Matthias BERTSCHY
466 chemin de Pain Loup, 01220 Divonne les Bains, FRANCE
Date of birth: February 21, 1981
Personal information: French, married, one child
Mobile: +33.(0)6.73.98.94.87
to contact me, matthias@matthiasbertschy.info
RHCA, CISSP and Kubernetes specialist

Ingénieur Diplomé, Master from the engineering school CPE Lyon in Electronics and Computer Science, with a specialization in Distributed Information Systems and Internet Technologies, 2005.

Certified Kubernetes Security Specialist (CKS), January 2021 (ID LF-gshwamkn05).

Certified Kubernetes Application Developer (CKAD), January 2019 (ID CKAD-1900-0362-0100).

Certified Kubernetes Administrator (CKA), January 2018 (ID CKA-1800-0224-0100).

Red Hat Certified Architect, January 2017 (License Number: 160-037-149).

Certifier Information Systems Security Professional (CISSP), November 2015 (Certificate/ID Number: 528310).

GIAC Penetration Tester (GPEN), November 2012 (analyst number 7940).

Swiss work permit, G-EC.

Driving license, for cars and motorcycles, February 1999.
SUMMARY

RHCA (License 160-037-149), CKA (ID CKA-1800-0224-0100), CKAD (ID CKAD-1900-0362-0100) and CISSP (Certificate 528310) specialized in DevOps and cloud technologies (OpenShift, Kubernetes and Docker) I am looking for opportunities to leverage and expand my skillset while serving your company's interests.

I am working daily with Kubernetes and an active contributor to Kubernetes and OpenShift Origin projects in github. My goal is to be recognized as an expert in software containerization in Suisse Romande and promote sustainable and security minded DevOps principles in our region.
IT RELATED SKILLS
  • Opensource: Kubernetes reviewer
  • Programming: Java 11, Golang, Python
  • Automation: Ansible, Puppet
  • Orchestration: Kubernetes, OpenShift, docker-compose
IT EXPERIENCE
5/2020 - present Lombard Odier Group Geneva, Switzerland
Senior Kubernetes Architect
6/2019 - 4/2020 Swissquote Bank Gland, Switzerland
Productivity Manager
1/2019 - 1/2020 Swissquote Bank Gland, Switzerland
Lead DevOps Engineer

As a member of Product Development, work closely with IT/Exploitation and Offshore departments to promote and implement DevOps practices to improve the bank's development and deployment processes.

Technologies:

  • Orchestration: Kubernetes
  • Middleware: Tomcat, Maven, Java 8
  • CI/CD: Docker, carnotzet, Jenkins
  • Monitoring: Dynatrace, InfluxDB, Grafana, Kibana
  • Scripting: Python, Puppet
9/2017 - 12/2018 Swissquote Bank Gland, Switzerland
Senior DevOps Engineer

As a member of Product Development, work closely with IT/Exploitation and Offshore departments to promote and implement DevOps practices to improve the bank's development and deployment processes.

Technologies:

  • Orchestration: Kubernetes
  • Middleware: Tomcat, Maven, Java 8
  • CI/CD: Docker, carnotzet, Jenkins
  • Monitoring: Dynatrace, InfluxDB, Grafana, Kibana
  • Scripting: Python, Puppet
3/2016 - 8/2017 SICPA Security Solutions SA Prilly, Switzerland
Cloud DevOps Engineer in PaaS technologies

Provide operations lead on cloud based solutions, deployment and maintenance of PaaS environments, and industrialization work with development teams.

Technologies:

  • Jenkins
  • Red Hat OpenShift Enterprise v3.2
  • Kubernetes
  • Docker
  • HAProxy
  • SDN
  • Springboot
  • Zookeeper
  • Kafka
12/2013 - 2/2016 SICPA Security Solutions SA Prilly, Switzerland
System Security Engineer

Implement and manage information systems for government and industry projects, including system, network, database and security technologies (projects subject to NDA).

Work with development teams as a production engineer, participating in daily Scrums and sprints.

Same as below for 80% of the time, plus:

  • write and maintain security policies.
  • participate in risk assessments and business risk analysis.
  • perform internal penetration tests against production and development systems.
  • advise on security related aspects of system architecture.
4/2011 - 11/2013 SICPA Security Solutions SA Prilly, Switzerland
System Engineer

Implement and manage information systems for government and industry projects, including system, network, database and security technologies (projects subject to NDA).

Typical project includes:

  • OMD/Check_MK based monitoring.
  • shared storage (Fiber Channel, iSCSI or direct attached).
  • VMWare ESXi 5.x or 6.
  • puppet based orchestration.
  • multiple satellite systems, geographically distributed.
  • centralized user management with multi-replication.
  • hardware load balancers with SSL offloading.
  • extensive use of radius for every equipment.

Achievements:

  • design, implement and install multi-100k CHF IT systems.
  • choose or adapt technologies to accommodate unreliable networks.
  • create and maintain wiki based documentation.
  • train international local teams.
  • provide level 2 or 3 support.
2/2009 - 3/2011 Net4all.ch SA Lausanne, Switzerland
System Administrator

Manage and administer computer networks in a web hosting (2nd largest in Suisse Romande) and IT services company.

