Jonathan Aerts

Senior Cloud Platform Architect

POST Luxembourg · Luxembourg

Aug 2024 — Present

Hired to single-handedly build POST Luxembourg’s cloud foundation — Grand Duchy telecom operator and postal bank, supervised by the CSSF. Mission: host the critical banking workloads on Azure under a compliant Cloud Outsourcing framework. No prior cloud footprint. 13 months of continuous delivery.

• Designed and delivered an Enterprise-Scale Azure Landing Zone across 26 subscriptions, multi-region, aligned with Microsoft CAF and Azure Verified Modules — foundation eligible to host workloads under banking regulation.
• Aligned the platform with regulatory requirements: controls derived from CSSF Circular 22/806 (Cloud Outsourcing), DORA, NIS2 and ISO 27001, CIS Microsoft Azure baselines, zero persistent secrets (OIDC / Workload Identity end-to-end), Private Endpoints across all PaaS, customer-managed encryption everywhere.
• Industrialised Infrastructure as Code: 60+ production-ready Terraform modules, single Terragrunt pipeline across the whole perimeter, automated drift detection — immutability and full audit-ready traceability.
• Built the application platform: private AKS clusters in GitOps (Argo CD), Azure Virtual Desktop (Host Pools, FSLogix ZRS, Private Endpoints) for compliant virtual desktops, enterprise-grade observability (managed Prometheus + Grafana, 20+ dashboards), AMBA alerts aligned with Microsoft production guidance.
• Formalised internal governance: 20 ADRs, 6 SRE runbooks, 10K-line enterprise wiki, strict naming / tagging / RBAC conventions — audit and onboarding foundation for future teams.
• Designing the multi-cloud strategy: multi-account AWS Landing Zone in design (Control Tower, SCPs, IaC) to address resilience and supplier diversification requirements imposed by DORA.
• Tooled the project with a suite of specialised AI agents — codified conventions and gotchas, assisted module generation and accelerated architecture reviews.

Cloud Architect — M365 & Azure Migration

Alten · Mission: Luxembourg Airport

Aug 2023 — Jul 2024

Consulting mission via Alten for the IT modernisation of Luxembourg Airport — 24/7 critical infrastructure of Luxembourg air transport. Twofold goal: migrate mail to Microsoft 365 and lay the airport’s first cloud foundations.

• Migrated 500+ on-premises Exchange mailboxes to Microsoft 365 — hybrid coexistence, progressive cutover, on-prem decommissioning, zero service loss.
• Designed and deployed the airport’s first Azure Landing Zone — modular foundation aligned with Microsoft CAF, ready to host the IT department’s future workloads.
• Industrialised an initial library of reusable Terraform modules — IaC baseline that shaped the group’s cloud deployment strategy.
• Hardened the M365 security posture: Conditional Access, MFA across the board, CIS Microsoft 365 baselines, sensitivity labels, retention policies and Compliance Center.
• Migrated identity services to Entra ID — RBAC convention, SSO for the airport’s business applications.

Cloud & Infrastructure Architect

Astorg · Private Equity

Sep 2021 — Jul 2023

Global IT infrastructure modernisation at Astorg — European Private Equity fund, 250 users, 6 international offices (LU, FR, UK, DE, IT, US), supervised by the CSSF under AIFMD. Transformation from a legacy environment to a compliant hybrid Azure / Entra ID architecture.

• Led the global IT transformation across 6 international offices — on-site deployments (servers, storage, network, endpoints), inter-site network unification via Cisco Meraki SD-WAN, standards harmonisation.
• Designed the hybrid Azure architecture: VNETs, Private Endpoints, Key Vault, Entra ID — Terraform foundations developed from scratch.
• Deployed unified endpoint management: 250 endpoints and 100+ mobile devices via Microsoft Intune, compliance and configuration policies aligned with CIS.
• Aligned the platform with PE regulatory requirements: CSSF AIFMD, ISO 27001, CIS Microsoft baselines, RBAC + PIM governance, systemic Azure Policy.
• Managed the infrastructure renewal budget (~€500K): vendor selection, negotiation, multi-country procurement.

IT-OT System Administrator

Guardian Industries · Luxembourg

Jul 2019 — Aug 2021

Sole IT/OT administrator for a Guardian Industries industrial site — 24/7 continuous-production glass manufacturing, ~100 users. Mission: guarantee IT continuity under production constraints, with zero tolerance for outage.

• Single-handedly operated the production VMware environment: 10+ ESXi hosts, RDS/VDI infrastructure for operations, backups and recovery plan.
• Ran the Cisco network infrastructure: LAN/WAN, IT / OT segmentation, perimeter security for the industrial site.
• Deployed line-edge thin clients: hardened solutions for the industrial environment, integration with production business applications.
• Guaranteed 24/7 operational continuity: zero IT-attributable outage over 2 years, permanent on-call support under continuous production constraints.

System Engineer — Microsoft 365 & Infrastructure

GMS-it · Luxembourg

Oct 2016 — Aug 2019

Systems engineer at GMS-it (Luxembourg MSP) — delivered end-to-end Microsoft 365 and infrastructure projects for 7 Luxembourg SMB and trust company clients. Full ownership: technical design, deployment, support.

• Led Exchange on-prem to Microsoft 365 migrations: coexistence analysis, tenant setup, mailbox cutover, legacy on-prem decommissioning.
• Designed and delivered client infrastructure projects: network modernisation, virtualisation, perimeter security, backups.
• Industrialised M365 deployment standards: Conditional Access, MFA, RBAC, hardening baselines — rolled out across the 7 client environments.
• Ensured run & continuous evolution: L3 support, critical incident management, infrastructure roadmap planning.

VMware Consultant — Global Virtualization Project

Computacenter · Mission: TI Automotive · Belgium

Jan 2014 — Sep 2016

Consulting mission via Computacenter for TI Automotive’s global virtualisation project — tier-1 automotive supplier with multiple international plants. Multicultural and distributed environment, multi-country travel.

• Led the global VMware virtualisation project: 200+ ESXi hosts across all international production sites.
• Performed P2V migrations: legacy physical server cutover to vSphere, on-site deployments in multiple countries.
• Administered large-scale vSphere infrastructure: provisioning, performance troubleshooting, resource optimisation across the global perimeter.

System & Network Administrator

ETNIC · Brussels

Sep 2007 — Dec 2013

System and network administrator at ETNIC — public IT operator of the Wallonia-Brussels Federation, supporting the Belgian French-speaking education system (schools and institutions). Broad infrastructure scope: Cisco network, VMware virtualisation, 100+ Windows servers.

• Administered the Cisco network: switching, routing, VLAN segmentation at organisation scale.
• Managed the VMware infrastructure: ESXi host management, VM provisioning and maintenance.
• Maintained a fleet of 100+ Windows servers: system administration, support for schools and institutions of the French-speaking Community of Belgium.