Georges - Identity and security cloud architect

WORK HISTORY

March 2021 - Now Employer: m3 Group, Geneva, CH
- Final Client (100%)
Position: IT Infrastructure Manager (Cloud-oriented projects)
Main Activities: I'm involved in many interesting challenges at m3 Group. Existing Infrastructure needed to be
modernized and we decided to go with a hybrid Cloud approach (IaaS, PaaS) and SaaS with Microsoft 365
services. I'm leading the architecture, design, integration and projects coordination with our different internal
teams and external partners to make our IT projects a success.
1/ Modernize existing Infrastructure
- VMware vSphere 6 infrastructure
- Citrix XenDesktop/XenApp & Citrix ADC (Netscaler) for LoadBalancing and Publishing
- Fortigate Firewalling and MFA FortiToken
- Follow me Printing Solution: Ysoft
- Microsoft-Oriented infrastructure (AD, DNS, DFS, DHCP, Filer...)
- Windows 11 Automatic Deployment with WDS/MDT
- Active Directory Hardening with GPO (Baseline, LAPS...)
- Messaging and Unified Communication: Skype for Business & Exchange 2016 services
- Setup new Public Key Infrastructure (PKI)
AZURE SECURITY & MS 365
COMPLIANCE

AZ-500 SC-400 MS-700

AZ-104 SC-300 AZ-140

AZ-700 SC-200 MS-720

AZ-304/303 SC-100 MS-500
__________________________________________________________________________________
Microsoft 365 & Azure Cloud Identity Security Architect/Engineer 2/7
(+33) 6 29 79 35 79
2/ Identity and Access Management (IAM) modernization:
- Consolidation of all m3 companies into a new single m3 group domain with Active Directory (AD) using AD
Migration Tool (ADMT), MIM (Microsoft Identity Manager).
- Implementation of AAD conditional Access
- Implementation of Self-Service Password Reset (SSPR) for hybrid identity
- Integration of applications to Azure AD and Implement SSO with federation approach (SAML, oAuth2, OIDC)
- Hybrid Identity: Synchronization of identity to Azure AD with Azure AD Connect v2 using custom Sync Rules,
Password Hash Sync (PHS) with Seamless SSO, Hybrid Azure AD Join with PRT), SAML JIT, SCIM (Automatic
Identity Provisioning)
- Implement Password Less approach (Windows Hello for Business with Cloud Trust, Fido2, Ms Authenticator
password less sign in, Phone sign in)
- Implement Intune MDM and MAM Solution to secure BYOD (Android, iOS, MacOS)
3/ Hybrid cloud Infrastructure approach:
I acted as Azure Architect and was in charge of Architecture, Design and Integration phases.
- Azure and Microsoft 365 Subscription and Licences (Cost Optimization, PAYG, CSP, Enterprise Agreement)
- Azure Governance (Naming Convention, Management Group, RBAC, Azure Policy, Azure KeyVault, Managed
Identity, Storage Account, Azure Monitor, Azure Private Link/Private Endpoint)
- Azure Network Security (Reserve Proxy Azure Application Gateway, Azure Firewall, Azure Bastion, Azure
Security Center Just-In-Time VM Access, VNET/subnet, VNET Peering, ASG/NSG, UDR, Azure VPN, Cisco Meraki
VMx Site-to-Site VPN, Cisco Umbrella DNS, P2S VPN with Azure VPN)
- Azure IaaS reserved Instances
- Azure Migration from tenant to another Tenant and Subscription to another subscription
- Veeam Backup & Replication, Veeam Backup for M365/For Azure
4/ Microsoft 365 Migration:
I’m leading the Governance, Plan, build, Coordination, Implementation, Test, Documentation.
