Thijs van Nuland

Cloud and DevOps Engineer / Architect

CTRL-TAB IT Consultancy | kvk: 89667832 info@ctrl-tab.nl in/thijs-van-nuland | tabnul | www.ctrl-tab.nl

About Thijs

During his career, Thijs worked mainly on the intersection between software-development and infrastructure-operations.
He started working with private and public cloud in an early phase (AWS, Azure and various on-prem solutions) and fulfilled many roles in this area (such as engineer, tech lead, architect.
Thijs is broadly oriented, a technician at heart and likes to explore new technology.
He approaches topics from both the technical and business perspective.
Thijs learns quickly and is pro-active. He is a team player, t-shaped, calm and has an open attitude.
Thijs prefers working in agile teams (for instance using the scrum or kanban methodologies).

Special Interests

Professional
KubernetesCloud technologyWebapplications and onlineComplex application architecture
Spare time
Home automation and HomelabKubernetesHerpetology2 Kids2 DogsMusicSpinning and mountainbikingNature and hiking

Industry experience

Retail and WholesaleE-commerceFinanceElectronics and Semi-conductorsPharmacySocial Security and PensionsReal estateAviation

Languages

Dutch - Native

English - Fluid

Skills

  • Cloud platform engineering
  • Architectural design
  • Kubernetes / Container orchestration
  • Automation and CI/CD
  • Application and infrastructure performance testing
  • Observability
  • Web, cache and application servers
  • Databases
  • Content Management Systems

    • Education

    HBO Informatica

    Fontys University of Applied Sciences
    2005

    MBO ICT Beheer

    ROC Eindhoven
    2004

    Experience (6)

    AZL (part of Nationale Nederlanden) (Via CTRL-TAB IT Consultancy)

    Cloud and Kubernetes Engineer 06-2024 - current

    Building a cloud environment in Microsoft Azure (including AKS) to support software for the new pension system
    My activities consist of:

    • Ensure the AZL organisation consumes kubernetes in a secure and correct manner
    • Ensure the networking is configured using the principle of least privilige within all subscriptions (Azure NSG, Cilium Networkpolicies)
    • Implement disaster recovery measures across all consumed Azure Services
    • Implement Akamai CDN and layer 7 protection for public workloads
    • Deployment and management of the central AWX Platform
    • Narrowly working together with the internal Kubernetes Platform team to ensure the platform matches the AZL requirements
    • Ensure third party software vendors adopt and adhere to kubernetes and AZL best practices
    • Support teams with their cloud journey, maintaining the landing zones (terraform code and devops pipelines) and advice on technical and strategical challenges
    • Design and implement end-to-end observability environment based on Azure Monitor, Application Insights and prometheus. Help teams to adopt and integrate with the plaform. Implement alerting rules for the platform team.
    • Implement audit feeds to Splunk (via. Azure Eventhub)
    • Troubleshooting issues in the distributed application landscape

    Omgeving: Microsoft Azure | Terraform | Azure Monitor | Azure Kubernetes Service | Artifactory | Azure Devops | Keeper Password Security | Entra ID | Open Policy Agent | Defender Container Security | WSO2 | Akamai | Ansible AWX | WSO2 | Servicebus | Eventhub | Azure Functions | Azure Data Factory

    Schiphol (Via CTRL-TAB IT Consultancy)

    Openshift Platform Engineer 11-2023 - 06-2024

    Part of the ET Tech Container Platform team. This team is responsible for the Openshift platform hosted on-prem and in the Microsoft Azure cloud. The team also focusses on the enablement of consumers via internal consultancy.
    My activities consist of:

    • Building and maintaining the terraform code base which is used to deploy Azure and Openshift resources (infrastructure as code)
    • Maintaining the Azure DevOps pipelines and related resources
    • Design and implementation of a layer-7 security layer in front of the public-facing ingress controllers, using Azure Application Gateway with WebApplication Firewall (WAF)
    • Design of a new ingress solution based on Nginx Plus
    • Deployment and automation of RHACS (Redhat Advanced Cluster Security based on Stackrox)
    • Maintenance and support to keep the Openshift clusters healthy (monitoring and alerting, lifecycle management)
    • Supporting the product owner with technical user stories

    Omgeving: Microsoft Azure | Vmware vSphere | Openshift Container Platform | CoreOS | Azure DevOps | Terraform | Open Policy Agent / Gatekeeper | Nginx Plus Ingress | Azure Privatelink | Splunk SignalFX | Alertmanager | Shell scripting

    Resume | Thijs van Nuland | English

    Experience (5)

