Daniele Raffo

A smooth sea never made a skillful mariner.

Curriculum Vitae

This page is an attempt to track all the technologies I used and everything else I have been doing in the field of Computer Science since I started programming at the age of 12. For a more concise and professional resume please see my LinkedIn page.


Skills

Programming

Bash shell scripting, Python.
Other computer languages that I programmed in: Java J2SE with libraries AWT and Swing, Perl, PowerShell, PHP, C, C++, JavaScript, VisualBasic, AmigaBasic, Commodore BASIC.

Operating systems

RHEL, CentOS, CentOS Stream, Rocky Linux, CERN Scientific Linux, Fedora Linux, Debian, Ubuntu Linux.
Other operating systems that I used or administered: various UNIXes and UNIX-like (Solaris, HP-UX, DEC OSF/1, FreeBSD), various Microsoft Windows (3.x, 95, 98, ME, XP, 7, 8, 10, 11, NT, 2000, Server), MS-DOS, Workbench (AmigaOS) 1.3.

Virtualization

VMware, KVM, VirtualBox, Vagrant.

Databases

MySQL, MariaDB, Percona XtraDB (Galera) Cluster.

Middleware

Apache, Nginx, Tomcat, Squid.

Revision control

Atlassian Stash/Bitbucket, Git, GitHub, GitLab, Subversion, CVS.

Continuous integration and release automation

Atlassian Bamboo, Jenkins, Rundeck, Ansible, Puppet.

Collaborative tools

Atlassian Confluence, Atlassian Jira.

IDEs

Eclipse, Visual Studio Code.

Languages

Italian mother tongue.
Fluent in English (C2).
Fluent in French (C2).
Basic Portuguese (A2).


Professional experience


March 2022 - present: Linux and System Security Engineer at Radio Télévision Suisse (first four months in a contract-to-hire via Tanit) — Geneva, Switzerland.

Managed the entire Linux IT infrastructure, consisting of approximately 500 virtual machines and bare-metal servers. Implemented and managed periodic update cycles for all servers in the infrastructure. Ensured provisioning, maintenance, and configuration, both via Ansible and CLI.

Secured outdated Linux servers by performing analysis, information retrieval, and patching, as well as migrating or decommissioning legacy systems and applications (vsftpd, OwnCloud, Mantis Bug Tracker, web servers, Java and PHP applications, MySQL/MariaDB databases, Sendmail SMTP servers, etc.).

Developed an automated system (using AWX CLI, Ansible, Jinja2 templates, and Bash shell scripting) to generate and export server inventory data to both a MariaDB database and CSV files.

Created VMware templates for CentOS Stream 8, RHEL 8, and RHEL 9 for up-to-date system provisioning.

Managed cloud provisioning of AWS EC2 instances via Terraform.

Researched and evaluated antivirus solutions for Linux environments.

Technologies used:
- OS: Red Hat Enterprise Linux 4, 5, 6, 8, and 9; CentOS 7; Windows Server 2016 and 2022.
- Configuration management and server provisioning: Ansible, AWX (Ansible Tower), Foreman, Red Hat Satellite 6, Git, GitLab, GitHub, VMware, iDRAC OOB.
- Databases: MySQL, MariaDB, MariaDB Galera cluster.
- Antimalware: ClamAV, Microsoft Defender.
- IPAM/DNS: Infoblox.
- DCIM: NetBox, BMC Discovery.
- Remote access: Wallix.
- Change and incident management: EasyVista Service Manager, Jira.


September 2024 - present: Professor at HEPIA — Geneva, Switzerland.

Taught Computer Science courses:
- Operating Systems: filesystems, processes, virtual memory, IPCs, sockets, device files, Linux kernel modules.
- OS Security: system hardening, Secure Boot, password cracking, ACLs, OTF encryption, 2FA, SUID, sudo, fail2ban, process analysis, NTP, incron, PAM, SELinux, firewalling, Tor.
- Services and Applications of Information Systems: guided the students in implementing pentesting and hardening projects on a Docker/Kubernetes framework.
- Advanced Vulnerability Research: fuzzing techniques and tools (Radamsa, AFL, AFL++, libFuzzer).