- Migration of On-Exchange to Exchange Online
- Migration of On-prem filer to OneDrive for Business and SharePoint Online
- Migration of Skype for Business to MS Teams with PSTN
- Migration of On-prem to Cloud-managed Phone System
- Microsoft 365 Compliance and Security (MS Purview Information Protection, MS Defender)
May 2021 – March 2022 (11 m) Employer: SoftwareONE, Morges CH
- Delegation 40% at ICRC (International Committee of the Red Cross), Geneva (Switzerland)
- Consulting 60% for various customers on Microsoft Cloud Technologies (Architecture / Design / Identity /
Security / Compliance / Endpoint Manager / M365)
Position: Senior Azure Cloud Architect & IAM Specialist
Main Activities: Architecture, Design, Project Management, Integration, Support and Pre-Sales activities
• IAM Project Manager / Technical Tech Lead: IAM program (Modern Identity, Zero Trust, PasswordLess
(W10 Signin with Fido2, MS auth), B2B, B2C, Self-Service...). Continuity of my previous job at ICRC
(International Committee of the Red Cross), CH
• Microsoft 365 Compliance: Information Governance & Record Management at VITOL, CH
• Microsoft 365/Azure AD Security Audit: Assessment on Azure AD, Microsoft Endpoint Manager,
SharePoint Online, MS Teams, Exchange Online, M365 Compliance and Security (Microsoft Defender for
Endpoint and Offiice365) at Covantis, CH
• Azure AD & File System, Exchange Migration: Azure AD Security, Migration of MS Exchange/File System
on-Prem to MS Exchange/SharePoint Online using Bittitan and ShareGate for Mirabaud Services
Limited, UK
• Azure Migration/Readiness Assessment: HyperV Azure readiness Assessment to Azure at SD Plus, CH
• Azure Virtual Desktop (AVD + FSLogix) & Windows 365: Advisory, Network-Security Architecture,
deployment Azure Virtual Desktop with Azure AD DS/Azure AD Join with FSLogix, Windows 365
__________________________________________________________________________________
Microsoft 365 & Azure Cloud Identity Security Architect/Engineer 3/7
(+33) 6 29 79 35 79
Enterprise, Setup IPsec Site to Site VPN with Azure , VNET Peering, Support on Intune and Microsoft
Defender for Endpoint at MKS,CH
• Google Workspace to M365 Migration: Advisory, Governance, Security. Migration Google Workspace to
Exchange Online & OneDrive for Business. Integration Google Cloud Platform with Azure AD (SSO/SCIM
provisioning) at Metaco, CH
• Teams Adoption: Advisory. Hybrid Full Classic Exchange Deployment (Free/Busy). MS Teams governance
and adoption for VITOL, CH
• Teams Adoption: Advisory, MS Teams governance and Security for Mirabaud Services Limited, UK
March 2018 – May 2021 (3yrs 2m) Employer: Talents Connection, Lausanne CH
- Delegation 100% at ICRC (International Committee of the Red Cross), Geneva (Switzerland)
Position: Identity & Access Management (IAM) Platform Responsible
• Technical Team Lead/Manager: I’m Responsible of IAM Strategy and vision, Integration, Architecture &
Design. I coordinate and manage a Team of 4 IAM consultants/Architects at L3 Platform.
• Technical lead on IAM projects: I’m a Security and Identity Architect with strong skills on Microsoft
products (Active Directory /Microsoft Identity Manager / ADFS / Azure AD). I designed the future of IAM
of ICRC proposing a vision and a strategy based on a Program with different projects to enhance userexperience & Security maturity.
• Projects Integration: I’m in charge of integrating any IT solutions into IAM/CIAM Systems, maintain and
provide evolutions to IAM Services Catalog
• Architecture, Design & Governance: I’m in charge to review and propose new architecture based on IAM
& Cloud Strategy.
• Support & Knowledge Transfer: I’m in charge of the knowledge transfer to L2/L1 Support Teams. Writing
all technical documentation (User guide / Technical procedure / Installation & Architecture)
Technical Skills:
• Azure Active Directory Premium P1/P2
- Azure AD Connect (Hybrid Identity)
- Azure AD B2B / External Identities
- Azure AD Application Proxy (On-prem Kerberos/SAML app publication) + F5 BigIP APM
- Azure AD Identity Governance (Access reviews, Entitlement management, Privileged Identity
Management (PIM) in Hybrid Mode)
- Azure AD Conditional Access : Zero Trust Approach
- Azure MFA (SMS/phone/Microsoft Auth, Passwordless with Yubikey Fido2 & WHFB)
- Azure AD Identity Protection & Password Protection (Artificial Intelligence)
- Azure AD Self-service portals (MyStaff, MyApps, MyGroups, Access Package, PIM…)
- Azure AD SSO Integration 3rd Party Apps for SSO with SAML and OIDC/oAuth2
- Azure AD SCIM (Automatic Provisioning)
- Azure Monitor/Log Analytics
• ADFS (Active Directory Federation Service)
- Installation / Configuration / Migration ADFS 2012 to 2016
- Create and Manage 30 SAMLv2 Trusts (CTP/RPT): SAMLv2/WS-FED
- ADFS Trusts Migration to Azure AD
• Active Directory: 300 sites RWDC/RODC worldwide, 15000 users.
