CV (Curriculum Vitae)
PERSONAL DATA
| Name (first, last): | Zsolt Müller |  |
| Residence: | Budapest, Hungary | |
| Nationality: | Hungarian | |
EDUCATION
| 1996 – 2002 | Budapest University of Technology and Economics Software Engineering (specializations: communication networks, multimedia) |
| 1992 – 1996 | ELTE Trefort Ágoston High School (specialization: biology) |
PROFESSIONAL EXPERIENCE
| 2021 – | NNG LLC. product security architect I was promoted to our company's first fulltime, (product) security oriented position in the Engineering business unit. As a member of the technology management team (architects), I'm involved in all product development decisions and I'm representing the interests of our products' security, balancing with business requirements and limited resources to find the best possible compromise in delivering on schedule and at the same time secure, good quality products. This involves a variety of topics:
|
| 2019 – 2021 | NNG LLC. senior software architect I've been offered the senior software architect position in the same team that I've worked in previously. This means increased involvement in improving and maintaining the team's and the company's technological expertise. Eg. taking part in hiring new developers, mentoring, knowledge sharing, bringing new technology/ideas to the table, etc. Our team is the owner of two product domains: authentication & authorization services and map-related online services. |
| 2018 – 2019 | NNG LLC. senior java developer I joined a team that is building the next-gen platform for NNG's online services. Relevant keywords: microservices, Docker, Kubernetes, distributed operation, NoSQL, OAuth2, OIDC, Swagger/OpenAPI. P.S.: my reason for reverting back to the engineer career path was that I wanted more direct involvement with technology and development. |
| 2016 – 2018 | NNG LLC. incident management & infrastructure operations (online services) team leader I was the leader of NNG's online services operations teams: incident management and infrastructure/service operations. I managed the transition of hosting our online services from on-premise (in a Hungarian datacenter) to a cloud provider. This improved our ability to quickly/dynamically extend or shrink our system's capacity based on changing requirements. We could also avoid a large, one-time investment into a new server farm (which became increasingly urgent). This involved building fully automated processes for building up our production system, which the team didn't have the capacity to do before. I also extended the infrastructure operations team (doubled the size), since it was lacking in capacity for several years and functioned merely in maintenance mode (keeping everything working, but little chance to refactor and improve). |
| 2015 – 2016 | NNG LLC. incident management team leader I led a team of 5 providing 2nd level technical support for our partners and 3rd level support for customers/endusers. The team members have a wide ranging knowledge of the various parts of the company's online services and a good understanding of the navigation product (iGO). I established new incident management processes and workflow (Kanban based method implemented via Atlassian's JIRA), started building a knowledge base and initiated development of various support tools (some were built by us, others were provided by other teams). Negotiated new processes with development teams to provide capacity for fixing issues found by our team. I led a project to audit (penetration test) the security of some of our online services by a 3rd party (a well-known Hungarian IT-sec. company). I coordinated the selection process, the interviews, I picked the final candidate, and I was the primary contact for all parties during the implementation and the followup tasks (bug fixing, prioritization). |
| 2013 – 2015 | NNG LLC. incident management I had to analyse, debug and solve/manage problems coming from partners or other business units of the company. I was the primary contact for iGO primo NextGen and NavFusion (NNG's upcoming products) related problems in Services BU. I was granted the company's "Big Thank You" award for my efforts in getting the NavFusion project over the finish line. Being an IT security enthusiast, I found multiple critical security vulnerabilities in our online services already in the first few months of my career at the company and I continued to do so for many years. I was praised several times for the level of detail of my bug/issue reports (often including a possible fix/solution). |
| 2000 – 2013 | Trilobita Informatics Co. senior software architect I was lead developer at the company, mainly involved in R&D and project planning/design. I took part in the design and implenentation of various web and database oriented systems across dozens of projects. I worked for customers like Procter & Gamble, Audi Hungary, HVG Publishing, MVMI (the IT subsidiary of the Hungarian state electricity company), OBH (office of the courts of Hungary), etc. I gained experience in writing specification and design documents, and negotiating with customers. I was involved in product support as well. Over the years I used all sorts of technologies, but the main focus was on Oracle PL/SQL (+ database and application server), Java and Adobe Flex (/ActionScript). I worked for years on building both a custom PL/SQL and a Java (Hibernate + Servlet API) based development framework. I introduced Linux to the company and moved the entire infrastructure from Windows to Ubuntu, including all servers and desktops. The latter used Linux Terminal Server Project and disposable thin clients, which were converted from their embedded WinNT OS to PXE boot Linux as well. I successfully introduced virtualization to the company's development processes: we used KVM on Ubuntu and prebuilt image templates for quick setup and the running of various development environments. |