September - October 2021: Professor at University of Business and International Studies — Geneva, Switzerland.

Taught a Computing Fundamentals online course.


May - September 2019: Linux Engineer at DGNSI État de Vaud (contract via Prime International Group) — Lausanne, Switzerland.

Managed the entire Linux IT infrastructure, consisting of several thousand RHEL servers with centralized authentication via OpenLDAP, supporting all IT services for the Canton of Vaud.
Technologies used:
- OS: Red Hat Enterprise Linux 5, 6, 7, and 8.
- Configuration management and server provisioning: Red Hat Satellite 6, Puppet Enterprise, Git, GitLab, VMware.
- IPAM/DNS: BlueCat Address Manager.
- LDAP operations: OpenLDAP CLI, LDAP Admin.
- Monitoring: IBM Tivoli Netcool/OMNIbus.


September - November 2016 and April 2018 - February 2019: Linux Engineer at Philip Morris International (contract via blue-infinity) — Lausanne, Switzerland.

Managed the e-commerce platform for IQOS, consisting of about twenty country-specific websites hosted on RHEL servers.
Technologies used:
- OS: Red Hat Enterprise Linux 6 and 7.
- Servers: Amazon Web Services EC2 and RDS instances.
- Configuration management: Puppet, Ansible.
- E-commerce frontends: CS-Cart, Apache and Nginx webserver/webproxy.
- Mailservers: Postfix + ISPConfig + RainLoop webmail.
- Monitoring: Datadog.

Performed audits of configuration and schemas of several heavily-used MySQL and MariaDB e-commerce database backends, using Percona Tools and MySQL utilities.

Administered and configured ELK stacks: Elasticsearch, Logstash, Kibana, Filebeats, Curator.

Installed and administered Atlassian stacks: Confluence, Jira, Stash/Bitbucket, Bamboo.


December 2016 - March 2018: Linux Engineer at Nestlé (contract via blue-infinity) — Lausanne, Switzerland.

Provided DevOps release management and L3 production support for the e-commerce platform of Nespresso, consisting of approximately 5000 servers running on RHEL.
Technologies used:
- OS: Red Hat Enterprise Linux 6 and 7.
- Middleware: Apache HTTP server, Tomcat, Nginx, HAProxy Enterprise Edition.
- Build chain, release automation, and configuration management: Git, Bitbucket, Puppet, Jenkins, Rundeck.
- Change and incident management: Jira, HP Service Manager.
- Monitoring: Grafana.
- Directory services: LDAP.
- Databases: Oracle Database (via Oracle SQL Developer).


February 2015 - August 2016: Linux Engineer at various clients (contracts via Clever Net Systems) — Switzerland.

Provided Linux consulting for clients: WHO, Swiss Federal Supreme Court, Department of Education of the Canton of Geneva, Université de Genève, Audemars Piguet, and other organizations, private companies, and banks.

Administered RHEL/CentOS 6 and 7 servers, and Fedora 21-23 workstations. Installed LAMP stack and various other software and tools. Developed Bash scripts.

Developed a project to transform Ubuntu workstations into Wi-Fi access points using hostapd, dnsmasq, and Python/GTK scripting. This solution was later deployed across all primary schools in the Canton of Geneva.

Deployed Munin monitoring infrastructures and wrote customized plugins.

Installed and migrated WordPress and Drupal sites.
Installed and administered an ownCloud server.

Installed and configured an ELK stack: ElasticSearch, Logstash, Kibana.
Audited existing ElasticSearch installations.

Performed system and network audits for clients.

Provided research and evaluation of Linux technologies for the selection of the appropriate IT solutions.

Provided training to clients in preparation to their Linux certification exams (LPIC).

Deployed and administered Percona XtraDB database clusters (Galera) on multi-master replication, with S9S ClusterControl on HAProxy load balancing.
Deployed and administered MySQL servers on master-slave replication.
Audited existing MySQL installations.

Developed PowerShell scripts for use as Nagios plugins.

Administered the company website on WordPress.
Administered the company issue tracking system on Atlassian Jira.
Wrote several technical articles for the company blog.


January - December 2014: Professor at Webster University — Geneva, Switzerland.