    CTRL-TAB IT Consultancy

    Consultant / Owner 04-2023 - current

    CTRL-TAB IT Consultancy is a sole proprietorship focussing on support of businesses in need of additional capacity.
    The main focus is:

    • Cloud and infrastructure architecture and engineering
    • Kubernetes platform architecture and engineering
    • DevOps team support and engineering
    • Cloud Migration and strategy

    De Volksbank (Via Fullstaq)

    Platform Engineer | Hands on Architect 01-2022 - 11-2023

    Part of the Kubernetes and Cloud team. My activities consist of (but are not limited to):

    • Design and development of a Terraform building block which bootstraps a Kubernetes cluster including cloud-resources, guardrails and last-mile configuration with ArgoCD
    • Implement the Cilium stack on top of EKS (servicemesh, overlay network, ingress and replacement of kube-proxy)
    • Design, automate and implement a highly available business-critical Istio Servicemesh with external CA integration (AWS ACM PCA) and Jaeger connection
    • Inventarisation and implementation of cost-reducing measures of the cloud environmnent and kubernetes clusters (technology, process, architecture)
    • Operational activities to keep the Kubernetes clusters healthy
    • Intake and refinement of user-stories
    • Maintaining the Observability stack
    • Proof of concept, design and implementation of a connectivity strategy to expose Apache Kafka streams and HTTP API’s to an external partner (access to Pega using a hub-spoke private link setup).
    • Lifecycle management of cluster components and development of the Terraform stack and Tekton Pipelines
    • Scope and setup of the first phase of a proof of concept with Redhat Openshift on AWS (ROSA)- requirements gathering, documentation, organizing kickoff workshop, setup of a demo-environment

    Environment: Infrastructure as Code | GitOps | AWS EKS | Helm | Kustomize | Terraform / TF Cloud | Istio | Cilium | Jaeger | Tekton Pipelines | External Secrets Operator | Cert-manager | Github Actions | Trivy | Open Policy Agent / Gatekeeper | Ingress-Nginx | AWS Privatelink | Suse Rancher | Prometheus | Grafana | Alertmanager | Loki | Venafi | Python | Shell scripting

    European Parliament (Via Fullstaq)

    DevOps Engineer | Hands on Architect 09-2021 - 12-2021

    • Designing, building and automating a Kubernetes environment with third-party ecosystem on AWS
    • Requirements gathering and technical demonstrations for the customer

    Environment: Azure Sentinel | AWS Elastic Kubernetes Service and Active Directory Service | Suse Rancher | Gitlab CI | Aqua Container Security Platform (CI/CD and runtime) | Prometheus | Grafana | Alertmanager | Loki | fluentD

    Resume | Thijs van Nuland | English

    Experience (4)

    Capgemini

    Cloud Architect 10-2020 - 09-2021

    Project: Bayer Cloud transition:

    • Create a high-level architectural design used to integrate the Bayer R&D and factory locations into the Capgemini cloud management framework; Identity and Access Management, Disaster Recovery, Observability, Secret management, Infrastructure Automation, Vulnerability management
      This enables Bayer to consume the multi-cloud environment based on GCP, Azure and AWS.

    Project: Hema Cloud migration:

    • Technical coordination of the cloud migration of several core-business applications from on-premise to Microsoft Azure and Amazon Web services
    • Architectural re-design of those applications and create short-term roadmaps for further development in the public cloud

    Environment: AWS | Azure | GCP | Packer | Terremark | Jenkins | Zabbix | Splunk | EMC Networker | Trend-Micro Deep Security | Tanium | Cyberark | Nessus | QIP | VMWare

    ASML (via Bright Cubes)

    DevOps / Platform Engineer | Hands on Architect 02-2019 - 10-2020
    • Designing and building high-available and secure tool-chains and workflows to support the development of the businessline application developers
    • Modernizing the legacy on premise CI infrastructure by integrating tools like Hashicorp Packer, Terraform, Rundeck and Ansible
    • Maintaining the existing configuration management stack based on Puppet
    • In-depth performance analysis of the CI pipelines and infrastructure using Dynatrace. Implementing and coordinating the findings and solutions
    • Support of our product owner with stakeholder management (pre-refinement of the complex technical customer-requests and translation to user-stories)
    • Organize knowledge-sharing sessions (Containerization and Continuous Delivery, Pets vs. Cattle, Dynatrace observability)

