Daniele Raffo

A smooth sea never made a skillful mariner.

Curriculum Vitae

This page is an attempt to track all the technologies I used and everything else I have been doing in the field of Computer Science since I started programming at the age of 12. For a more concise and professional resume please see my LinkedIn page.


Skills

Programming

Bash shell scripting, Python.
Other programming languages that I used: Java J2SE with libraries AWT and Swing, Perl, PowerShell, PHP, C, C++, JavaScript, VisualBasic, AmigaBasic, Commodore BASIC.

Operating systems

RHEL, CentOS, CentOS Stream, CERN Scientific Linux, Fedora Linux, Debian, Ubuntu Linux.
Other operating systems that I administered or used: various UNIXes (Solaris, HP-UX, DEC OSF/1), FreeBSD, Workbench (AmigaOS) 1.3, MS-DOS, various MS Windows (3.x, 95, 98, ME, XP, 7, 8, 10, NT, 2000, Server 2003, Server 2008, Server 2022).

Virtualization

VMware, KVM, VirtualBox, Vagrant.

Databases

MySQL, MariaDB, Percona XtraDB (Galera) Cluster.

Middleware

Apache, Nginx, Tomcat.

Revision control

Atlassian Stash/Bitbucket, GitLab, Git, Subversion, CVS.

Continuous integration and release automation

Atlassian Bamboo, Jenkins, Rundeck, Ansible, Puppet.

Collaborative tools

Atlassian Confluence, Atlassian Jira.

IDEs

Eclipse, Visual Studio Code.

Languages

Italian mother tongue.
Fluent in English (C2).
Fluent in French (C2).
Basic Portuguese (A2).


Professional experience


March 2022 - present: Linux and System Security Engineer at Radio Télévision Suisse (first four months in a contract-to-hire via Tanit) — Geneva, Switzerland.

Responsible for securing outdated Linux servers. Provided analysis, information retrieval, and patching / migration / decommissioning of old systems and applications: vsftpd, OwnCloud, Mantis Bug Tracker, Java applications, web servers, PHP applications, MySQL/MariaDB databases, sendmail SMTP servers, etc.

Managed all Linux IT infrastructure, composed of about 500 VMs and bare metal machines.
Created VMware templates of Centos Stream 8, RHEL 8, and RHEL 9 for system provisioning.

Developed a system (via AWX CLI, Ansible playbook, Jinja2 templating, and Bash shell scripting) for the automatic creation of the servers inventory in CSV format.

Provided research and evaluation of AV Linux software technologies.

Technologies used:
- OS: Red Hat Enterprise Linux 4, 5, 6, 8, and 9; CentOS 7.
- Configuration management and server provisioning: Ansible, AWX (Ansible Tower), Foreman / Red Hat Satellite 6, Git, GitLab, VMware.
- Databases: MySQL, MariaDB, MariaDB Galera cluster.
- Antimalware: ClamAV.
- IPAM / DNS: Infoblox.
- DCIM: NetBox.
- Server remote access: Wallix.
- Ticketing system: EasyVista Service Manager.


September - October 2021: Professor at University of Business and International Studies (part-time) — Geneva, Switzerland.

Taught a Computing Fundamentals online course.


May - September 2019: Linux Engineer at DGNSI État de Vaud (contract via Prime International Group) — Lausanne, Switzerland.

Managed all Linux IT infrastructure, composed of thousands of RHEL servers with OpenLDAP centralized authentication, which handles all IT services of the Vaud canton.
Technologies used:
- OS: Red Hat Enterprise Linux 5, 6, 7, and 8.
- Configuration management and server provisioning: Red Hat Satellite 6, Puppet Enterprise, Git, GitLab, VMware.
- IPAM / DNS: BlueCat Address Manager.
- LDAP operations: OpenLDAP CLI, LDAP Admin.
- Monitoring: IBM Tivoli Netcool/OMNIbus.


September - November 2016 and April 2018 - February 2019: Linux Engineer at Philip Morris International (contract via blue-infinity) — Lausanne, Switzerland.