Taught Computer Science courses:
- Database Concepts: Relational Databases, ER modeling and diagrams, Relational algebra, SQL, MySQL, MS Visio.
- Database Applications: guided students in implementing a database project.
- Telecommunications: TCP/IP, Wired and wireless networking, LAN/WAN, Network security, PSTN and cellular phone networks.


August 2010 - September 2012: Systems and Networks Administrator at International School of Geneva — Geneva, Switzerland.

Managed the complete IT infrastructure and services for the school, across four campuses in the Geneva and Vaud cantons, and supporting approximately 5000 users.

Installed, configured, and administered Linux Debian 5 and 6 with Apache webserver, Squid HTTP transparent proxy + Squirm URL filtering + SARG reporting tool, Exim4 SMTP server, DHCP, MySQL server. Developed Bash shell scripts.

Installed, configured, and administered MS Windows Server 2003 and 2008 with Active Directory and DNS. Developed PowerShell scripts.

Provided administration, backup, restore, and cloning of virtual machines via VMware ESXi, VMware vCenter, VMware vSphere, Veeam Backup, Veeam Monitor.

Organized backups on tape and on NAS via CA ArcServe, and on cloud via Arcplace Asigra Cloud Backup.

Monitored systems, network connectivity, and services via Paessler PRTG Network Monitor, OCS Inventory, and Trend Micro OfficeScan antivirus. Ensured handling of SMS alerts, provided troubleshooting, and resolved incidents. Provided first and second level technical support via the Salesforce ticketing system.

Created and administered several GoogleApps domains with up to 4000 accounts, both via control panels (Google Cpanel, Promevo gPanel) and scripting.
Developed scripts (PowerShell + google-apps-manager API, Python + Google Code Labs API) for bulk operations involving hundreds of users: account creation, password setting, document ownership change, etc.
Administered Google cloud applications: Mail, Groups, Calendar, Docs/Drive, Sites.
Managed mail delivery and antispam filtering via Google Mail Security (Postini).

Assembled and managed IBM System x336, x3550, x3650 servers, and set up RAID 5 configuration on BIOS.
Provided installation on rack, cabling, and management of miscellaneous hardware (servers, network appliances, UPS, KVM switches) in four server rooms.

Administered QNAP TS-459U+ NAS and HP ProLiant NAS.

Managed the e-learning tools Rosetta Stone and Moodle.

Administered network appliances: Ruckus ZoneDirector 3000 WLAN controller with ZoneFlex antennas, Cisco ASA 5520, 3Com 4800G switches.

Managed cloud-based web domain filtering via OpenDNS to ensure policy-compliant Internet access.

Led project management and ongoing operations for printing and photocopying services, supporting a fleet of 60 Ricoh/Nashuatec multifunction printers. Administered DocuPro print servers, managed user accounting via Inepro smartcards, and delivered troubleshooting, helpdesk, and end-user support.

Managed the deployment and operation of a Linux-based client-server digital signage platform, including delivery of administrator training.

Oversaw project management for a centralized point-of-sale system for the school cafeterias, which integrated cash registers with a centralized TCPOS database.

Oversaw outsourced administration and upgrade of a Moodle 2 platform.

Redacted technical documentation and end-user guides for several IT services and applications.


June - July 2010: System Administrator at Cavoon — Geneva, Switzerland.

Administered Linux Debian and FreeBSD with Apache webserver, Samba, Exim4 SMTP server.

Developed and maintained small Perl applications and Bash shell scripts.

Provided on-site technical support to customers.


January 2008 - March 2009: Network Security Specialist at Sardegna IT — Cagliari, Italy.

As a member of the SOC and NOC teams, provided support for all e-government projects of Regione Sardegna.

Administered network and security appliances:
- ArcSight Logger L7100s v3.0.
- Clavister Security Gateway 4410 firewall.
- Juniper NetScreen 204, ISG 1000, ISG 2000 firewalls.
- Cisco Catalyst 2950 and 3750G switches (IOS v12).

Managed a basic Certification Authority via OpenSSL for internal use.


September 2006 - August 2007: Java Developer at CERN — Geneva, Switzerland.

Created a GUI in Java6/Swing for the control system of CERN particle accelerators. Gathered and analyzed project requirements, created specifications for the features requested by LHC operators, continuously integrated the GUI with the core component, and redacted the software documentation.