    Environment: Atlassian Bamboo | Terraform | Puppet | Ansible | Rundeck | Packer | Docker | Rancher | Kubernetes | Red Hat Enterprise Virtualization / KVM | Azure | VMWare ESXi | ITIL | Scrum | Safe | Nexus | Artifactory | Python | PowerShell | Linux Red Hat | CentOS | Windows Server | Chef Inspec | SonarQube | Dynatrace One | Splunk | Microsoft SCOM | Prometheus | TCP/IP | Loadbalancing | Oracle | NetApp | Jira | ServiceNow | Gradle

    Resume | Thijs van Nuland | English

    Experience (3)

    Sentia

    Senior Cloud / Pre-sales Architect 09-2018 - 02-2019
    • Architectural design of private- and public- cloud environment and hosted applications
    • Participate and organize workshops with existing and potential customers
    • Create slide-decks and technical offerings / cost calculations for potential customers

    Environment: Azure | AWS | Private Cloud | Containerization | Archimate | Blue Dolphin | Loadbalancing | CMS | Webapplication Firewalls | DevOps | Infrastructure as Code

    Mirabeau (2)

    Handson Cloud Solution Architect / platform engineer 02-2016 - 09-2018
    • Architectural design and support of applications and cloud solutions to support the Mirabeau software development processes (Azure + AWS)
    • I was technical lead and architect on various cloud transitions where i was responsible for; application assessment, planning, deployment, cost calculation and roadmap creation
    • Resonsible for maintenance and availability of the hosting and application/database envionment of several complex a-brand high traffic web- and backend applications
    • Implementation of a self-service scalable CD-pipeline used for the deployment of multi-tenant application environments (Azure classic, Azure App services)
    • Responsible for operations of a event-driven data-processing system based on AWS Redshift (used for pixel tracking and other marketing purposes)
    • As a performance consultant, I performed end-to-end performance analysis of web-applications and cloud-infrastructure, both internally and externally.
    • As pre-sales architect, I supported our sales teams with answering RFP’s (e.g. high level application- and cloud design, cost calculation)
    • I lead a proof of concept with .NET Windows containers on AWS Elastic Container Service
    • I designed and implemented a high-available cost-efficient Microsoft SQL Server environment for one of our customers

    Customers: Arcadia Group (UK), Amgen, Allsecur, NVM, Makro, Fleurop, Homefashiongroup/Kwantum, Zowonen, Vestide, Dynasource, Stichting Pensioenregister

    Environment: Azure | AWS | Verizon Cloud | Interoute | VMWare | Redhat Linux | Windows Server | SOA | Message Queueing | Microsoft SQL Server | MySQL | Caringo CAStor | Varnish | Squid | MemcacheD | CA Lisa release automation | TFS | Teamcity | New Relic | Nagios | Keyperformance | AWS Cloudwatch | Google Analytics | Webtrends | Webpagetest | TCP/IP, Loadbalancing | VPN | OpenSSL | DNS | Akamai | Chinacache | Microsoft IIS | Apache | Tomcat | IBM Websphere | Powershell | Shell scripting | VBS | Sitecore | Episerver | Umbraco | Tridion | Stellent | Sharepoint | Jira | Topdesk | HP

    Resume | Thijs van Nuland | English

    Experience (2)

    Vecozo

    DevSecOps Engineer 02-2014 - 02-2016
    • Automation of application deployments and configuration-changes in the DTAP environments
    • Configuration management of the application hosting environment
    • Automating penetration-tests and impact assessment of findings
    • Addressing and/or solving of newly found application and infrastructure vulnerabilities
    • Configuration and maintenance of the SSO solution based on PingIdentity / PingFederation
    • Configuration, design and maintenance of the Microsoft SQL Server environments (high volume transactions and high availability)
    • Maintenance of the Elastic Stack, used for both application performance monitoring and security alerting
    • I implemented a custom monitoring solution to test the user-experience of the web-applications and the performance of the API’s
    • I lead the technical implementation and architecture of a new Intranet solution based on Microsoft Sharepoint

    Environment: VMWare | Hyper-V | SOA | Microservices | Message Queueing | nServicebus | Nessus | Mcafee secure | OWASP | Microsoft SQL Server | Elasticsearch (ELK Stack) | Visual Studio Release Management | SCCM | SCOM | Sharepoint | IIS | ASP.NET | TFS | Fluent Migrator | Opsmanager | Google Analytics | Loadbalancing | PKI | OpenSSL | Wireshark | Powershell | Ektron | Episerver | Sharepoint | Powershell | TSQL | Topdesk | HTTP | SOAP | REST | XML | Yaml | Windows Server | DevOps | ITIL

    Mirabeau (1)

