Keywords
Skills
Dick's current focus lies on projects related to Business Continuity, Information Security, IT Risk & Compliance and Datacenter Design and Implementation.
- Dick is a data center expert with more than 25 years of experience in the IT industry.
- After his engineering studies, he spent most of his career at IBM and PwC working on infrastructure-related projects in various technical and consulting roles before starting as an independent IT professional.
- Based on his engineering roots, he was soon attracted by the technical complexity of datacenters combining many trades such as construction, electrical and mechanical engineering, connectivity, security as well as IT, in which he developed vast expertise.
- Even before the digital age, Dick was fascinated by the link between technology and business, and how an IT environment can significantly influence business success through its flexibility, availability and security (or lack thereof).
- His years of experience in the design, setup and operating of IT infrastructure, the management of technical projects and his dealings with business stakeholders and project teams make Dick a very versatile IT professional.
KEY STRENGTHS
Apart from his technical expertise, Dick is most appreciated for:
- Leading technical IT projects
- Managing stakeholder expectations
- Connecting with people and building teams
- Translating business requirements into technical specs
- Distilling complex situations into concise reports with clear conclusions and actionable recommendations
FORMAL CERTIFICATIONS
- Certified ISO22301 Lead Implementer
- Certified ISO27001 Lead Implementer
- Certified ISO31000 Lead Risk Manager
- Certified Prince2 Practitioner
- Certified Information Systems Security Professional (CISSP by (ISC)2)
- Certified Data Centre Professional (CDCP by EPI)
- Certified Google Cloud Engineer (by Google)
- Certified Microsoft Azure Fundamentals (by Microsoft)
- Certified AWS Cloud Practitioner (by Amazon)
- Certified AWS Solution Architect Associate (by Amazon)
- Certified ITIL Foundations V3
- Certified Enterprise Architect TOGAF 9
CAREER OVERVIEW
- 07/2020 - today: INTERNATIONAL IT CONSULTING bv (freelance)
- 04/2017-06/2020: PwC Belgium
- 01/2017-03/2017: IBM Belgium
- 01/2012-12/2016: IBM UAE
- 10/1994-12/2011: IBM Belgium
Project history
Main projects activities were (initial scope up to 04/2022)
- Identification and review of existing documentation and driving a documentation update exercise
- Capturing key business activities with their criticality and developing formal RTO/RPO
- Interactions with internal and external stakeholders (management team, IT operations, IT architect, security officer, datacenter provider, network provider, HR) to drill down from the processes into the underlying IT infrastructure layers which was split into a colocation, an IaaS and a PaaS environment
- Development of BCMS documentation such as Business Continuity Plan, Disaster Recovery Plan, Backup Policy, Backup Plan, Crisis Management Plan, Facilities Policy (as per ISO22301)
Project extended, estimated completion 03/2023:
- With only a few weeks left before the external ISO27001 audit, the Security Officer was terminated and I was asked to step in as ad interim Security Officer with my first objective to successfully pass the audit (which we did)
- Continuing in my temporary Security Officer role, I worked on further improving the ISMS, setting the priorities for the coming year, starting with a revamp of their Risk Treatment Plan and the development of a proper security information KPI dashboard
- Once the new Security Officer was hired, I shifted back to my initial scope which was the implementation of the BCMS I developed earlier, and supporting the organization in their ambition of passing the ETSI stage 2 certification
A boutique consulting firm needed expert advice in defining an operating model for a petrochemical company in Oman.
This was brief engagement where I was brought in to provide IT expertise in the oil & gas industry.
A bank wanted to invest in a local datacenter provider in Europe. I was engaged in a datacenter and cloud expert role by the management consulting firm who was advising the bank with the due diligence analysis.
Main project activities:
-
Nordic cloud & datacenter market competitive analysis
-
Vendor due diligence reports analysis
-
Development of red flag report, providing a concise overview on the provider situation with regards to its infrastructure, staffing, competitive position, business strategy, growth and forecast
This client needed an answer to their question of where to host and run their 3 environments: in their own datacenters, in a private cloud, in the public cloud (IaaS/PaaS/SaaS) or using a combination of all these.
