigms

DevOps, DevSecOps, Continuous Delivery (CD), Continuous Integration (CI), Automation

Platforms

Amazon EC2, Amazon Web Services (AWS), Linux RHEL/CentOS, Percona, FreeBSD, Kubernetes, Docker, LAMP, Oracle, WebSphere, Rackspace, Linux, Windows, Azure, Web, Google Cloud Platform (GCP)

Storage

Amazon S3 (AWS S3), Memcached, PostgreSQL, MySQL, MySQL/MariaDB, MariaDB, MongoDB, Redis, Data Centers, Databases

Frameworks

Ruby on Rails (RoR)

Other

Load Balancers, HAProxy, HTTPS, HTTP, SMTP, DNS, VMware ESXi, HTTP Server, IaaS, Cloud Security, Containers, Security Architecture, Security, BIND9, Border Gateway Protocol (BGP), UDP, TCP/IP, IMAP, SOC 2, ISO 27001, Cisco, Juniper, Exim, PowerDNS, Google, BIND 9, Storage, Corporate, Compliance, IT, High Availability Disaster Recovery (HADR), CI/CD Pipelines, Google Workspace, MDM, Machine Learning, Infrastructure, Web Security, Veeam, System Administration, Virtualization, HTTP2, Data Center Migration, Disaster Recovery Plans (DRP), Networking, Migration, Cloud, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Web Application Firewall (WAF), Content Delivery Networks (CDN)

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring