[DE] [EN] 
███╗   ███╗ █████╗ ██████╗  ██████╗    ███████╗██╗   ██╗███╗   ███╗██╗
████╗ ████║██╔══██╗██╔══██╗██╔════╝    ██╔════╝██║   ██║████╗ ████║██║
██╔████╔██║███████║██████╔╝██║         ███████╗██║   ██║██╔████╔██║██║
██║╚██╔╝██║██╔══██║██╔══██╗██║         ╚════██║██║   ██║██║╚██╔╝██║██║
██║ ╚═╝ ██║██║  ██║██║  ██║╚██████╗    ███████║╚██████╔╝██║ ╚═╝ ██║██║
╚═╝     ╚═╝╚═╝  ╚═╝╚═╝  ╚═╝ ╚═════╝    ╚══════╝ ╚═════╝ ╚═╝     ╚═╝╚═╝
[ ONLINE ]
ICT Architect | Founder, SecureIT Swiss AG | Switzerland
Enterprise IT Architecture // Active Directory // Exchange Hybrid // Citrix VDI // PowerShell Automation // Security
[ ABOUT ] [ ACHIEVEMENTS ] [ STACK ] [ EXPERIENCE ] [ SERVICES ] [ CONTACT ]
system boot sequence complete... ready for input [OK]
ABOUT
visitor@marcsumi.ch:~$ cat about.log
Hey, I'm Marc Sumi — Swiss ICT Architect and founder of SecureIT Swiss AG. I design, secure, and rebuild enterprise environments — typically after they've become unstable, undocumented, or failed under previous implementations. Typical entry point: systems already failing, migrations gone wrong, or environments no one fully understands anymore. Over the past 8+ years, I've led infrastructure and security initiatives in complex, regulated healthcare environments (1,500+ users, hybrid on-prem / Microsoft 365, Citrix VDI, Oracle, and legacy systems). My work spans Active Directory migration, Exchange hybrid migration, and Citrix VDI architecture in Switzerland — specializing in enterprise IT security for regulated industries. My focus is on stabilizing operations fast, then rebuilding clean, auditable architectures that scale — reducing operational risk and eliminating single points of failure. Approach: Fix root causes ➜ standardize ➜ automate ➜ document. Outside of work: CTFs, homelabs, and occasionally revisiting Knight Rider and The Matrix.
SELECTED ACHIEVEMENTS
visitor@marcsumi.ch:~$ cat achievements.log
Executed Exchange migration (3,200+ mailboxes) with zero data loss and no unplanned downtime in a regulated healthcare environment Rebuilt undocumented Citrix environment — stabilized VDI for ~800 daily users within first 90 days Designed hybrid Active Directory + Microsoft 365 architecture across merged multi-site hospital organization (1,500+ users) Implemented centralized SIEM and log shipping across multi-site infrastructure — first unified security visibility in org history Eliminated manual onboarding processes via full PowerShell automation pipeline — reduced provisioning time by ~80% Reverse-engineered and documented complete enterprise infrastructure (AD, Exchange, Citrix, networking, printing) — no prior documentation existed across any system Enabled critical healthcare reporting and clinical systems to operate reliably after full infrastructure stabilization Leading cross-functional team of 20+ engineers (internal + client) across ongoing hospital infrastructure fusion
STACK
visitor@marcsumi.ch:~$ cat stack.log
Identity & Access
Active Directory (multi-domain, trusts) Group Policy PKI / Certificates SwissSign
Messaging & Collaboration
Microsoft Exchange (on-prem & hybrid) Microsoft 365 Totemo SecureMailGateway
Virtualization & End-User Computing
Citrix Virtual Apps & Desktops VDI Architecture VMware / ESXi (multi-host)
Security
Hardening Incident Response SIEM / Log Management Firewalls Penetration Testing
Infrastructure
Windows Server Networking Oracle (19c, enterprise) Kubernetes / GKE
Automation
PowerShell Scripting API Integration
EXPERIENCE
visitor@marcsumi.ch:~$ cat experience.log
2026 — Present
ICT Architect
SecureIT Swiss AG — Regulated Healthcare Environment
Promoted to ICT Architect for the merged hospital organization (1,500+ users, 850+ endpoints). Owning architectural decisions across identity, messaging, VDI, and security domains. Defining technology standards, reference architectures, and strategic roadmaps across Microsoft, Citrix, and Oracle platforms. Governing enterprise IT security policy and leading cross-team coordination for 20+ engineers. Focused on reducing operational risk and eliminating single points of failure across the combined infrastructure.
ICT Architecture 1,500+ users Team Lead (20+) Microsoft Citrix Oracle
2025 — 2026
Lead System Engineer — Hospital Fusion & Security
SecureIT Swiss AG — Regulated Healthcare Environment
Architected the target infrastructure for the full-scale fusion of two major hospitals. Migrated all users, userhomes, VDI environments, and 850+ client systems into a unified Active Directory architecture with zero unplanned downtime. Conducted penetration testing with full hardening remediation. Deployed centralized SIEM and log shipping — first unified security visibility in the organization's history. Led ~10 internal + 10-15 client-side engineers.
AD Migration 850+ endpoints SIEM deployment Pentesting Zero downtime
2024 — 2025
Lead System Engineer — Automation & Integration
SecureIT Swiss AG — Regulated Healthcare Environment
Built end-to-end onboarding automation with PowerShell — reduced provisioning time by ~80% and eliminated manual errors. Linked APIs of multiple clinical and administrative platforms to build a centralized data warehouse. Mapped and documented the complete enterprise infrastructure (AD, Exchange, Citrix, networking, printing, Oracle) from scratch — no prior documentation existed across any system.
PowerShell Automation ~80% faster onboarding API Integration Full Documentation Data Warehouse
2023 — 2024
Lead System Engineer — Exchange Hybrid & Client Engineering
SecureIT Swiss AG — Regulated Healthcare Environment
Executed Exchange migration (3,200+ mailboxes) with zero data loss and no unplanned downtime. Reduced legacy complexity and established standardized mailbox architecture. Integrated Totemo SecureMailGateway for end-to-end encryption and SwissSign PKI for certificate-based authentication. Led VDI rollout, userhome migration, and organization-wide client deployment (850+ systems). Took over fragmented environments from previous teams and established clean, reproducible baselines.
Exchange Hybrid Migration 3,200+ mailboxes SwissSign PKI Totemo 850+ clients
2022 — 2023
System Engineer — Citrix VDI Architecture
SecureIT Swiss AG — Regulated Healthcare Environment
Inherited an unstable, undocumented Citrix environment serving ~800 daily users. Mapped the full architecture, stabilized operations within 90 days, and rebuilt Citrix Virtual Apps & Desktops for reliability. Optimized application packaging, session performance, and user provisioning. Authored operational runbooks from the ground up.
Citrix CVAD ~800 daily users Stabilized in 90 days VDI Architecture
2020 — 2022
System Engineer
SecureIT Swiss AG
Delivered full-lifecycle SMB solutions for 15+ clients — requirements analysis, architecture design, implementation, and handover. Built Windows Server networks, Microsoft 365 deployments, telephony, and print infrastructure. Hardened Debian-based web servers. Optimized Exchange spam filtering and email security with centralized antivirus.
15+ clients Windows Server Microsoft 365 Linux Hardening Email Security
2021
System Engineer
Newco Switzerland AG
Deployed and operated a highly available Kubernetes cluster on Google Kubernetes Engine for the newco.ch web application. Managed monitoring infrastructure (Prometheus/Grafana), internal support, and ticket management.
Kubernetes GKE Prometheus Grafana
2020 — 2021
System Engineer / Junior Project Manager
Novazona AG
Led implementation of multiple VR/AR simulators for pharmaceutical companies and a Swiss insurance provider — managing Windows clients, C++ applications, MySQL, and Linux controllers. Planned and built Windows workplace environments with Zyxel firewall integration and full security hardening.
Project Management VR/AR Networking Firewalls
2018 — 2020
Junior System Engineer
Nau Switzerland AG
Supported launch and operation of nau.ch. Managed cloud-based ICT systems, Nextcloud collaboration infrastructure, software distribution, and asset management. Developed monitoring and QA test concepts. Trained 50+ users across the organization.
Cloud Ops 50+ users trained QA Testing Monitoring
WHAT I DO