- Migration AD2016
- Design / Architecture/Troubleshooting
- Security and Hardening
- GPO/AGPM/DNS/DHCP/DFS
- Authentication methods supported Kerberos/LDAPs
- Automation "AD as a Service" via Ansible/AWX
- Manage Certificates from PKI (AD CS)
• Microsoft Identity Management (MIM):
- Design / Integration / Troubleshooting
__________________________________________________________________________________
Microsoft 365 & Azure Cloud Identity Security Architect/Engineer 4/7
(+33) 6 29 79 35 79
- Migration FIM 2010R2 to MIM 2016 SP1/SP2
- MIM Sync: 160 connectors (HR SAP-SuccessFactor/HR Strategic/AD/SQL Server/PowerShell)
- Working with MS Exchange & MS Skype for Business Connectors
- MIM Portal: (SSPR/Group Management/Workflows) & Custom IAM Application
• CIAM (Customer Identity Access Management): API Approach
- Beneficiary IAM platform based on WSo2 Identity Server 5.10
- CIAM published services (signup/sign-in/sign-out/SSPR/Update Profile/MFA) based on API Approach
with WSo2 API Management 3.2
- Mobile App security: oAuth2 Authorization Code with PKCE
- Azure AD B2C (POC & Demo)
Training: Wso2 Identity Server Fundamentals 5.10 & API Manager Developer 3.2
• Microsoft 365 & Modern Workplace
- MS SharePoint: POC Azure AIP and DKE (Double Key Encryption). Integration with Azure AD using
SAML and Azure CP (Identity Provisioning)
- MS Teams: Good Knowledge & Support/Troubleshooting (WAM/ADAL Authentication)
- Microsoft 365 Apps Automatic License Management
- Microsoft Endpoint Manager (Intune MDM/MAM / AutoPilot) (Training & Workshop)
• Azure Governance, Network & Security (Training & Workshop)
- Azure Policy/initiatives, Azure Blueprint, Azure ARC
- Azure Subscriptions / Management Groups / Naming Convention
- Azure Resources Manager (Storage Account, Lock, VM, Azure Monitor/Log Analytics/Application
insights, Events hub, ARM deployment)
- Azure Identity & Security Baseline (Azure Defender, Azure Sentinel, Azure Key Vault, Splunk
Integration, Managed Identities)
- Azure Network Security (Subnet/vNET, Bastion, VM JIT Access, NSG/ASG, Front Door, Application
Gateway, VPN S2S)
- Azure Automation Runbook with Azure Hybrid Worker & Azure Logic Apps
- F5 Big-IP reverse Proxy: Wed Publishing, WAF, SSO offloading
• Scripting: PowerShell (Advanced), VMware vRA/vRO
March 2016 – March 2018 (2 yrs) Employer: Talents Connection, Lausanne CH
- Delegation 100% at ICRC (International Committee of the Red Cross), Geneva (Switzerland)
Position: Senior IAM & System Engineer
Owner of the infrastructure and its evolution (18000 users, 3 Active directory domains, 300 AD sites, 4 ADFS
farms):
- Ensure of Business Continuity
- Actively participate to Evolution of the infrastructure
- Architecture definition and evolution
- Write all technical documentation (User guide / Technical procedure / Installation & Architecture)
- Knowledge Transfer to Global Support Teams
- Level 3 Support
Technical Skills:
• Microsoft Core Services (Directory, Identity & Federation):
o Active Directory: Architecture, Administration Delegation, Role and fine-grained password Policies,
Active Directory Migration, AD Hardening
o ADFS: Federation with SAML supported apps (SaaS & On-prem)
o DFS: Architecture based on 275 remote sites
o GPO/DNS/DHCP/DFS
o FIM 2012 R2: Identity Management (MIM Sync/MIM Portal)
• Scripting: PowerShell: Very good skills