Improved access to the Atlassian Jira bugtracker system by independently conceiving, developing, and documenting an email plugin in Java. This software was later released under a free license and maintained by CERN.

Administered the Atlassian Jira bugtracker system and the Atlassian Confluence wiki for the CERN Accelerator and Beams Controls group. Converted the wiki from PmWiki to Confluence.

Completed the CERN Guide training course.


April - June 2006: Scientific collaborator at Università di Cagliari — Cagliari, Italy.

Independently created a graphical interface in Python/Tkinter for the EDG software, in the framework of the EGEE-II grid computing project led by INFN.


February - May 2003: Professor at American University of Paris — Paris, France.

Taught an Applied Computing course: VisualBasic, MS Word, MS Excel.


October 2002 - September 2005: Doctoral student at INRIA — Paris, France.

Analyzed the possible security attacks against the routing layer in MANETs (ad hoc wireless networks), investigated weaknesses in OLSR (Optimized Link State Routing Protocol, RFC 3626), and proposed new security algorithms.
PhD thesis: "Security Schemes for the OLSR Protocol for Ad Hoc Networks".


March - July 2002: Trainee at Ecole Polytechnique — Palaiseau, France.

Analyzed the X.509 Digital Certificates security infrastructure in the Netscape/Mozilla browsers. Developed an implementation of the Feige-Fiat-Shamir zero-knowledge proof of identity protocol in C language.


October 2001 - February 2002: Teaching assistant at Ecole Ingénieurs 2000 — Marne-la-Vallée, France.

Supervised students in the development of their end-of-year projects in C and Java programming.


May - September 2001: Trainee at CERN — Geneva, Switzerland.

Independently conceived, designed, developed, and documented a suite of highly reliable programs in Java/Swing for the control, audit, and alarms management of a laboratory of automatic microscopes in the framework of a CERN experiment.
Redacted the full technical documentation for users, administrators, and developers of the suite.


Education


2005: Doctorate in Computer Science (Diplôme de Docteur en Informatique, Télécommunications et Electronique - mention Très Honorable).
PhD thesis: "Security Schemes for the OLSR Protocol for Ad Hoc Networks".
Université Pierre et Marie Curie (Paris VI), now part of Sorbonne Université.


2002: Master of Science in Computer Science, with major in Networking (DEA Informatique Fondamentale et Applications, filière réseaux - mention Bien).
Université de Marne-la-Vallée, now Université Gustave Eiffel.


Studies in Physics and Computer Science.
Università di Cagliari.


Certifications


September 2020: CEH (EC-Council Certified Ethical Hacker), v10.
License number: ECC5618302479


February 2016: RHCSA (Red Hat Certified System Administrator), RHEL 7.
License number: 150-215-309


September 2014: LPIC-2 (Linux Professional Institute Certification level 2).


April 2013: SUSE CLP (Certified Linux Professional), SLES 12.
License number: 10230801


March 2013: LPIC-1 (Linux Professional Institute Certification level 1).


November 2009: CCNA (Cisco Certified Network Administrator).
License number: 401064168561HQCJ


Publications

ORCID ID: 0000-0003-4489-1047.
This list is also available in BibTeX format.

Cédric Adjih, Paul Mühlethaler, and Daniele Raffo, "Detailed specifications of a security architecture for OLSR", Technical Report INRIA RR-5893, HIPERCOM project, INRIA Rocquencourt, April 2006.
[PS]    [PDF]   

Daniele Raffo, "Security Schemes for the OLSR Protocol for Ad Hoc Networks", Ph.D. Thesis, Université Paris 6 -- INRIA Rocquencourt, 15 September 2005.
WorldCat number: 493014627
[PS]    [PDF]    [HTML]    [ODP slides]    [PPT slides]   

Cédric Adjih, Daniele Raffo, and Paul Mühlethaler, "Attacks Against OLSR: Distributed Key Management for Security" in 2nd OLSR Interop/Workshop, Palaiseau, France, 28-29 July 2005.
[PS]    [PDF]   

