Martin Lillepuu – Curriculum Vitae

Summary

Senior DevOps & Network Security Engineer with 25+ years of experience designing, securing, and operating large-scale infrastructure across banking, public sector, and private consulting. Deep expertise in network security — firewall management and policy design (Palo Alto Networks PAN-OS, Juniper SRX), VPN architectures (GlobalProtect, IPsec), Zero Trust network infrastructure (PAN GlobalProtect, User-ID, Forescout, Packetfence), PKI/certificate infrastructure (AD CS, DigiCert, HSM), and Azure virtual network design — combined with hands-on DevOps practice in Kubernetes, Terraform, AWS, and CI/CD pipelines. A decade of experience at LHV Pank and independent consulting through MLP Dataconsult OÜ since 2002. Proven ability to advise organisations on network security, cloud platforms, and infrastructure automation in regulated environments. Experienced working in multidisciplinary engineering teams and with external partners.

---

Personal Information

• Name: Martin Lillepuu
• Date of Birth: September 17, 1978
• Email: martin@lillepuu.com

---

Education

Professional Education

• 2026–2027 (Expected): University of Tartu – Cloud-native Application Design and DevOps (Micro-degree)
• 2007–2018: Estonian Entrepreneurship University of Applied Sciences (EEK Mainor) – Service Management (curriculum closed)
• 1999–2003: Tallinn University of Technology – Network Software (incomplete)
• 1993–1999: Tallinn Polytechnic School – Personal Computers and Computer Networks

Basic Education

• 1987–1993: Tallinn 60th Secondary School
• 1984–1987: Tallinn 29th 8-grade School

---

Professional Training & Certifications

• 2025: Kubernetes Essentials (Entigo); DevOps automation with Kubernetes (Entigo)
• 2020: Azure Fundamentals; Palo Alto Networks Certified Network Security Engineer (PCNSE)
• 2018: Hunt the Hacker (Clarified Security)
• 2017: HOHE FU (Clarified Security)
• 2014: LOGSEC, HOHE (Clarified Security)
• 2011: MCTS: Windows 7, Configuration; MCTS: Windows Server 2008 Network Infrastructure, Configuration
• 2009: MCTS: Microsoft Windows SharePoint Services 3.0, Configuration
• 2007: Microsoft Product Specialist (Windows XP)
• 2006: ITIL Foundation Certificate in IT Service Management (IT Koolitus)
• 2001: Microsoft Product Specialist (Windows 2000 Server)
• 1997: Microsoft Product Specialist (Windows NT Server 4.0)
• 1996: Implementing and Supporting Windows NT Server 4.0 (IT Koolitus)

---

Work Experience

2025–Present: Muuga kogukonnakeskus Muuker MTÜ – Founder & Board Member

• Co-founded community centre for the Muuga suburban area (registered September 2025).
• IT infrastructure: domain registration (muuker.ee), Google Workspace for Nonprofits setup, website creation and management (Google Sites), Facebook page creation and management.
• Marketing, communications, videography and photography.

2025–2026: AS LHV Pank – DevOps Engineer

• Development and management of CI/CD pipelines.
• Tech stack: AWS S3, Gitlab, Terraform, Terragrunt, Kubernetes, Hashicorp Vault, Ansible, Loki, Grafana.
• Supporting changes for loading data into the data warehouse (MSSQL DWH).

2014–2025: AS LHV Pank – System Administrator

• Network Management & Security: Managing firewalls and network devices (PAN OS, Aruba, HPE); internal and perimeter security policies; VPN management (PAN OS, Juniper SRX, GlobalProtect, IPSEC); PAN OS User-ID identity integration design and management; NAC management (Forescout, Packetfence, 802.1x, EAP-TLS); Azure virtual network design (PAN OS VM series).
• Network device configuration management (Ansible, Terraform, Gitlab).
• Server management: Linux and Windows servers in Hyper-V virtualisation platform clusters.
• Monitoring: Managing monitoring and logs for network systems (Zabbix, SpectX, Gravwell).
• Identity & Certificate Management: Managing multi-tier Corporate CA infrastructure (AD CS, Digicert One); certificate lifecycle procedures for users, services, and short-lived device certificates; HSM procedures and POC for digital signing of bank account statements; X-Road HSM certificate renewal coordination (external partner); SK digital signing, crypto certificates, and USB token management; external authentication flows (SAML/OIDC).
• macOS Security: Designing and implementing MS Intune MDM profiles; migration from MS Intune to Jamf Pro (50+ devices); central security policy design and implementation (CIS Level 2, Jamf Pro, Blueprints); central authentication design (Jamf Connect, OIDC, Kerberos, Active Directory, Entra ID).