• Field Servers deployment Policies (370 FIELD Sites worldwide): Scripting, Automation, Documentation
• VMwate vRealize Automation (vRA): Setup vRA policies and defining service catalog, Automate workflow
with Ansible and vRA
__________________________________________________________________________________
Microsoft 365 & Azure Cloud Identity Security Architect/Engineer 5/7
(+33) 6 29 79 35 79
• VMware vSphere 6 (WMware Certified): Setup virtualisation(HA/DRS), Datastores, host profiles
• Storage / Network (HITACHI / Brocade) :
o Hitachi VSP G1000: LUN creation, LUN Masking, LUN Mirroring
o Brocade: Zoning SAN FC
o Archiving on Hitachi HCP
o Administration of Hitachi Switch
• Citrix XenDesktop /XenApps
o Maintenance of VDI Citrix XenDesktop 7.8
September 2015 To March 2016 (7m) Employer : ALTEN SA, Paris
- Final client (100%)
Position: Senior IAM & System Engineer
Technical skills:
• Identity Management: System Center Orchestrator (SCOR) & Scripts PowerShell / Dos
• Identity Federation: SSO with ADFS v3 using SAMLv2
• Scripting: Powershell
• Active Directory: Active Directory / ADMT/ Quest ARS
• FIM 2010 R2 SP1 (Forefront Identity Manager): FIM Sync & FIM Portal
• Virtualization based on VMware vSphere and SimpliVity
• Backup with Azure StoreSimple
IT Projects involved:
• Direct Access: Replacement of Cisco AnyConnect
• Security: KEMP Loadmaster
• Hybrid MS Exchange 2013/Online & Archiving to MS Azure StorSimple
• Office 365 migration: Coexistence AD On-Prem/Azure AD with Federation based on ADFS
• Documentation (Architecture/Exploitation/Installation/Manuel de migration
• Knowledge Transfer to Operational Teams.
• Level 3 Support
March 2012 to August 2015 (3yrs 5m) Employer : SSII Deletec Corporate, Paris
- Consulting 100%: Work for 60 different clients as a Consultant
Position: Senior Infrastructure Consultant (IAM, System & Security)
Technical Project Consultant / Integration / Architecture/ Pre-Sale / Audit / Migration / Trouble shooting
• Cloud, Identity & Access Management, System, Security, Automation, Backup, Storage
• Knowledge Transfer, L3 Support & Troubleshooting
• Technical Documentation writing (Installation / Architecture / User Guide / Audit / Migration)
Technical Skills:
• Identity & Access Management: Active Directory, Inter-forest migration ADMT, ADFS, FIM, DirSync
• Azure Public Cloud: Migration to Azure: Setup VPN site-to-Site
• Messaging Migration: From Exchange OnPrem, Google Mail to Exchange Online (Office 365) using
Quest Migrator
• Virtualization: VMware vSphere 5.x, View horizon - Citrix XenDesktop/XenServer - Hyper V
• Systems: Microsoft Server, Linux
• Network: Switching Lan Cisco, Dell/HP- FiberChannel Brocade
• Security: Firewall/UTM Sonicwall, Backup & Storage (Dell MD/EQ-EMC VNX)
__________________________________________________________________________________
Microsoft 365 & Azure Cloud Identity Security Architect/Engineer 6/7
(+33) 6 29 79 35 79
September 2009 to March 2012 (2yrs 6m) Employer: La Cinémathèque Française, Paris
- Final client
Position: System & Network administrator (Windows/Linux)
• Systems: Win XP/7 Pro, Win Server (AD/GPO), HyperVR2, SCVMM, P2V avec VMware Converter Std,
Vmware vSphere Esxi 4.1, Linux Debian 4, 5, Ubuntu server 10, MacOS X 10, Server, Samba, Ocs
Inventory, Dfs - Scripting: Dos, Perl, VBScript, Powershell, Bourne shell.