Managed the e-commerce platform of IQOS, composed of 20 websites (one for each national market) running on RHEL servers.
Technologies used:
- OS: Red Hat Enterprise Linux 6 and 7.
- Servers: Amazon Web Services EC2 and RDS instances.
- Configuration management: Puppet, Ansible.
- E-commerce frontends: CS-Cart, Apache and Nginx webserver / webproxy.
- Mailservers: Postfix + ISPConfig + RainLoop webmail.
- Monitoring: Datadog.

Performed audits of configuration and schemas of several heavily-used MySQL and MariaDB e-commerce database backends, using Percona Tools and MySQL utilities.

Administered and configured ELK stacks: Elasticsearch, Logstash, Kibana, Filebeats, Curator.

Installed and administered Atlassian stacks: Confluence, Jira, Stash/Bitbucket, Bamboo.


December 2016 - March 2018: Linux Engineer at Nestlé (contract via blue-infinity) — Lausanne, Switzerland.

Provided DevOps release operations on the e-commerce architecture of Nespresso, composed of about 5000 servers running on RHEL. Ensured L3 support.
Technologies used:
- OS: Red Hat Enterprise Linux 6 and 7.
- Middleware: Apache, Tomcat, Nginx, HAProxy EE.
- Build chain, release automation, and configuration management: Git, Bitbucket, Puppet, Jenkins, Rundeck.
- Change and incident management: Jira, HP Service Manager.
- Other software: Grafana, LDAP, Oracle databases (via Oracle SQL Developer).


February 2015 - August 2016: Linux Engineer at various clients (contracts via Clever Net Systems) — Switzerland.

Provided Linux consulting for clients in Switzerland and abroad: WHO, Swiss Federal Supreme Court, Department of Education of the Canton of Geneva, Université de Genève, Audemars Piguet, banks, and other private companies.

Linux system administration and projects:
Administered RHEL / CentOS 6 and 7, Fedora 21-23.
Installed LAMP stack and various other software and tools.
Developed a project for transforming Ubuntu workstations into Wi-Fi Access Points, done via hostapd + dnsmasq + Python/GTK scripting. This software was later deployed in all primary schools of the Canton of Geneva.
Deployed Munin monitoring infrastructures and wrote customized plugins.
Installed and migrated WordPress and Drupal sites.
Installed and administered an ownCloud server.
Installed and configured an ELK stack: ElasticSearch, Logstash, Kibana. Audited existing ElasticSearch installations.
Developed Bash scripts.

Database administration:
Deployed and administered Percona XtraDB Clusters (Galera) on multi-master replication, with S9S ClusterControl on HAProxy load balancing.
Deployed and administered MySQL servers on master-slave replication.
Audited existing MySQL installations.

Other duties and accomplishments:
Administered the company website on WordPress.
Administered the company issue tracking system on Atlassian Jira.
Developed PowerShell scripts for use as Nagios plugins.
Performed system and network audits for clients.
Provided research and evaluation of technologies for the selection of the appropriate IT solutions.
Provided Linux training to clients in preparation to their Linux certification exams.
Wrote several technical articles for the company blog.


January - December 2014: Professor at Webster University (part-time) — Geneva, Switzerland.

Taught Computer Science courses:
- Database Concepts: Relational Databases, ER modeling and diagrams, Relational algebra, SQL, MySQL, MS Visio.
- Database Applications: guided students in implementing a database project.
- Telecommunications: TCP/IP, Wired and wireless networking, LAN/WAN, Network security, PSTN and cellular phone networks.


August 2010 - September 2012: Systems and Networks Administrator at International School of Geneva — Geneva, Switzerland.

Managed the whole IT infrastructure and services of the school, spread on four campuses in the Geneva/Vaud cantons and counting 5000 users.