CURRENT PROJECTS
| 2021 – | iGO.Live Cloud Taking part in the architecture and design of the OAuth2 based authentication and authorization platform. Tasks: system design. |
PREVIOUS PROJECTS
| 2019 – | NNG NSDK Documentation Site I've developed a NodeJS application for authenticated access of a potentially multi-domain documentation site with the possibility to authenticate based on multiple Azure AD tenants. Tasks: system design, development. |
| 2018 – 2021 | Authentication & authorization for automotive services Our team designed and implemented an OAuth2.0 based auth* solution for navigation devices and software developed by NNG. Tasks: system design, development. |
| 2015 – 2018 | Toolbox 4 NNG's PC tool for navigation software and content updates. Tasks: consultation (server-side performance/scalability), issue analysis. |
| 2015 – 2018 | Naviextras security manager Tasks: manage security checks/audits of Naviextras.com and related services, discover and analyze security issues. |
| 2013 – 2018 | NavFusion NavFusion -the freshest feature of iGO Navigation- provides a simple and future-proof way to integrate smartphones into vehicles. Tasks: manage all sorts of Naviextras related issues/requests raised by the NavFusion development team. |
| 2013 – 2018 | iGO primo NextGen The latest version of NNG's navigation solution. Tasks: manage all sorts of Naviextras related issues/requests raised by the NextGen development team. |
| 2013 – 2018 | Naviextras Naviextras.com is the official map update portal and online services hub for navigation devices and software developed by NNG. Tasks: incident management (analyze, debug, solve and manage problems/requests coming from partners and developers). |
| 2011 – 2013 | Siebel CRM customization for National Office for the Judiciary (aka. Országos Bírósági Hivatal (OBH), formerly known as Országos Igazságszolgáltatási Tanács Hivatala (OITH)) Tasks: installation and configuration of Siebel CRM, system design, research, development, training Siebel developers. |
| 2011 – 2013 | AIF for Siebel CRM An eScript framework for aiding Siebel CRM development. Tasks: system design, development. |
| 2011 – 2013 | Commission A commission calculating system developed for UniCredit Bank (based on our AIF framework). It's used to calculate the commissions of the bank's agents based on various models and imported base data. The primary output is the list of generated invoices (HTML/XLS) that are automatically sent to the printing&delivery division. Tasks: system design, development, customer support. |
| 2013 | TriDoc Enterprise A document management system for enterprises. Tasks: system design, research, development. |
| 2010 | Support of various Oracle applications for Central Clearing House and Depository Ltd. |
| 2010 | TriDoc Enterprise customization for MVMI Informatics Ltd. Tasks: technology consultant, load/stress testing, bug fixing. |
| 2010 | TreeViver The TreeViver project is an initiative to replant the deforested areas of Amazonian rainforests. The website was built using LAMP technology and the Zend Framework. (Meanwhile the portal was replaced by a new system.) Tasks: technology consultant. |
| 2010 | Siebel CRM customization for Hungarian State Treasury Tasks: installation and configuration of Siebel CRM, design and execution of customizations. |
| 2009 – 2010 | Siebel CRM customization for Credigen Bank Tasks: installation and configuration of Siebel CRM, design and execution of customizations. |
| 2009 | Videoafro A LAMP-based video upload site aimed primarily at mobile phone owners in Africa (a pilot project). Tasks: video and email processing. |
| 2008 – 2013 | MediaChannel A video sharing application providing ad management and aimed at companies (based on our AIF framework and integrated with various video streaming solutions like Adobe FMS and Wowza). Tasks: system design, development. |
| 2008 | Zoom.hu A Hungarian news portal built using Drupal and a number of custom modules. (The portal is no longer maintained.) Tasks: system design, development. |
| 2007 – 2009 | TriLicense A license management webapp for our AIF based systems. Main features: mass license generation and export, license activation monitoring and reporting, license blocking, automatic and manual license activations, arbitrary number of license properties can be defined, utilizes RSA public key algorithm, AES encryption and Whirlpool hashes. Tasks: system design, development of cryptographic code. |
| 2007 – 2008 | Webshop for Lapcom Publishing Ltd. A Drupal-based webshop with a number of custom developed modules, eg. online credit card payment through OTP Bank. Tasks: development. |
| 2005 – 2013 | AIF (Application Integration Framework) Framework for applications based on a UI built in Adobe Flex and controller written in Java using Hibernate (e.g. TriDoc, TriCRM, TriProject, MediaChannel, Commission). Tasks: system design, development. |
| 2004 – 2012 | CRM-II A CRM web application written in PL/SQL and based on Oracle database. Tasks: development and support. |