• Network : CISCO Chassis 4506, Access Point airport 1142n, Catalyst 2950, Mail Ironport), Vlans, Trunk,
VTP, Encap ISL et 802.1q, lacp 802.3ad, IIS, apache2, snmp, DNS bind
• Security: Firewall SonicWall,VPN/Ipsec, SSL, AVG Server, Eset-NOD32, Sophos, WSUS Server, Raid, ssh,
sudoers, apache mod-security, kerberos, ntlm, Radius, TCPDump/Nmap
• Messaging/Mobile : MS Exchange 2007, Outlook, Postfix, Blackberry Entreprise Manager, Exchange
ActiveSync, Iphone, Android
• DataBase : MS SQL Server 2k5/2k8 (T-SQL, Profiler, Reporting Services), MySQL 5, FireBird 2.5, MS
Access
• Monitoring : NAGIOS 2.9with NSClient++ plugins, CACTI 0.8.6 RRDTools / MRTG / Snmp, WeatherMap,
Iftop, Whats Up GOLD
• Backup & Storage: Netvault, Robot iScalar i80 Lto3/4, bay SAN Xyratex F5404, Switch FC brocade,
Zoning, SanSurfer, StorView
• IT ParK Management - Support L2/L3 (300 postes) : Scanner, Printers, BlackBerry
September 2007 to March 2009 (1yr 6m) Employer: SSII TRSB - Paris
- Delegation 100% for XEROX Global Services
Position: System & Network Engineer (Unix/Windows/MacOS) - Project GED « Gestion Electronique des
Documents » for CETELEM / BNP Paribas
• System : Unix FreeBSD 6.2, Windows Serveur (AD 2003), VMWare Infra/ESX, Mac OS X Léopard
• Network : Intégration de Switch DELL, Switch CISCO, VPN/IPSec (ike, racoon), OpenVPN, Snmp, IIS,
Apache, Dhcp, Dns, VLAN, PostFix, Tse/Vnc, Ftp,
• Security : Firewall PF (packet filtering, Failover CARP/Pfsync) / ALTQ (bandwidth queuing), Dmz,
SSH/tunnel, IPSec, SSL, RAID, onduleur, antivirus (Mc Afee)
• DataBase Administration : SQL Serveur 2005, Transact-SQL, MySQL, MS Access
• Storage/Archiving: EMC Centera /CUA et d’une baie de Stockage EMC CX3-10 clariion SAN -
Navisphere/SanSurfer/PowerPath + NAS.
• Monitoring : NAGIOS 2.9, NSClient++/plugins personnalisées NRPE, CACTI 0.8.6 RRDTools/MRTG/SNMP
• Backup LTO2 tape Bacula in Freebsd 6.2, crontab, DELL Power Vault 122T
• Development / Scripting : Dos/Batch – Script shell, Architecture 3-tier, Tomcat, GlassFish, webservices,
FrameWork .net 2.0, Perl
• Techncial Documentation writting
August 2006 to August 2007 (1yr) Employer: SSII TRSB - Paris
- Delegation 100% for Crédit Suisse
Position: Support Engineer English / French (Salle des marchés, Investment Banking Division, AssetManagement, Private Banking)
• IT park Management Workstation Windows XP), Migration Omni 3.3.1 vers Omni 3.4.1, Support level 2,
Backup
• Market data (Bloomberg v5/Reuters 3000xtra), MS Office 2000/2003 (Word, Excel, Access, PowerPoint,
Outlook/Exchange), Applications metiers Investment Banking (Fact Set, Active graph,
DataStream, Power pitch, Power plus Pro, Factiva, Spider web, DocsOpen), Applications metiers Private
banking (SAMIC)
• System Administration on Windows Server 2000/2003 (Active directory, DNS), User & Device
Management
__________________________________________________________________________________
Microsoft 365 & Azure Cloud Identity Security Architect/Engineer 7/7
(+33) 6 29 79 35 79
September 2004 to September 2005 (1yr) Employer: Ministry of Foreign Affairs, Paris
- Final Client for French Ambassy, Rabat (MOROCCO)
Position: System Administrator (VIA: Volontariat International Administration)
• System Administration (85 workstations in Windows 2000 – Servers NT4/2000) : User management,
devices, Messaging, Backup, Security Patching, migration Windows NT to Windows 2000.
• Active Directory, Configuration, Supervision, Maintenance, Installation, Security (Antivirus, Firewall,
Spyware), Ghost, VNC, monitoring (what’s up)
• Support: Helpdesk and Workplace, cabling, hotline etc…