Interesting aspect was that, due to a recent company merger, their IT consisted of 3 distinct sub environments each having their own non-functional requirements. Main project activities:
-
Analysing application portfolio and IT environment and mapping these to the existing datacenter landscape and service delivery models
-
Capturing business requirements and definition of evaluation criteria
-
Identification of possible DC solutions and delivery models and combination into potential scenarios
-
Qualitative evaluation of scenarios
-
Quantitative evaluation of scenarios based on a high level financial analysis
-
Motivation and justification of scenario scoring and evaluation
-
Development of the recommended target datacenter landscape
-
Consolidation into a management report
-
Presentation to management team
The report includes:
- Global trends and data center market drivers
- Icelandic data center market today and ambitions going forward
- Analysis of Ireland as a European data center growth region
- Comparing data center value propositions
- Financial benchmark Iceland vs. Ireland
- Conclusions and actionable recommendations for the government to improve the position of Iceland in the market
- The company had been hit very hard by a ransomware attack which had brought down manufacturing for several weeks. After one full year of rebuilding, the IT team was still struggling to rebuild the complete IT and OT environments with manufacturing spread across 4 countries.
- The attack happened during an acquisition by another company which was put on hold to allow an external audit ordered by the European Commission to look into competition aspects.
- The auditor was performing an in-depth investigation into all systems looking for sensitive manufacturing, supplier and client data and required ring-fencing this data before any take-over could take place.
- Under huge pressure from their internal clients who complained about the strictness of the newly applied security rules making it hardly workable for them to do their daily jobs.
- Urged to reduce costs of the external consulting company that had been running large portions of the IT for more than a year since the attack. Many responsibilities had to be passed back to the already stressed IT-team.
- And then, in the midst of this all, the IT director had to lay-off his IT infrastructure manager and his lead architect without any hand-over taking place.
The ministry was relying on another ministry for the provision of its IT services. Motivated by an initiative of the European Commission to improve the reliability of their IT services, clear agreements were required to manage the relationship between the ministries. A service level agreement had to be developed and agreed on between both parties, describing the service catalogue, both parties’ responsibilities, the service level objectives, the service level targets and the SLA governance approach.
Main tasks performed:
- Identification of stakeholders and services being provided
- Organisation of client workshops for information gathering
- Definition of roles and responsibilities
- Definition of SLA objectives
- Definition of SLA measurement and monitoring
- Development of draft SLA document
- Organisation of client workshops to find consensus on draft SLA content
- Iteration and development of final SLA document
As the client and his supplier were bound by a multi-year contract, an agreement had to be found to improve the relationship which had become troubled since the costs got out of hand.
Main tasks performed:
- Understand client (user) position with regards to excessive costs
- Capture the supplier’s position and assess their arguments justifying excessive costs
- Review tendering and contractual documents with regards to requirements and infrastructure estimates
- Gap analysis to identify differences between the initially requested solution and the deployed solution (functional and non-functional requirements)
- Analyse the deployed Azure infrastructure and services and the corresponding monthly invoices
- Review application architecture in terms of resource efficiency and future-proofness
- Development of independent report listing observations with regards to recurrent cost of the deployed solution as well as recommendations for cost optimisation
- resentation of report highlights to both client and supplier management teams
Main tasks performed:
- Tailor assessment approach and questionnaires to client situation and needs
- Organise data gathering activities such as workshops, interviews and site visits
- Assess the maturity of multiple DR aspects such overall readiness, people, applications, infrastructure and data centers
- Prepare management report including key findings, recommendations for improvement and feedback towards audit committee
Main tasks performed:
- Assess current end-user device policy and inventory
- Define policy guiding principles based on organisation requirements and ambitions
- Develop multiple draft alternatives for the policy with varying levels of flexibility based on market best practices
- Compare alternatives based on their user-friendliness and operational manageability
- Develop a shortlist of three alternative end-user device policies for presentation to the management team, including indicative device list and budgetary impact
They hired external consultancy to provide a consolidated view on what happened (root cause analysis), to understand what went wrong during the DR and to define what could be done to avoid this from happening again in the future (recommendations).
