Michée Lengronne

Transforming your infrastructures and data to 0-trust, on-premise cloud-native data platforms by engineering and architecture.

Expertise in Platform, Big Data, DevOps, IT security (DevSecOps) and Opensource.

Platform: Ansible, Kubernetes (and Openshift), Cilium, Vagrant, Inspec, KVM, Docker, Gitlab, Terraform, Pulumi, Git, GNU/Linux

Architecture and Management: SaFe and Scrum, C4, Arc42, Hexagonal architecture, OWASP SAMM

Data: Kafka, Nifi, Trino, Spark, Datahub, Metabase, Metastore

Compliance and Security: SSL/TLS, Kyverno, GnuPG, Metasploit, ZAP

Languages: Python, Ruby, Golang

• Website
• CV to download
• Swiss and French
• LinkedIn
• Speak french (native), english (complete) and german (medium level)
• Free from all military obligations
• Valid swiss personal security control (PSP)

Experience

• Lengronne & Partners
  • Freelance/Consulting: Since october 2025.
    • Developing a service based on Kafka and Nifi with Openshift, Stackable and Ansible in a 0-trust and highly sensitive environment. Service contract under NDA in cyberdefense.
    • Architecturing and developing internal tools based on Kubernetes, Ansible, cert-manager, Kyverno, Bird, Jool, Wireguard, Rook Ceph, Cilium...
  • Co-founder (Limawi as DevOps tools) : Since june 2020, developping Limawi. Cloud, DevOps and tools for all of that. Vagrant, Ansible, Docker, Inspec, Gitlab, Copier-org, Bats, Cucumber...
    • Developing an immutable, ductile and containerised dev factory.
    • Developing a copier-org extension in python to automate the converging of git repositories templates.
    • Developing container images with variable uid for OpenSSH client and server.
    • Developing a containerised repositories Ansible deploy (Galaxy, pip, npm...) with Pulp3.
    • Developing a containerised Concourse-ci Ansible deploy (french).
    • Developing a containerised Vagrant (french).
    • Developing a containerised Hashicorp Vault Ansible deploy (french).
    • Step in the DevSec Hardening Framework organization. Add of compliance tests for containerized SSH. Developing Github Actions for the dev-sec.io project.
    • StackOverflow community help over containerization questions.
  • Co-founder (Kookati) : From september 2018 to may 2020, a MOOC in cybersecurity.
    • Creation of a MOOC in cybersecurity evolving in a fictional world (in french).
    • French Quora community help in cybersecurity popularization.
  • Co-founder (MyCrypNet) : From september 2016 to may 2020, developping MyCrypNet. An encrypted network. This project was stopped in may 2020. It was considered to become an apps catalog.
    • Developing the interaction interface with OpenVPN servers and add on the Jenkins pipeline.
    • Developing additional projects (test containers, base Ansible roles) with Gitlab-CI.
  • Co-founder (Limawi as a secure cloud then catalog) : From june 2014 to may 2020, developping Limawi, from itis4u.ch. A secure cloud. This project with that shape was stopped in 2016 and became an apps catalog. The first one was MyCrypNet.
    • Setting BDD on the Jenkins pipeline with Cucumber/Capybara/Selenium.
    • Setting OWASP ZAP on the Jenkins pipeline.
    • Developing an OIDC in PHP with SLO, session management (front and back) and d'autologin/autologout distribution with cookie.
  • Co-founder (itis4u.ch) : From june 2013 to may 2014, developping itis4u.ch. A secure cloud. Slowly modified in Limawi between may 2014 and may 2016. It also changed to become an apps catalog.
    • Setting Gitlab-CE and Jenkins in august 2013.
    • Test and deploy of a MariaDB cluster with Ansible (the original usecase goes back to 2012).
    • Deploy (CD) with Jenkins of the itis4u.ch website. The frontend is done with Drupal 7.
• Scigility
  • Platform Engineer : From march 2022 until september 2025.
    • Architecture of a Big Data platform based on Openshift in a 0-trust and highly sensitive environment. Service contract under NDA in state services.
    • Developing a service based on Kafka and Nifi with Openshift, Stackable and Ansible in a 0-trust and highly sensitive environment. Service contract under NDA in cyberdefense.
    • Developing a Big Data platform on-premise (Trino, Nifi, Airflow, Spark, Metabase, Datahub and Metastore) with Docker Swarm and Ansible in a highly sensitive environment. Service contract under NDA in state services.
    • Developing a Kafka cluster on-premise (KsqlDB, Connect and Registry), air gap on RHEL with Puppet in a highly sensitive environment. Service contract under NDA in institutional banking.
    • Leading the development of a SSO solution between Google Workspace, AWS, Azure and multiple others.
    • Leading the improvement of email security and deliverability (SPF, DKIM, DMARC...)
    • Leading the development of a Big Data (Synapse) platform on Azure with Terraform.
• Self-Entrepreneur : From january 2011 to june 2014, numeric data analytics, statistical analytics, technical and economical analytics. Databases management...

Some Opensource contributions

• Maintainer of webhook-dnsendpoint
• TXT support of k8s_gateway
• Complete TLS support of trino (WIP)
• Several contributions to cnspec-policies:
  • Revert the grub audit matchers
  • Add ending slash to match audit rule
  • Use the sudo command to check the configuration
• Several contributions to dev-sec framework:
  • In a container, sshd should not run as root
  • Github actions
  • Debug force_ssl
  • Update for Inspec 4
• Contribution to Kubespray
• Contribution to marge-bot
• Contribution to molecule

Some publications (mainly in french)

• DevOps stream three times a week (french)
• Tout sur un bon mot de passe (everything about a good password)
• Le masque jetable (One time pad)
• Méthode agile, les histoires (Agile methodology, stories)
• Méthode agile, Elevation Of Privilege (Agile methodology, Elevation Of Privilege)
• Monorepo, linting de base du projet (Monorepo, base linting of the project)
• Fedora CoreOs (du cloud et de la perruque) (on cloud and wig)
• Short : Le carré de Polybe (Polybius square)
• Short : La congruence, modulo 10 (Modulo 10 congruence)
• Extrait de stream : Diffie Helman en vrac
• Stories : Notions devops

Formation

• École des mines d’Alès : Engineer from l’école des Mines d’Alès, Information Technology (2008-2013)
• École supérieure de Commerce de Clermont-Ferrand : Master, Business Administration and Management (2010-2013)
• Ruhr-Universität Bochum : Erasmus, IT security (2011-2012)

Certifications

• Microsoft Certified: Azure Administrator Associate, obsolete
• Databricks Academy Accreditation: platform Administrator, obsolete

---

Note: This README is entirely done in markdown.