Daniele Raffo, Cédric Adjih, Thomas Clausen, and Paul Mühlethaler, "Securing OLSR Using Node Locations" in Proceedings of 2005 European Wireless (EW 2005), Nicosia, Cyprus, 10-13 April 2005.
[PS]    [PDF]    [SXI slides]    [PPT slides]   

Cédric Adjih, Thomas Clausen, Anis Laouiti, Paul Mühlethaler, and Daniele Raffo, "Securing the OLSR Routing Protocol With or Without Compromised Nodes in the Network", Technical Report INRIA RR-5494, HIPERCOM project, INRIA Rocquencourt, February 2005.
[PS]    [PDF]   

Thomas Clausen (ed) and Emmanuel Baccelli (ed), "Securing OLSR Problem Statement", Internet-Draft, draft-clausen-manet-solsr-ps-00.txt, IETF MANET Working Group, 14 February 2005. (Listed as a contributor.)
[TXT]    [TXT @IETF]   

Daniele Raffo, Cédric Adjih, Thomas Clausen, and Paul Mühlethaler, "OLSR with GPS Information" in Proceedings of the 2004 Internet Conference (IC 2004), Tsukuba, Japan, 28-29 October 2004.
[PS]    [PDF]   

Daniele Raffo, Cédric Adjih, Thomas Clausen, and Paul Mühlethaler, "An Advanced Signature System for OLSR" in Proceedings of the 2004 ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN '04), Washington DC, USA, 25 October 2004.
[PS]    [PDF]    [SXI slides]    [PPT slides]   

Cédric Adjih, Thomas Clausen, Philippe Jacquet, Anis Laouiti, Paul Mühlethaler, and Daniele Raffo, "Securing the OLSR Protocol" in Proceedings of the 2nd IFIP Annual Mediterranean Ad Hoc Networking Workshop (Med-Hoc-Net 2003), Mahdia, Tunisia, 25-27 June 2003.
[PS]    [PDF]   

Daniele Raffo, "Digital Certificates and the Feige-Fiat-Shamir Zero-Knowledge Protocol", M.Sc. traineeship report, Université Paris-Est Marne-la-Vallée & LIX Ecole Polytechnique, 11 July 2002.
[PS]    [PDF]   


E-books

Daniele Raffo, Linux Guide, e-book. First published on May 2013, with new editions released once a year.
[PDF]

Daniele Raffo (with Robert J. Hansen and Patrick Brunschwig), The Enigmail Handbook v1.0.0, e-book, December 2009.
[PDF]


Peer reviews

Rich Pollei, Debian 7: System Administration Best Practices, Packt, October 2013.

Bruce Schneier, Liars and Outliers: Enabling the Trust that Society Needs to Thrive, Wiley, February 2012.

Articles on IEEE/ACM Transactions on Networking, 2011.

Articles on Conference proceedings of IEEE Globecom 2005 Wireless Communications, St. Louis MO, USA, 28 November - 2 December 2005.

Articles on IEEE Journal on Selected Areas in Communications, Special Issue on Mobile Routers and Network Mobility, September 2005.

Paolo Attivissimo, L'acchiappavirus, Apogeo, November 2004.


Community contributions


2018 - present: Co-founder and co-manager of the CERN Alumni Swiss Romandie regional group.


2009 - 2021: Team member of the Enigmail project, an open source OpenPGP plugin for Mozilla mailclients.

Author of the Enigmail Handbook.
Maintained the online documentation for Enigmail.
Provided user support on the forum and on the newsgroup/mailinglist.
Maintained the Enigmail wiki, running on MediaWiki.
Managed and moderated the community forum, running on phpBB.


2004: Contributor to BBClone, an Open Source PHP-based web counter.

Translated software and part of the documentation to Italian.


Events

24-27 July 2018: UXForum, Dublin.
Meetings and discussions with Enigmail users.
Invited and sponsored by Internews.

31 May 2018: Geek Girls Carrots meeting #6, Campus Biotech Innovation Park, Geneva.
Keynote "Public Key Cryptography, OpenPGP, and Enigmail".

14 March 2014: Workshop on Anonymous Communications, Data Security and Protection of Sources for Journalists and NGOs, Club Suisse de la Presse, Geneva.
Talk about Enigmail.





by Daniele Raffo         page last changed on 15 April 2026