Main tasks performed:
- Understand client’s IT and data center landscape
- Interview stakeholders (business, IT, Facilities) and capture their view on the incident
- Data center visit and documentation review
- Consolidate various internal reports into one consolidated view
- Participate in review of resiliency and DR documents
- Provide recommendations for improvement
The client project sponsor was located abroad but insisted the team to be local in order to make sure to match the local culture, to help reduce resistance to the upcoming change and to overcome the ‘stickyness’ (sic) of the local organisation.
Main tasks performed:
- Understand client’s IT organisation and analyse the platform landscape (Windows, Linux, AIX, Solaris and storage)
- Develop an approach and build a communication plan to engage with the application teams spread across 25 different application areas
- Initially organize bulk data gathering sessions and gradually switch to a more personalized approach to ensure reaching 100% server ownership of the 6000 identified servers
- For the different platforms initiate the capturing of resource usage data
- Provide monthly management status updates
Main tasks performed:
- Define acceptable target cloud solutions meeting requirements in terms of availability, recoverability and security
- Develop tender documents including technical specifications for the target architecture and evaluation criteria
- Identify list of companies to be invited to the tender and answer bidder questions
- Initial bidder proposal review and creation of shortlist
- Attending shortlisted bidder presentations, in-depth solution evaluation and data center site visit
- Recommendation for partner selection
- Prepare documentation and argumentation to help the project sponsor convince stakeholders throughout the company about the security of the selected cloud solution
Main tasks performed:
- Review the contractor proposal for gaps with the bank’s requirements
- Attend detailed design workshops on layout, electrical, cooling, connectivity and security
- Review design submittals and provide recommendations for acceptance or rejection
- Review contractor project planning and monitor progress
- Advise on adherence to applicable industry standards and best practices
- Perform construction site visits
- Facilitate resolution of technical challenges and issues during the construction
- Review contractor invoicing and advise on the release of payments
- Protect against scope creep
- Advise on acceptance during testing and commissioning
- Provide monthly management status updates
Main tasks performed:
- Analysis of the corporate security policies and procedures
- Audit of the data centers with regards to physical security, looking at infrastructure as well as operations
- Workshops with stakeholders such as CISO, Security operations manager, IT operations
- Identification of risks
- Evaluation of risk levels using the client’s security risk scales
- Development of report with findings and recommendations
- Presentation of results and conclusions
Main tasks performed:
- Preparation of security audit controls table
- Physical security policy and site-specific security requirements document review
- HQ location site risk assessment (Brussels)
- Workshops with site security stakeholders
- Listing of identified issues and risks as part of global report
Main tasks performed:
- ISO27001 audit dry-run to establish the baseline in terms of actual compliance with the standard (requirements are either: not met, partially met, met to a large extent, met)
- Organising workshops covering the 14 ISO27002 domains
- Maturity assessment of all domains using CMMI maturity levels
- Developing assessment report
- Presenting report highlights to the management team
Main tasks performed:
- Organisation of project workshops including:
- Business and IT strategy
- IT environment
- Security policy
- Building existing infrastructure systems
- Monitoring and management
- Data center target location site visit and assessment
- Development of formal statement of requirements with regards to reliability, capacity, scalability and security
- Development of new data center concept solution design including architectural, electrical system, cooling, racks, data cabling, security systems and monitoring & management systems
- Development of technical specifications for tendering
- DR site evaluation
- Production of data center strategy report
- Management presentations
- Procurement guidance
Main tasks performed:
- Data gathering workshops
- Data center site visits and assessment
- Development of new data center landscape
- Definition of new data center requirements
- Data center provider evaluation
Main tasks performed:
- Validation of the company’s IT strategy
- Review of new building design documents
- Alignment of data center scope with general building contractor
- Data center solution design (architectural, electrical, cooling, racks, datacabling, security, monitoring)
Main tasks performed
- Detailed solution design for main data center as well as disaster recovery server room
- Data centers construction (turnkey solution including civil works, electrical, cooling, security, racks, monitoring and cabling)
- Testing and commissioning