    Senior DevOps / Cloud Engineer - Online 04-2007 - 02-2014
    • Responsible for maintenance and availability of the hosting and application/database environment of several complex a-brand high traffic web- and backend applications.
    • I participated in various software development projects. Both as an operations engineer, application tester and tech-lead. Most prominently during the transformation of a legacy storage-system to a modern object-storage based solution for the business-critical processing and hosting of millions of images.
    • I performed load-tests and end-to-end performance analysis for various internal and external customers, covering both the infrastructure and application performance
    • I automated the deployment of cloud services and applications
    • I migrated various applications from an on-premise environment into the AWS and Azure public cloud (re-platform and re-host strategy)
    • I bridged the gap between our hosting partners,software developers and customers (configuration of cloud services and/or coordinating the activities of our partners)
    • I tested the functionality and performance of new cloud vendors to support hosting supplier portfolio management.

    Some of the customers i worked with;
    NVM, Funda, KLM, Transavia, DAF Trucks, Vodafone, Aegon, Jumbo Supermarkten, Global Collect, Equens, VanDoorne, Paperlinx, Mediq, Stadgenoot, Citybox, Autotrader, DTG, Randstad”

    Environment: AWS | Azure | Verizon Cloud | Interoute | VMWare | SOA | Message Queueing | Microsoft SQL Server | MySQL | Caringo CAStor | Varnish | Squid | MemcacheD | CA Lisa release automation | TFS | Teamcity | New Relic | Nagios | Keyperformance | AWS Cloudwatch | Google Analytics | Webtrends | Webpagetest | TCP/IP, Loadbalancing | VPN | OpenSSL | DNS | Akamai | Chinacache | Microsoft IIS | Apache | Tomcat | IBM Websphere | Powershell | Shell scripting | VBS | Sitecore | Episerver | Umbraco | Tridion | Stellent | Sharepoint | Jira | Topdesk | HP

    Resume | Thijs van Nuland | English

    Experience (1)

    Infoland / Zenya

    Customer Support Engineer 06-2005 - 04-2007
    • Second line technical support on the Infoland .NET applications, troubleshooting and root-cause analysis of issues with the Infoland software
    • Increasing the user experience of the Infoland software and service by making sure feature-requests and issues are correctly registered
    • Onsite and remote installation, configuration and integration of the Infoland software in the customer environment and infrastructure

    Environment: VMWare | SOA | ASP.NET | Microsoft IIS | Loadbalancing | Wireshark | VPN | SSL | DNS | TSQL | Magic Servicedesk | Active Directory | Novell Directory Service | HTTP | ITIL | Windows Server

    VICT Informatici

    System Administrator 09-2004 - 06-2005
    • Onsite maintenance of client, server and backup systems
    • Troubleshooting and integrating the VICT software

    Environment: Microsoft IIS | Microsoft Windows Server | Active Directory | AVG business

    JMW Computers

    Service Engineer (internship) 09-2001 - 08-2004
    • Assembling and software installation of computer and server systems
    • Onsite support and server / infrastructure maintenance
    • Functional and technical support on hardware and software issue

    Environment: Windows desktop 95-98-me | Windows server NT4-2000 | Active Directory | Exchange

    Resume | Thijs van Nuland | English

    Certifications

    AWS Certified Solutions Architect – Professional + Associate

    Amazon - 2023-01 // 2020 // 2017

    AZ-104: Microsoft Azure Administrator Associate

    Microsoft - 2023-01

    Google Cloud Digital Leader

    Google - 2023-01

    CKS: Certified Kubernetes Security Specialist

    The Linux Foundation - 2022-05

    Terraform Associate

    HashiCorp - 2022-03

    CKA: Certified Kubernetes Administrator

    The Linux Foundation - 2021-07

    CKAD: Certified Kubernetes Application Developer

    The Linux Foundation - 2021-07

    AWS Certified Security – Specialty

    Amazon - 2021-06

    Certified SAFe 5 Agilist

    Scaled Agile Inc - 2020-03

    Exam 534: Architecting Microsoft Azure Solutions

    Microsoft - 2017-12

    AWS Certified SysOps Administrator – Associate

    Amazon - 2016-07

    MCTS 70-432 - Microsoft SQL Server 2008, Implementation and Maintenance

    Microsoft - 2012

    MCTS: Microsoft SharePoint 2010, Configuring

    Microsoft - 2011

    MCTS: Microsoft Office Sharepoint Server 2007, Administration

    Microsoft - 2008
    Resume | Thijs van Nuland | English

    Courses and workshops (organized)