Stabilize Failing Environments

Rapid assessment and stabilization of unstable, undocumented, or inherited IT infrastructure. Root cause analysis, not band-aids.

Lead Complex Migrations

Active Directory migration, Exchange hybrid, Microsoft 365 rollout, Citrix VDI architecture — planned, tested, and executed at scale.

Design Secure Architectures

Enterprise IT architecture for regulated environments. Identity & access, endpoint security, SIEM, PKI, and compliance-ready infrastructure.

Audit & Harden Infrastructure

Security assessments, penetration testing, hardening, and incident response. From firewall rules to Active Directory attack path analysis.

Automate Operations

PowerShell automation, API-driven workflows, onboarding pipelines, and reporting. Eliminate manual operations, reduce error rates.

Document Everything

Complete enterprise documentation — network, identity, messaging, VDI, printing. Systematically, from scratch if needed. Auditable and maintainable.

CONTACT
visitor@marcsumi.ch:~$ ping marc
PING marc (127.0.0.1) 56 bytes of data. 64 bytes from marc: icmp_seq=1 ttl=64 time=0.042ms [OK]
├── email: info@marcsumi.ch
├── web: secureit.ch (SecureIT Swiss AG)
├── web: newco.ch
└── location: Switzerland
READY TO FIX A BROKEN ENVIRONMENT?
visitor@marcsumi.ch:~$ ./engage.sh
Select an option: [1] Book a call [2] Request an infrastructure assessment [3] Send architecture review request Typical response time: <24h
>
visitor@marcsumi.ch — bash [x]
visitor@marcsumi.ch:~$