System administration:
Installed, configured, and administered Linux Debian 5 and 6 with Apache webserver, Squid HTTP transparent proxy + Squirm URL filtering + SARG reporting tool, Exim4 SMTP, DHCP, MySQL. Developed Bash shell scripts.
Installed, configured, and administered MS Windows Server 2003 and 2008 R2 with Active Directory and DNS. Developed PowerShell scripts.
Administered QNAP TS-459U+ NAS and HP ProLiant NAS.
Provided administration, backup, restore, and cloning of virtual machines via VMware ESXi, VMware vCenter, VMware vSphere, Veeam Backup, Veeam Monitor.
Organized backups via CA ArcServe (on tape and NAS) and Arcplace Asigra Cloud Backup / DS Client (on cloud).
Monitored systems, network connectivity, and services via Paessler PRTG Network Monitor, OCS Inventory, Trend Micro OfficeScan antivirus. Managed handling of SMS alerts, provided troubleshooting, and resolved incidents.
Assembled and managed IBM System x336, x3550, x3650 servers, and configured RAID 5 on BIOS.
Provided installation on rack, cabling, and management of miscellaneous hardware (servers, network appliances, UPS, KVM switches) in four server rooms.
Created and administered several GoogleApps domains with up to 4000 accounts, via control panels (Google Cpanel, Promevo gPanel) and scripting. Developed scripts (PowerShell + google-apps-manager API, Python + Google Code Labs API) for bulk operations involving hundreds of users e.g. account creation, password setting, document ownership change. Administered Google cloud applications: Mail, Groups, Calendar, Docs/Drive, Sites. Managed mail delivery and antispam filtering via Google Mail Security (Postini).
Managed the e-learning tools Rosetta Stone and Moodle.
Provided 1st and 2nd level technical support via the Salesforce ticketing system.
Redacted technical documentation and user guides.

Network administration:
Administered Ruckus ZoneDirector 3000 WLAN controller with ZoneFlex antennas.
Configured Cisco ASA 5520.
Configured 3Com 4800G switches.
Configured cloud-based domain filtering via OpenDNS.

IT project management:
Managed main printing and photocopying facilities provided via a network of 60 Ricoh/Nashuatec Multi-Function Printers. Administered Docupro print servers and managed the user accounting system, based on Inepro smartcards. Provided troubleshooting, helpdesk, and user support.
Managed a client-server system of multimedia information screens. Organized training sessions for admins.
Managed a system of cash registers with a centralized TCPOS database for the school cafeterias.
Managed the outsourcing for administration and upgrade of a Moodle 2 platform.


June - July 2010: System Administrator at Cavoon (part-time) — Geneva, Switzerland.

Administered Linux Debian and FreeBSD with Apache webserver, Samba, Exim4 SMTP.

Developed and maintained small Perl applications and Bash shell scripts.

Provided on-site technical support to customers.


January 2008 - March 2009: Network Security Specialist at Sardegna IT — Cagliari, Italy.

As a member of the SOC and NOC teams, provided support for all e-government projects of Regione Sardegna.

Administered network and security appliances:
- ArcSight Logger L7100s v3.0.
- Clavister Security Gateway 4410 firewall.
- Juniper NetScreen 204, ISG 1000, ISG 2000 firewalls.
- Cisco Catalyst 2950 and 3750G switches (IOS v12).

Managed a basic Certification Authority via OpenSSL for internal use.


September 2006 - August 2007: Java Developer at CERN — Geneva, Switzerland.

Created a GUI in Java6/Swing for the control system of CERN particle accelerators, using the Eclipse IDE. Gathered and analyzed project requirements, created specifications for the features requested by LHC operators, continuously integrated the GUI with the core component, and redacted the software documentation.

Improved access to the Atlassian Jira bugtracker system by independently conceiving, developing, and documenting an email plugin in Java. This software was later released under a free license and maintained by CERN.

Administered the Atlassian Jira bugtracker system and the Atlassian Confluence wiki for the CERN Accelerator and Beams Controls group. Converted the wiki from PmWiki to Confluence.

Completed the CERN Guide training course.