    Istio Servicemesh basics

    2022

    Containerization & Continuous Delivery basics

    2020

    Pets versus cattle

    2020

    Enterprise observability with Dynatrace

    2019

    Load- and Stress-testing dynamic webapplications using JMeter and Blazemeter

    2018

    Microsoft SQL Server Basics

    2014
    Resume | Thijs van Nuland | English

    Courses and workshops (participated)

    Multi-cluster metrics with Prometheus and Thanos (Fullstaq workshop

    2021

    Golang (internal Fullstaq course)

    2021

    Leading SAFE 5.0

    2020

    Splunk (custom ASML training)

    2019

    Blue Dolphin (custom training)

    2018

    Advise and convince

    2017

    Business English

    2017

    AWS Certified Solution Architect – Professional

    2017

    Advise and convince

    2016

    SQL Server 2012 Administration

    2015

    SharePoint 2013 Administrator

    2014

    ITIL Foundation

    2011

    Scrum

    2011

    HP Webinspect / HP Fortify

    2011

    Episerver CMS Administration

    2010

    SharePoint Server 2007 MOC5061

    2007

    ITIL course

    2006
    Resume | Thijs van Nuland | English

    Skills and experience overview

    Cloud platform engineering
    Amazon Web servicesMicrosoft AzureGoogle Cloud Platform
    Architectural design
    MicroservicesService-Oriented ArchitectureHub-spoke topology3 tier network topologyMicrosoft MSMQ, Apache Kafka, Amazon Simple Queueing Service, Azure Servicebus
    Kubernetes / Container orchestration
    Kubernetes (K8S, K3S, RKE, EKS, AKS)External Secrets OperatorExternal-DNSCert-managerOpen Policy Agent / GatekeeperFalcoAqua Container Security PlatformTrivyIstio Service MeshCiliumBottlerocketKarpenterDockerAWS Elastic Container ServiceAWS FargateAzure Container InstancesSuse RancherOpenshift Container platformRedhat Advanced Cluster Security / Stackrox
    Automation and CI/CD
    TerraformPackerFluxCDArgoCDTekton PipelinesAzure Resource Manager (ARM)Ansible Tower/AWXJFrog ArtifactoryJenkinsAtlassian BambooPuppetRundeckCloudformationAzure DevOpsOctopus DeployCA Lisa Release automationGitlabGithubFluxCD / Gitops | Visual Studio / Code
    Application and infrastructure performance testing
    JMeterBlazemeterTaurusSwarmiometeriperf
    Observability
    PrometheusGrafanaLokiJaegerDynatraceNew RelicSplunkElastic StackFluentDCheckMKCloudwatchZabbixNagiosOpsmanager
    Web, cache and application servers
    Microsoft IISApacheTomcatNGinxIBM WebsphereVarnishSquidRediMemcacheDApache SOLR
    Databases
    Microsoft SQL Server (MSSQL)MySQLAmazon RDSAzure SQLAWS RedshiftMariaDBPostgreSQLElasticsearchMongoDB
    Content Management Systems
    SitecoreEpiserverHugo CMSInfoland / Zenya suiteMicrosoft Sharepoint
    Networking
    TCP/IPOSI modelSoftware Defined networkingLayer 4-7 Firewalls |Layer 4-7 LoadbalancingContent Delivery NetworksVPNDNS
    Security and IAM
    TaniumCyberarkNessusWSO2PingFederateHP FortifyMcafee SecureOWASPTrend-Micro Deep Security
    Virtualization
    VMware ESXiProxmoxHyper-VRedhat Enterprise VirtualizationKVM
    Storage and Backup
    Velero BackupLonghornGlusterSymantec Backup ExecCloudberryRedate SQL suiteEMC NetworkerObjectstorage (S3, Azure Blob, Caringo Castor)
    Scripting and languages
    PythonShell/BashPowershellRegoLUAVBSTSQL
    Operating systems
    Red Hat Enterprise LinuxWindows ServerCentOSAmazon LinuxSuse LinuxUbuntu and Debian
    Markup languages and protocols
    YAMLJSONXML/XSDSOAPREST
    Collaboration and Incident management
    Atlassian JiraAtlassian ConfluenceSharepointTopdeskServicenow
    Methodologies
    (Scaled) AgileScrumKanbanSAFEDevOpsPlatform EngineeringWaterfallITIL
    Private projects (homelab)
    TerraformProxmoxAnsibleKubernetes / K3SFluxCDArgoCDLonghornMinIOPhpIPAMOPNSense / PfSenseHomeassistantZigbee2MQTT
    Resume | Thijs van Nuland | English