E-Mail: nick@groenen.me
Website: https://nick.groenen.me/
LinkedIn: https://www.linkedin.com/in/nickgroenen/
GitHub: https://github.com/zoni/


Hello! 👋 I’m Nick Groenen.

My professional career covers 10 years of experience in infrastructure and IT operations, currently as Site Reliability Engineering team lead at Castor.

I have managed various teams across multiple companies, with my sweet spot appearing to be the growing of small- to medium-sized teams responsible for managing software infrastructure, especially in regulated and safety-critical environments.

Check out my Personal Manual if you wish to learn more about my personality style and ways of working.

Key qualifications

  • Leadership experience with small- to medium-sized teams in both IC and manager roles, as well as in positions reporting directly to executive management (as CISO).
  • DevOps/infrastructure background with a strong focus on software engineering best-practices. I’m experienced with multiple programming languages, including Python, Go, Elixir and Rust (as well as shell scripts, like bash).
  • I have designed (and participated in) various on-call rotations 1 and facilitated many Post-incident reviews.
  • Strong writing skills, including in user-facing (technical) documentation, internal project documentation, decision records and project proposals.
  • Experience in regulated industry (healthcare) and familiarity with privacy and security certifications/standards.

Work experience

Engineering Team Lead - Platform

Castor. April 2021 - Present. Amsterdam, Netherlands

When I joined Castor in early 2019, I was hired as their first dedicated SRE. Since that time, I have grown this to a team of 5 engineers and personally transitioned from an Individual Contributor (IC) role into a management role. Recent projects and accomplishments include:

  • Fostered a team culture with a high degree of Psychological safety, placing a strong emphasis on transparency and quality documentation, a reduction of Toil through automation and continuous learning through practices such as After Action Reviews and Post-incident reviews.
  • Coordinated the implementation of Datadog Log Management and Sentry Exception Tracking to improve application visibility, while complying with all applicable laws and regulations2 in the healthcare industry.
  • Guided the implementation of Intrusion Detection systems and Log Analysis/Review processes according to regulatory standards and RFP/RFI requests from customers.
  • Set the roadmap for Castor’s infrastructure, balancing competing priorities like investments in new technologies, compliance improvements, process optimization, paying back technical debt, etc.

Chief Information Security Officer

Castor. October 2019 - August 2021. Amsterdam, Netherlands

I joined Castor primarily as an SRE, but also acted as the CISO until we had grown large enough to hire somebody for this position full-time. 3 Notable projects and accomplishments in this role include:

  • Helped scale security and compliance processes while growing from about 40 to 100 employees across offices in the EU and US.
  • Played a key role in leading Castor through a recertification audit of ISO 9001, ISO 27001 and NEN 7510.
  • Implemented a Single Sign-On solution for internal services together with the IT department to reduce account management burdens and more easily meet compliance requirements.
  • Implemented endpoint security monitoring together with the IT department to improve adherence to security policies, while remaining conscious and respectful of employees’ privacy.
  • Facilitated response to security incidents, including investigation, remediation and communications (internal and external).
  • Ensured Castor would meet the security requirements of major clients, including the World Health Organization (WHO) to support their SOLIDARITY trial on COVID-19 treatments.

Site Reliability Engineer

Castor. February 2019 - March 2021. Amsterdam, Netherlands

I joined Castor as the first and sole SRE and helped shape their infrastructure/platform roadmap throughout their Series A investment. Notable projects and accomplishments during this period include:

  • Led the transition from doing ops management by hand to using Infrastructure as Code principles with Ansible and Terraform.
  • Helped shape strategic efforts to migrate away from local managed hosting providers, standardizing on Microsoft Azure’s cloud services. 4
  • Launched a dedicated server offering (“Castor Private Cloud”) on Azure.
  • Designed and built automation to perform a cross-region migration/split of Castor’s entire user database with minimal downtime and strong operational guarantees to avoid manual error.
  • Opened up a new EDC region in Australia (also on Azure).
  • Played a key role in leading Castor through a recertification audit of ISO 9001, ISO 27001 and NEN 7510.

Developer & security officer

StartMail. February 2017 – January 2019. The Hague, Netherlands

I was one of the senior developers at StartMail, a privacy-focused email service. During my two years there my team worked on rebuilding all of StartMail’s core infrastructure, including a tricky customer migration which was completed without incident.

After completion of the project I continued to work on further infrastructure improvements and assisted in the rewrite of their frontend webmail application from an 90’s-style PHP webapp (helloooo SquirrelMail!) to modern javascript with a Python backend.

In addition to my role as developer I also served as StartMail’s security officer, responsible for implementing security policies and having knowledge of fun acronyms such as ISO/IEC 27001, HIPAA and GDPR.

Further past

Extracurricular

Bedrijfshulpverlener (emergency response officer)

Castor. May 2019 - Present. Amsterdam, Netherlands

The Dutch Working Conditions Act states companies need to ensure adequate emergency response measures, known as bedrijfshulpverlening. In most companies this translates to having one or more employees trained as emergency response officers. For Castor, I operate as the head of our emergency response organisation.

Rode Kruis Evenementenhulpverlener & Noodhulp teamlid

Red Cross Haarlemmermeer. August 2019 - Present. Hoofddorp, Netherlands

As a volunteer for the Dutch Red Cross, I help provide first aid at various small- and large scale events throughout the Netherlands. I also help out with the current, ongoing COVID-19 pandemic where possible, and I’m a member of the Noodhulp Team for the district Kennemerland.

Certifications

Certified Incident Responder

PagerDuty University, Certificate number z2po3xomjd33

Level 1 Certificate in English (ESOL)

University of Cambridge, License 0012247650

European First Aid Certificate (EFAC)

Red Cross certificate number nrks10028399-71892.
Includes various additional certifications, including:

  • Aantekening Eerste Hulp aan baby’s en kinderen
  • Aantekening Eerste Hulp bij acute sportletsels
  • Aantekening Eerste Hulp bij wandelletsel
  • Evenementen Eerstehulpverlener
  • Mentale Eerste Hulp
  • Verbindingsdienst - Omgaan met portofoon en mobilofoon
  • Stop de bloeding

Beheerder brandmeld- en ontruimingsalarminstallatie

NIBHV, Candidate number 890127050

Professionalism and ethics

I believe too little attention is currently given to ethics in the field of IT and related industry so I’d like to explicitly call out that I hold myself to both the ACM Code of Ethics and Professional Conduct as well as the IEEE Code of Ethics. For more information, see my core values.

See also

The latest version of this document is available on-line in a variety of formats:


  1. You might find my Research into the effects of on-call work here interesting. ↩︎

  2. The nature of this industry, and the fact that we process Protected Health Information (PHI), meant we couldn’t use these third-party processors without implementing additional contractual and technical safeguards, including but not limited to stripping certain classes of Personally Identifying Information (PII) on our own servers. ↩︎

  3. I’ve written more about this on my blog in “Stepping down as CISO”. ↩︎

  4. Azure would not have been my first pick on a purely technical level, but within the medical sector Castor operates in there were other, non-technical concerns that made it a better pick than AWS or GCP. ↩︎