2006–2014: Teede Tehnokeskus AS (Estonian Road Technology Center) – IT Project Manager

• Organizing IT development and maintenance.
• Software development, prototyping, and systems mapping.
• Keywords: Windows XP/7/8, Windows Server 2003/2008/2012, Linux (OpenSUSE, Debian), OpenVPN, IPSEC, IKEv2, VMware vSphere, MySQL, MSSQL, MS Dynamics NAV, MS SCCM, MS DPM, MS Hyper-V, Veeam B&R, Dell, Apple, Android.

2002–Present: MLP Dataconsult OÜ – Consultant

• Consulting: Hardware, software, networks, firewalls, cloud technologies, AI/ML implementation.
• Infrastructure: Linux, Windows, Proxmox, Talos, TrueNAS, PAN OS.
• Software Development: PHP, Python, C#, C/C++ (MISRA), Java/Android, Swift.
• Databases: SQL (MySQL, PostgreSQL, MSSQL, DuckDB, ClickHouse, SQLite), S3.
• CI/CD: Gitea/Gitlab/Github, Kubernetes, Terraform, Terragrunt, Ansible, Hashicorp Vault, Loki, Grafana.

2000–2005: Freelance Consultant (Sole Proprietor)

1998–2000: Spin TEK – System Administrator

• Network administration for internal and key clients (Linux, Novell, Windows 95/98).

1997–1998: Gensi Koolitus – System Administrator

• Maintenance of workstations and computer labs; NT Server and Exchange Server administration.

1995–1997: IC Systems – Technical Consultant

• Progress database administration; technical maintenance of information systems; Windows NT and hardware maintenance.

---

Software Development Projects

• 2018–2023: Openpilot (Subaru Community Manager): Development of open-source ADAS (Advanced Driver Assistance System) software and hardware interfaces for Subaru models on comma.ai hardware (300+ supported car models); remote support and community management for 200+ users via comma.ai Discord #Subaru channel. Keywords: Git, Github CI/CD, Ubuntu (arm64), Python, pytest, C/C++ (MISRA), CANBUS, DBC, OpenDBC, CANBUS messages and signals reverse engineering.
• 2013: Road Weather Station Web Prototype: PHP, MySQL, Javascript, ExtJS, OpenLayers, OpenStreetMap.
• 2013: Road Defect Detection System: “RoadRecorder” (video and road location data), “RoadAnalyzer” (defect classification from video, photo generation), “RoadViewer” (end-user GIS visualization). Built with C# (.NET), DirectX, WDM, SQLite + SpatiaLite, Bluetooth, GPS.
• 2013: Road Friction Measurement System: Mobile app + hardware measurement device; web interface. Android/Java, Bluetooth, MySQL, PHP, Javascript, JSON, OpenLayers, OpenStreetMap.
• 2012: Road Frost Depth Sensors Web Interface: PHP, Google Maps.
• 2010: OpenVPN ID-Card Authentication Integration: Perl, Bash, OpenSSL.
• 2009: Road Traffic Counting System Analysis: Data model design; data source integration design.
• 2007: Teede Tehnokeskus AS – Business Analysis: PHP, SQLBase, MSSQL, Excel, Access.
• 2005: Teede Tehnokeskus AS – Bridge Register: PHP, MySQL.
• 2002: National Library of Estonia – HR System v2.0: PHP, MySQL.
• 2002: TV Guide: PHP, MySQL.
• 2001: National Library of Estonia – HR System: Zope, MySQL.
• 2001: Hinnavaatlus: Design-to-code integration, data model, and web management module (PHP, Javascript, MySQL).
• 2000: Web-based Chat Server + Client: Java (JDK 1.2), Tomcat 3.1.
• 1999: SpinTEK Intranet: PHP, MySQL, Apache.

---

Skills & Languages

• Other Skills: Category B Driver’s License.
• Languages:
  • Estonian: Native
  • English: Very Good
  • Finnish: Good
  • Russian: Elementary
  • Spanish: Elementary (A1)
  • Italian: Elementary (A1)

Hobbies

• traveling
• theater
• cinema
• literature
• photography
• jogging/walking
• swimming
• cycling
• software development.