~/ cat career.log

25 Years in Production

Field experience, not framed certificates. 2001 → today.

Marco Serritella has worked in production since 2001: interface drivers over serial ports for healthcare systems, Java and cross-engine SQL, C# automation pipelines for .com domain renewals at registrar scale, contributions to HL7 standardization work, a decade running datacenter racks (Proxmox, iSCSI SAN, pfSense, Windows AD, IPsec), Data Protection Officer role, and since 2022 full cloud architecture: DigitalOcean and Azure scripted in Terraform, Kubernetes, ISO/IEC 27001 implementation lead (certified January 2025), business continuity and disaster recovery across vendors.

// no badge wall

You won't find vendor badges here. I led a company from zero to ISO/IEC 27001 certification — the company keeps the badge, I keep the working ISMS. Everything below was learned the only way that sticks: in production, with real users on the line.

// every line converges here

2001 today
software engineering 2001 → now · 25y

BASIC → Java → C# → PHP → Rust

databases & data 2003 → now · 23y

Sybase · Informix · Oracle · Firebird · MSSQL · MySQL · Solr · PostgreSQL

leadership & standards 2008 → now · 18y

analyst · tech lead · DBA · HL7 contributor

systems & networking 2012 → now · 14y

Proxmox · iSCSI SAN · pfSense · IPsec · Windows AD · nginx · mail

security & governance 2018 → now · 8y

DPO · GDPR · ISO/IEC 27001 · business continuity & disaster recovery

cloud & infrastructure-as-code 2022 → now · 4y

DigitalOcean · Azure · Terraform · managed PostgreSQL & storage

containers & orchestration 2022 → now · 4y

Docker · container registries · Kubernetes (AKS) · CI/CD from GitHub to multiple targets

Σ = Principal System, Cloud & AI Architect — 25 years, one line at a time

// career.log — oldest first

  1. 2001 — 2003

    Interface-Driver Developer & Customer Care

    healthcare IT

    First job: BASIC programs reading raw instrument data from serial ports and translating it into text a healthcare management system could ingest. Where software meets hardware nothing is clean — you debug with a serial sniffer, not a stack trace.

    The other half of the job: customer care and technical support for healthcare facilities, online and on-site. Learning early that the person on the phone matters as much as the code.

    BASIC RS-232 healthcare customer support

  2. 2003 — 2005

    Java Developer

    healthcare software vendor

    Same product, four database engines: Sybase, Informix, Oracle, Firebird. Writing SQL that has to survive on all of them teaches you the standard better than any course ever will.

    Java SQL Sybase Informix Oracle Firebird

  3. 2005 — 2008

    C# Developer

    one of Italy's largest hosting & domain providers

    Started on the sales portal, then moved to R&D: an end-to-end automation pipeline for .com domain renewals — query the database, ship XML to the registry, handle asynchronous responses, renew. Unattended, at registrar scale.

    C# MSSQL XML async integrations

  4. 2008 — 2011

    Analyst, Tech Lead & DBA

    healthcare software vendor

    Analyst and Java developer on a data-exchange platform connecting a regional health authority with its blood-transfusion centers.

    Tech lead and DBA (Firebird) on the companion software for a pharma group's blood-analysis instrument — blood group, Rh, phenotype. Along the way, contributed input to the HL7 standardization work on patient-demographics interchange records.

    Java Firebird HL7 interoperability

  5. 2011 — 2012

    Webmaster

    local web agency

    A year of PHP and MySQL in the trenches of small-business web. Humbling, fast, useful.

    PHP MySQL

  6. 2012 — 2022

    Webmaster → Systems Engineer → DPO

    digital marketing & messaging company

    Started as webmaster: an e-commerce built from scratch (PHP + MySQL) and a job-ads portal — Java frontend and backend, Apache Solr datastore, a Java crawler feeding it listings.

    Then took over the datacenter rack: inherited two redundant switches, two load balancers, four delivery frontends, two backends and a MySQL. Expanded it with a 3-node Proxmox cluster and a 2-node iSCSI SAN, running nginx load balancing, mail, customer web hosting, pfSense, the primary Windows domain controller and a fleet of internal Java tools — plus a home-grown site-generation and DB-interface framework, written to keep the developer muscles warm.

    2016 office relocation, owned end to end: network cabling, local domain controller, internal backup machine, ADSL with wifi-modem failover via pfSense, primary DC moved on-premise with its replica left on the Proxmox cluster — everything over IPsec VPN.

    As the business pivoted to SMS messaging: prototyped a campaign-delivery system and backed the developer building the production one.

    Appointed Data Protection Officer — the first deep dive into governance: data protection by design, risk assessment, policies people actually follow. The mindset that would later carry an entire ISO/IEC 27001 program.

    After a 2020 acquisition by an international messaging group: studied the CompTIA Security+ and CEH curricula (2021) and started porting internal Java utilities to Rust.

    Proxmox iSCSI SAN pfSense nginx Windows AD IPsec Java Solr SMS DPO Rust

  7. 2022 — today

    Systems & Cloud Architect

    software house, ~25 engineers

    Decommissioned the two physical racks — server farm and office — and virtualized everything onto DigitalOcean, including a Proxmox for internal services. Every Linux VM built, operated and torn down by hand before automating any of it.

    Gave the nudge that started the company's shift from PHP to Rust: the tech leader was already looking past PHP — a well-timed “I know Rust, and I'd pick it over Go” settled the direction.

    Technical lead of the four-person ISMS team that wrote the policies and implemented ISO/IEC 27001 — certified January 2025.

    Since 2024: containerization everywhere and Kubernetes mandated for every new service. CI/CD pipelines from GitHub fanning out to multiple targets — container registries and clusters on DigitalOcean, a full Azure landing zone scripted in Terraform (AKS, container registry, blob storage, PostgreSQL, with OpenSearch and various message brokers on top), and custom in-house solutions. Business-continuity and disaster-recovery procedures written, implemented and spread across different vendors.

    DigitalOcean Azure Terraform Docker Kubernetes CI/CD Rust ISO 27001 OpenSearch message brokers BC/DR

// the point

Certifications expire. Stacks rotate. What compounds is 25 years of being the one who gets called when it breaks — from serial ports to Terraform, the job has always been the same: understand the whole system, then make it boring.

$ cd ~ && ls services/ [ Execute ] _