I own IT end-to-end for the German subsidiary of a global automotive group — from infrastructure architecture and Microsoft 365 governance to Zero Trust security and data-centre planning. I have built complete IT environments from nothing, and I am at my best turning operational friction into structured, scalable systems.
From that same seat I also write — long-form analysis on what the Chinese auto industry's push into Europe actually looks like at the operational layer: dealer DMS to factory ERP, residual-value to leasing risk, homologation to OTA. One track builds the systems; the other reads them. The vantage is the same.
Long-form analysis on China–Europe automotive. Published on Substack and 知乎; archived here.
MIP 不是温柔版关税。它把钱还给没打价格战的人,逼一直打价格战的人涨价 —— 同时把价格战这件事,从所有人手里收走。
Europe's new price floor for Chinese EVs isn't a softer tariff. It hands the money back to some carmakers, forces a price rise on the rest — and ends the price war for all of them.
为什么欧洲市场下一阶段的胜负,不再是销量,而是运营能力
Projects spanning infrastructure delivery, security, and internal software.
IT project lead for a 1,700 m² headquarters fit-out — server-room layout, structured cabling, VLAN segmentation, firewall zoning, and vendor coordination. Plan optimisation cut direct costs by over €30,000. On-site implementation in progress; acceptance targeted for June 2026.
Local delivery lead for the German rollout of a global CRM (HQ + Deloitte programme) — SSO integration, EU-side GDPR DPIA, system integration, training, and cutover, plus defining the post-go-live L1 support boundary.
Designed and built five internal applications from scratch for a greenfield subsidiary — fleet, property, IT assets, service desk, and knowledge management — replacing manual coordination with structured digital workflows.
Automated Windows 11 provisioning via Microsoft Autopilot and Intune with GroupTag-based device scoping. New devices ship directly to employees and self-configure — cutting manual deployment effort by over 70%.
Zero Trust posture across identity and endpoints — enforced MFA, Conditional Access (geo / device / risk), Defender for Endpoint, silent BitLocker with key escrow, and a break-glass strategy, with incident reporting to the CISO.
Automated data synchronisation between ERP and WMS systems for a logistics operation, eliminating manual entry and reducing labour costs by 25% while supporting 200+ tickets annually.
A full-stack personal portfolio with password-protected interview profiles, dynamic routing, and JWT-based authentication — self-hosted on a managed VPS.