| 2004 – 2010 | SMART A BDF-management (Brand Development Fund) system developed for Procter&Gamble. Tasks: system design, development, customer support. |
| 2004 – 2007 | TRIAPP + TRISSO TRIAPP: a web application framework written in Oracle PL/SQL. Main features: form and report generator, various output format options (HTML, PDF, SLK, XLSHTML), template based output, multilingual support, logging (user activity, data modification, statistics), user and system level settings, access control. TRISSO: session- and user management module written in PL/SQL. Main features: cookie based session management, SSO (Single Sign On), internal and/or external (eg. LDAP, Active Directory, webservice) authentication, security restrictions (on session, user and password properties), session-variables, user roles, logging. TRIAPP and TRISSO were exclusively my developments. A number of systems are based on them, eg. TOMAS és SMART (made for P&G), HVG Customer Center, PMQ-II and CRM-II. |
| 2002 – 2003 | HVG Customer Center A customer relationship management system (web application) based on Oracle database and PL/SQL stored procedures, developed for HVG Online. Tasks: development. |
| 2002 – 2003 | Budapest Piac Publishing System, Sanoma AdInfo Ad-Management System, Népszabadság Publishing System Various client-server architecture systems developed using Centura Team Developer, Oracle and MSSQL databases. Tasks: development. |
| 2002 | EnviroDoc Document management system based on MS Sharepoint Portal Server developed for Enviroduna Investment Preparation Ltd. Tasks: development. |
| 2000 – 2013 | Development and maintenance of company infrastructure Tasks: planning of hardware and software infrastructure, execution of purchases, introduction and maintenance. Keywords: network, hardware, software, terminal servers, thin clients, virtualization, data security (backup, virus protection, intrusion detection and prevention). Introduction of Linux to company infrastructure (both servers and desktops). |
| 2000 – 2005 | TOMAS (The Online Media Administration System) A web based system used for planning, coordinating and documenting of B2B product and services purchases, developed for Procter&Gamble. Has been used in more than 30 countries worldwide. Tasks: system design, development, customer support. |
| 2000 – 2003 | PMQ-II Project-management and quality control system used by companies like Audi Hungaria Motor Ltd., Ministry of Environment and Water (Hungary), Zenon Systems Ltd., OTP Real Estate Ltd., Olajterv Group. In the beginning it was based on Oracle Portal (~Oracle Application Server), but later we've moved it to a custom developed PL/SQL framework to improve performance. Tasks: system design, development. |
HIGH-LEVEL SKILLS
|
Understanding and communication of security threats (including OWASP and CWE) and solutions, threat analysis and risk assessment, security testing. Both in product development and IT.
Decades of experience with all phases of the SDLC applying various technologies:
Building infrastructure (both on-prem and cloud), automation (CI/CD), 24/7 service operation in production with HA and guaranteed SLA. Ability to bring a group of engineers around an idea and to a common agreement. Attention to details and quality of work (both my own and my team's). Team leader, tech lead. |
TECH SKILLS
|
Nessus/OpanVAS, Metasploit, Burp Suite, OSINT tools, Nulcei, Nmap, hashcat / John the Ripper, tcpdump/wireshark, Kali, AADInternals. OAuth 2.0, OIDC, LDAP, AD. NoSQL, OpenAPI/REST, gRPC/protobuf. JSON, XML, regular expressions. SVN, Git, Git-Crypt, Gitflow. Markdown, AsciiDoc, Antora, Docsify. Redis, MongoDB, Parse Server, Apache HTTPD, NGINX, Docker, Kubernetes. Let’s Encrypt, Certbot, Cert-Manager. Apache Flink and Beam. Coverity, SonarQube, Sonatype Nexus, Jenkins, Elasticsearch, Kibana, Grafana. Microsoft Azure and O365. IntelliJ IDEA, Visual Studio Code, Charles Web Debugging Proxy, mitmproxy, Tor/Tails. Atlassian products (JIRA, Confluence, Bitbucket). Administration of Linux servers, shell scripting, etc. HP-UX, Sun Solaris and Windows system administration. x86 assembly, Basic, Pascal, C, C++, ADA, SML, Prolog, Perl, Python, PHP. Oracle: RDBMS, PL/SQL, Portal, Application Server, GlassFish Server. PL/SQL Developer, Centura Team Developer, Oracle Developer. Siebel CRM. MySQL, MSSQL, Hyperjaxb, Apache Tomcat. Adobe Dreamweaver, Adobe Photoshop, Adobe Flex Builder, Adobe Flash Media Server, Wowz Media Server. Drupal CMS. ... |
LANGUAGES
| English – intermediate | |
| German – intermediate |
OTHER QUALIFICATIONS
| 2024 | ISO/SAE 21434 course |
| 2015 | ITIL v3 Foundation (certified) |
| 2003 | HP-UX system and network administration I. course (HP Hungary) |
| 2003 | Oracle DBA I. course (Oracle University – Budapest) |
INTERESTS, HOBBIES
| swimming, scuba diving (PADI Advanced Open Water diver), cycling, photography, cybersecurity |
I'm don't smoke and don't drink.
Here is my Linkedin profile.
Last updated: 26 Jul, 2024
All of my own contents here (if not noted otherwise) are licensed under the
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 License. My posts reflect my personal opinion and shall not be associated with any of my employers.
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 License. My posts reflect my personal opinion and shall not be associated with any of my employers.
Recent comments
2 years 25 weeks ago
3 years 46 weeks ago
3 years 47 weeks ago
3 years 48 weeks ago
3 years 49 weeks ago
4 years 4 weeks ago
4 years 4 weeks ago
4 years 4 weeks ago
4 years 4 weeks ago
4 years 5 weeks ago