April - June 2006: Scientific collaborator at Università di Cagliari (part-time) — Cagliari, Italy.

Independently created a graphical interface in Python/Tkinter for the EDG software, in the framework of the EGEE-II grid computing project led by INFN.


February - May 2003: Professor at American University of Paris (part-time) — Paris, France.

Taught an Applied Computing course: VisualBasic, MS Word, MS Excel.


October 2002 - September 2005: Doctoral student at INRIA — Paris, France.

Analyzed the possible security attacks against the routing layer in MANETs (ad hoc wireless networks), investigated weaknesses in OLSR (Optimized Link State Routing Protocol, RFC 3626), and proposed new security algorithms.
PhD thesis: "Security Schemes for the OLSR Protocol for Ad Hoc Networks".


March - July 2002: Trainee at Ecole Polytechnique — Palaiseau, France.

Analyzed the X.509 Digital Certificates security infrastructure in the Netscape/Mozilla browsers. Developed an implementation of the Feige-Fiat-Shamir zero-knowledge proof of identity protocol in C language.


October 2001 - February 2002: Teaching assistant at Ecole Ingénieurs 2000 (part-time) — Marne-la-Vallée, France.

Supervised students in the development of their end-of-year projects in C and Java programming.


May - September 2001: Trainee at CERN — Geneva, Switzerland.

Independently conceived, designed, developed, and documented a suite of highly reliable programs in Java/Swing for the control, audit, and alarms management of a laboratory of automatic microscopes. Redacted technical documentation for suite users, administrators, and developers.


Education


2005: Doctorate in Computer Science (Diplôme de Docteur en Informatique, Télécommunications et Electronique - mention Très Honorable).
PhD thesis: "Security Schemes for the OLSR Protocol for Ad Hoc Networks".
Université Pierre et Marie Curie (Paris VI), now Sorbonne Université.


2002: Master of Science in Computer Science, with major in Networking (DEA Informatique Fondamentale et Applications, filière réseaux - mention Bien).
Université de Marne-la-Vallée, now Université Gustave Eiffel.


Studies in Physics and Computer Science.
Università di Cagliari.


Certifications


September 2020: CEH (EC-Council Certified Ethical Hacker), v10.
License number: ECC5618302479


February 2016: RHCSA (Red Hat Certified System Administrator), RHEL 7.
License number: 150-215-309


September 2014: LPIC-2 (Linux Professional Institute Certification level 2).


April 2013: SUSE CLP (Certified Linux Professional), SLES 12.
License number: 10230801


March 2013: LPIC-1 (Linux Professional Institute Certification level 1).


November 2009: CCNA (Cisco Certified Network Administrator).
License number: 401064168561HQCJ


Publications

ORCID ID: 0000-0003-4489-1047.
This list is also available in BibTeX format.

Cédric Adjih, Paul Mühlethaler, and Daniele Raffo, "Detailed specifications of a security architecture for OLSR", Technical Report INRIA RR-5893, HIPERCOM project, INRIA Rocquencourt, April 2006.
[PS]    [PDF]   

Daniele Raffo, "Security Schemes for the OLSR Protocol for Ad Hoc Networks", Ph.D. Thesis, Université Paris 6 -- INRIA Rocquencourt, 15 September 2005.
WorldCat number: 493014627
[PS]    [PDF]    [HTML]    [ODP slides]    [PPT slides]   

Cédric Adjih, Daniele Raffo, and Paul Mühlethaler, "Attacks Against OLSR: Distributed Key Management for Security" in 2nd OLSR Interop / Workshop, Palaiseau, France, 28-29 July 2005.
[PS]    [PDF]   

Daniele Raffo, Cédric Adjih, Thomas Clausen, and Paul Mühlethaler, "Securing OLSR Using Node Locations" in Proceedings of 2005 European Wireless (EW 2005), Nicosia, Cyprus, 10-13 April 2005.
[PS]    [PDF]    [SXI slides]    [PPT slides]   

