E-Mail: nick@groenen.me
Website: https://nick.groenen.me/
LinkedIn: https://www.linkedin.com/in/nickgroenen/
GitHub: https://github.com/zoni/

Hello! 👋 I’m Nick Groenen.

My professional career covers over 10 years of experience in infrastructure and IT operations, currently as Site Reliability Engineering team lead at Castor.

I have managed various teams across multiple companies, with my sweet spot appearing to be the growing of small- to medium-sized teams responsible for managing software infrastructure, especially in regulated and safety-critical environments.

Check out my Personal Manual if you wish to learn more about my personality style and ways of working.

Key qualifications

  • Leadership experience with small- to medium-sized teams in both IC and manager roles, as well as in positions reporting directly to executive management (as CISO).
  • DevOps/infrastructure background with a strong focus on software engineering best-practices. I’m experienced with multiple programming languages, including Python, Go, Elixir and Rust (as well as shell scripts, like bash).
  • I have designed (and participated in) various on-call rotations 1 and facilitated many Post-incident reviews.
  • Strong writing skills, including in user-facing (technical) documentation, internal project documentation, decision records and project proposals.
  • Experience in regulated industry (healthcare) and familiarity with privacy and security certifications/standards.

Work experience

Engineering Team Lead - Platform

Castor. April 2021 - Present. Amsterdam, Netherlands

When I joined Castor in early 2019, I was hired as their first dedicated DevOps/SRE person. I’ve grown this to a team of 5 engineers, discovered I am good at engineering management but don’t actually enjoy people management all that much, and am now refocusing on being an Individual Contributor (IC) and Tech Lead again. Notable projects and accomplishments here include:

  • Designed and built database migration tooling which integrates with Castor’s business logic, allowing for the migration of medical studies between different MySQL database clusters in a (near-)automated fashion. This was used in a cloud migration of about 45.000 studies across two providers, and has unlocked the capability to redistribute databases for optimal resource utilization within clusters. 2
  • Adopted Earthly for the building/packaging of all of our custom Ubuntu software packages, providing a simple and repeatable build process that anyone can use with minimal fuss.
  • Fostered a team culture with a high degree of Psychological safety, placing a strong emphasis on transparency and quality documentation, a reduction of Toil through automation, and continuous learning through practices such as pre-mortems, After Action Reviews and Post-incident reviews.
  • Set the roadmap for Castor’s infrastructure, balancing competing priorities like investments in new technologies, compliance improvements, process optimization, paying back technical debt, etc.
  • Supported a company-wide migration to Azure AD for enterprise SSO, working closely with the office IT department to integrate all services and onboard all users.

Chief Information Security Officer

Castor. October 2019 - August 2021. Amsterdam, Netherlands

I joined Castor primarily as an SRE, but also acted as the CISO until we had grown large enough to hire somebody for this position full-time. 3 Notable projects and accomplishments in this role include:

  • Helped scale security and compliance processes while growing from about 40 to 100 employees across offices in the EU and US.
  • Played a key role in leading Castor through a recertification audit of ISO 9001, ISO 27001 and NEN 7510.
  • Implemented a Single Sign-On solution for internal services together with the IT department to reduce account management burdens and more easily meet compliance requirements.
  • Implemented endpoint security monitoring together with the IT department to improve adherence to security policies, while remaining conscious and respectful of employees’ privacy.
  • Facilitated response to security incidents, including investigation, remediation and communications (internal and external).
  • Ensured Castor would meet the security requirements of major clients, including the World Health Organization (WHO) to support their SOLIDARITY trial on COVID-19 treatments.

Site Reliability Engineer

Castor. February 2019 - March 2021. Amsterdam, Netherlands

I joined Castor as the first and sole SRE and helped shape their infrastructure/platform roadmap throughout their Series A investment. Notable projects and accomplishments during this period include:

  • Led the transition from doing ops management by hand to using Infrastructure as Code principles with Ansible and Terraform.
  • Helped shape strategic efforts to migrate away from local managed hosting providers, standardizing on Microsoft Azure’s cloud services. 4
  • Launched a dedicated server offering (“Castor Private Cloud”) on Azure.
  • Designed and built automation to perform a cross-region migration/split of Castor’s entire user database with minimal downtime and strong operational guarantees to avoid manual error.
  • Opened up a new EDC region in Australia (also on Azure).
  • Played a key role in leading Castor through a recertification audit of ISO 9001, ISO 27001 and NEN 7510.

Developer & security officer

StartMail. February 2017 – January 2019. The Hague, Netherlands

I was one of the senior developers at StartMail, a privacy-focused email service. During my two years there my team worked on rebuilding all of StartMail’s core infrastructure, including a tricky customer migration which was completed without incident.

After completion of the project I continued to work on further infrastructure improvements and assisted in the rewrite of their frontend webmail application from an 90’s-style PHP webapp (helloooo SquirrelMail!) to modern javascript with a Python backend.

In addition to my role as developer I also served as StartMail’s security officer, responsible for implementing security policies and having knowledge of fun acronyms such as ISO/IEC 27001, HIPAA and GDPR.

Further past


Bedrijfshulpverlener (emergency response officer)

Castor. May 2019 - Present. Amsterdam, Netherlands

The Dutch Working Conditions Act states companies need to ensure adequate emergency response measures, known as bedrijfshulpverlening. In most companies this translates to having one or more employees trained as emergency response officers. For Castor, I operate as the head of our emergency response organisation.

Rode Kruis Evenementenhulpverlener & Noodhulp teamlid

Red Cross Haarlemmermeer. August 2019 - Present. Hoofddorp, Netherlands

As a volunteer for the Dutch Red Cross, I help provide first aid at various small- and large scale events throughout the Netherlands. I’m also a member of the Noodhulp Team for the district Kennemerland, providing support to professional emergency services during mass-casualty incidents.


Certified Incident Responder

PagerDuty University, Certificate number z2po3xomjd33

Level 1 Certificate in English (ESOL)

University of Cambridge, License 0012247650

European First Aid Certificate (EFAC)

Red Cross certificate number nrks10028399-71892.

Beheerder brandmeld- en ontruimingsalarminstallatie

NIBHV, Candidate number 890127050

Professionalism and ethics

I believe too little attention is currently given to ethics in the field of IT and related industry so I’d like to explicitly call out that I hold myself to both the ACM Code of Ethics and Professional Conduct as well as the IEEE Code of Ethics. For more information, see my core values.

See also

The latest version of this document is available on-line in a variety of formats:

  1. You might find my Research into the effects of on-call work here interesting. ↩︎

  2. The project to build this tooling and to perform the actual migration took about 12 to 18 months in its entirety. There are a lot of interesting technical details here, including answers to questions like “Why not just use typical database replication and tools like innobackupex for this?” and I’m currently working on writing a long-form article about my experiences and the lessons learned in this endeavor. ↩︎

  3. I’ve written more about this on my blog in “Stepping down as CISO”. ↩︎

  4. Azure would not have been my first pick on a purely technical level, but within the medical sector Castor operates in there were other, non-technical concerns that made it a better pick than AWS or GCP. ↩︎