  • Centreon/Nagios based monitoring (270+ hosts, 1700+ checks).
  • 38+ TB of network storage.
  • 40+ Linux hosting servers, serving websites of more than 16'000 domains (PHP, CGI).
  • Linux based mail cluster, serving more than 60'000 mailboxes, 10 mails/sec on average (IMAP, POP, webmail).
  • Microsoft Frontpage and Adobe ColdFusion compatible hosting servers.
  • Microsoft Exchange cluster (domain and individual mailbox hosting).
  • Remote application hosting (Microsoft Office, Winbiz).
  • Online backup solutions (Recodoc).
  • VMWare ESXi virtual servers (Linux, Windows).
  • Dedicated servers (Linux, Windows).
  • iptables (Linux) and pfSense (FreeBSD) firewalls.

Achievements:

  • phone and email ticket based level 2 support (OTRS, ITIL inspired methodologies).
  • centralized management/updates of servers using puppet (Reductive Labs) and systemimager.
  • automatic deployment of Linux images (new hardware, VPS, disaster recovery).
  • increased redundancy and performance of network storage (RAID 10, NFS).
  • parallelization of web statistics generation.
  • failover deployment of MySQL (Multi-Master Replication Manager for MySQL, mysql-proxy).
  • individual chroot for PHP and CGI scripts on web hosting servers (apache, fcgid, homemade suexec wrapper).
  • advanced scripting of daily maintenance tasks (mostly in Python).
12/2005 - 1/2009 Echo Technologies SA Nyon, Switzerland
System Administrator

Manage and modernise a 60+ computers network, provide IT support for a software development company.

Achievements:

  • setup and maintenance of release management servers (Perforce).
  • setup and maintenance of developers workstations (Windows, Linux).
  • setup and maintenance of test labs and network simulation devices (Windows, Linux, FreeBSD, VirtualBox).
  • firewall, dynamic policies, 2-tier authentication (OpenBSD, packet filter, authpf, password-protected SSH keys).
  • IPSEC VPN, redundant connections, hub and spoke topology, roadwarriors support (OpenBSD isakmpd, Windows GreenbowVPN, Linux ipsec-tools, MacOS IPSecuritas).
  • wireless routers, embedded PC hardware (Soekris, PC Engines, M0n0wall, Voyage Linux).
  • dynamic DNS/DHCP servers, master & slave (Linux, Bind, ISC DHCP).
  • internal VoIP network (MultiTech MultiVOIP).
  • internal mail server, IMAP, virtual domains, mailing lists, virus protection (Linux, CourierIMAP, Postfix, MySQL, Mailman, ClamAV).
  • internal instant messaging server, XMPP protocol (Linux, ejabberd).
  • internal video security server (Axis cameras, Linux, ZoneMinder).
  • migrate administrative applications to opensource equivalents (Thunderbird, OpenOffice, Firefox, Eclipse).
  • unattended installation of Windows and Linux workstations, network boot (Linux, Unattended, BOOTP, GRUB).
  • Windows domains, LDAP replication, Single Sign-On in all offices (Linux, Samba, OpenLDAP).
  • pilot project: migrate administrative workstations to non Windows OSes (MacOS, Linux, OpenSolaris, FreeBSD).
  • pilot project: migrate development workstations to non Windows OSes using virtualization (Linux, OpenSolaris, VirtualBox).
3/2005 - 11/2005 Echo Technologies SA Nyon, Switzerland
IT Engineer

Design and implement a reliable, self-healing network and services monitoring solution for a 60+ computers network, geographically distributed between Switzerland, Moldova and Russia.

Achievements:

  • Nagios monitoring solution.
  • custom plugins for several network services.
  • wrapping interface to improve Nagios reporting.
  • altered Nagios to work better in a geographically distributed network setup with full logs and alerts replication.
6/2003 - 6/2004 Echo Technologies SA Nyon, Switzerland
IT Technician

Implement and operate a build and release management system, including packaging into installers, for a software development project.

Achievements:

  • automatic daily builds ready for QA.
  • professional installers using InstallAnywhere.
  • (not planned) Linux based solution replacing an Exchange server (Samba PDC, Postfix mailserver, Kolab groupware).
KEY SKILLS

English, fluent, Certificate of Proficiency in English (Cambridge ESOL, highest level of the Common European Framework of Reference), December 2004.

German, good level, 6 years at school, childhood spent near Germany.

Japanese, beginner, 2 years at school.

First aid diploma, French AFPS, May 2002.
INTERESTS
  • shooting (Olympic sport) at a national level for 10 years (and champion of France in 1999, nearly selected for French team).
  • other sports including basket-ball, swimming, body-building, roller-skating, skiing.
  • game of go (ancient strategy game from China) with a level of 24 kyu.
  • cooking.
  • coffee brewing and cupping.
  • wine and beer tasting.
  • cinema, reading.