Cédric Adjih, Thomas Clausen, Anis Laouiti, Paul Mühlethaler, and Daniele Raffo, "Securing the OLSR Routing Protocol With or Without Compromised Nodes in the Network", Technical Report INRIA RR-5494, HIPERCOM project, INRIA Rocquencourt, February 2005.
[PS]    [PDF]   

Thomas Clausen (ed) and Emmanuel Baccelli (ed), "Securing OLSR Problem Statement", Internet-Draft, draft-clausen-manet-solsr-ps-00.txt, IETF MANET Working Group, 14 February 2005. (Listed as a contributor.)
[TXT]    [TXT @IETF]   

Daniele Raffo, Cédric Adjih, Thomas Clausen, and Paul Mühlethaler, "OLSR with GPS Information" in Proceedings of the 2004 Internet Conference (IC 2004), Tsukuba, Japan, 28-29 October 2004.
[PS]    [PDF]   

Daniele Raffo, Cédric Adjih, Thomas Clausen, and Paul Mühlethaler, "An Advanced Signature System for OLSR" in Proceedings of the 2004 ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN '04), Washington DC, USA, 25 October 2004.
[PS]    [PDF]    [SXI slides]    [PPT slides]   

Cédric Adjih, Thomas Clausen, Philippe Jacquet, Anis Laouiti, Paul Mühlethaler, and Daniele Raffo, "Securing the OLSR Protocol" in Proceedings of the 2nd IFIP Annual Mediterranean Ad Hoc Networking Workshop (Med-Hoc-Net 2003), Mahdia, Tunisia, 25-27 June 2003.
[PS]    [PDF]   

Daniele Raffo, "Digital Certificates and the Feige-Fiat-Shamir Zero-Knowledge Protocol", M.Sc. traineeship report, Université Paris-Est Marne-la-Vallée & LIX Ecole Polytechnique, 11 July 2002.
[PS]    [PDF]   


E-books

Daniele Raffo, Linux Guide, e-book. First published on May 2013; new editions released once a year.
[PDF]

Daniele Raffo (with Robert J. Hansen and Patrick Brunschwig), The Enigmail Handbook v1.0.0, e-book, December 2009.
[PDF]


Peer reviews

Rich Pollei, Debian 7: System Administration Best Practices, Packt, October 2013.

Bruce Schneier, Liars and Outliers: Enabling the Trust that Society Needs to Thrive, Wiley, February 2012.

Articles on IEEE/ACM Transactions on Networking, 2011.

Articles on Conference proceedings of IEEE Globecom 2005 Wireless Communications, St. Louis MO, USA, 28 November - 2 December 2005.

Articles on IEEE Journal on Selected Areas in Communications, Special Issue on Mobile Routers and Network Mobility, September 2005.

Paolo Attivissimo, L'acchiappavirus, Apogeo, November 2004.


Community contributions


2018 - present: Founder and manager of the CERN Alumni Swiss Romandie regional group.


2009 - 2021: Team member of the Enigmail project, an open source OpenPGP plugin for Mozilla mailclients.

Author of the Enigmail Handbook.
Maintained the online documentation for Enigmail.
Provided user support on the forum and on the newsgroup/mailinglist.
Maintained the Enigmail wiki, running on MediaWiki.
Managed and moderated the community forum, running on phpBB.


2004: Contributor to BBClone, an Open Source PHP-based web counter.

Translated software and part of the documentation to Italian.


Events

24-27 July 2018: UXForum, Dublin.
Meetings and discussions with Enigmail users.
Invited and sponsored by Internews.

31 May 2018: Geek Girls Carrots meeting #6, Campus Biotech Innovation Park, Geneva.
Keynote "Public Key Cryptography, OpenPGP, and Enigmail".

14 March 2014: Workshop on Anonymous Communications, Data Security and Protection of Sources for Journalists and NGOs, Club Suisse de la Presse, Geneva.
Talk about Enigmail.





by Daniele Raffo         page last changed on 28 August 2024