About

How I got here, and how I build.

I'm Stefan — a Platform & Automation Engineer based in Copenhagen. I build integration and automation systems for enterprise environments: ServiceNow, BigFix, Zabbix, Microsoft Graph, the plumbing that keeps large estates running.

I don't have a university degree. I have a Gymnasieeksamen from Det Frie Gymnasium (2015–2018) and a career built entirely out of projects I taught myself how to finish. It's not a story, it's the shape of how I learn.

What I'm actually drawn to is systems that don't come with a clean manual — the ones where the docs end three layers before the real behaviour starts.

Mindset

How I think

The work that pulls me in hardest is the work I'm not yet sure I can do. The not-knowing is the part I actually enjoy — a problem whose answer is already obvious is just execution. So the work I gravitate toward is the work nobody's sure can be finished; that's where I find out what I'm actually capable of.

When I get one, I don't reach for a framework — I take it apart, down to functions small enough to actually build, then reassemble. Decomposing that far only works if you understand the layers underneath the code — how traffic really moves across a network, where an operating system draws its boundaries — so most of the real work happens at a whiteboard, before any code exists.

Where this started · the path before the automation

In January 2026, when I was handed this to build, there was no map for it: trigger automation from a public cloud and have it reach — and run PowerShell on — domain controllers sitting inside customers' closed networks, securely. No design for that path existed yet.

So I designed it first. A BigFix agent on each domain controller; a ServiceNow MID Server in a dedicated, locked-down VLAN that bridges the cloud to on-prem over outbound HTTPS alone — nothing inbound ever opened — with BigFix's own secured relay chain carrying the action the rest of the way into each customer network. Public cloud on one end, closed endpoints on the other. Then I built the automation on top of it — the part I genuinely had no idea how to build when I started — and shipped it in three to four months.

The connectivity path I designed — public cloud to closed customer endpoints.

That's the loop I look for: a problem I can't yet solve, taken apart until it's a set of problems I can.

Approach

How I work

My work almost always reduces to one pattern. I'm handed a system that runs in production for someone who can't afford it to break, documented a layer or two shallower than the behaviour I actually need — so the first thing I do is read the primitives underneath: the tables, the runtime, the real shape of the payload. Then I build the thinnest honest layer that makes it do the thing.

What comes out is small, deterministic, and observable. The principles below aren't aspirations — each one is the residue of a real decision, made on an estate shared by banks, military and government, where "probably fine" isn't a state you're allowed to ship.

The repeatable pattern

  1. 01

    Read the primitives

    Go under the vendor docs to the tables and the runtime, and build to what the platform actually does.

  2. 02

    Send deltas, not state

    Model every change as what was added and removed, so a replay can't silently undo work it never touched.

  3. 03

    Make it observable

    Resolve secrets at the point of use, stamp every result, prove its freshness. More code — but you can watch it run.

  4. 04

    Factor the reusable half

    When a pattern proves out, lift it into one shared subflow instead of copy-pasting it into the next ten.

Operating principles · with receipts

P01

I read the platform, not its documentation.

When the public docs weren't enough to make ServiceNow Flow Designer behave deterministically inside a provisioning pipeline, I read the engine itself — the sys_hub_* tables, the flow-engine runtime, the real shape of action inputs and trigger contexts — and built to that. The automation stays small and survives upgrades because it's anchored to behaviour, not to a marketing page.

reverse-engineered the sys_hub_* tables + flow-engine runtime → one 41-step subflow behind two front-ends
P03

I engineer around the bug, not against it.

ServiceNow's ECC Queue strips Cookie headers when it serialises a REST call, and Flow Designer's Password(2Way) variables arrive corrupted between steps. Rather than fight either, I switched to a hand-built Basic auth header and resolve every secret at the moment of use with GlideEncrypter. More code, but deterministic and observable beats elegant and flaky.

ECC Queue eats the cookie → hand-built Basic auth; GlideEncrypter resolves the secret at point of use
P04

Prove freshness; never trust a file at face value.

BigFix is fire-and-forget — no webhook, no completion event. The endpoint writes a result.json stamped with the request that asked for it, and ServiceNow reads it back in a Do-While loop, comparing that stamp so a stale file from a prior run can't be mistaken for this one. It's the same read-back every BigFix automation on the stack now shares.

result.json stamped with the request + Do-While freshness check via the BigFix Client Query API
P05

Factor the reusable half; make the rest testable.

The read-back half of that polling pattern became one shared "Poll for Result" subflow behind Disk Cleanup, Compliance Audit and the Veeam backup check — fix the loop once, not in three places. The backup check even returns a shape-identical mock success when the Veeam module is absent, so the whole pipeline is testable on any Windows box.

one "Poll for Result" subflow shared by three automations + a shape-identical mock success
I never let user input decide which customer's infrastructure gets touched. On an estate shared by banks and government, the trust boundary is the architecture — everything else is decoration.

Mentorship

How I teach

This year I took on mentoring a graduate engineer joining the team — and I didn't sit them down with a training course. I handed them a real automation to ship, and the method I use myself: understand the trust boundary first, the shared plumbing second, the payload last. Every automation we build has that same shape; internalise it once and the next one takes half the time.

Predict before you run it.

Read-only first. Don't execute a flow until you can say exactly what each step will output — running it should confirm what you already knew, not surprise you.

Explain it cold, no notes.

Every stage ends with self-check questions answered out loud, from memory. If you can't explain how a result gets from a closed endpoint back to the cloud, you're not finished with the stage.

AI is a sparring partner, not an oracle.

Use it to pull a concept apart, walk code line by line, or steel-man and then attack your own design — then verify everything it claims against the real system. It will hand you plausible answers that are wrong; the system won't.

Keep the lesson a course can't teach.

The question I most want answered at the end: which lesson here could only have come from doing this exact task — not from a course? That's the one worth keeping, and the reason I build to learn instead of collecting certificates.

Experience

Career

  1. 2018

    Coding Pirates — Volunteer Instructor

    Copenhagen, Denmark

    Taught kids to code at a weekly after-school club. Learning to explain systems to someone without context turned out to be the best thing I could have done for my own engineering.

  2. 2018

    IT Service Desk

    Arla Foods — Gdańsk, Poland

    First full-time IT role. Answered tickets for a global manufacturing business in four languages. Saw firsthand how brittle enterprise infrastructure really is once you're inside it.

  3. 2020

    ServiceNow Consultant

    Netgen (3-month contract)

    Short contract delivering ServiceNow workflows for a large public transport operator. First serious exposure to enterprise workflow platforms and their internals.

  4. 2020 — 2026

    a Nordic MSP

    Current

    Same company throughout · 2020 — 2026 · service desk → platform engineering

    1. 2020

      2nd Level IT Support

      Came back to Denmark and joined the MSP. Operated the tier behind the service desk for dozens of enterprise customers, and started automating the repetitive parts of my own job in PowerShell.

    2. 2022

      IT Team Lead — Operation Center

      Promoted to run the operations shift. Built the first automation pipelines that pulled tickets out of the human queue and pushed them to scripts. The team shipped more while doing less overtime.

    3. 2023 — 2024

      System Monitoring Specialist

      Danish lead technical · five-country remit

      Lead technical on the consolidation of three enterprise monitoring platforms — IBM Tivoli, IBM Storage Protect (TSM) and ScienceLogic SL1 — into a single Zabbix estate across five countries. Migrated 3,000+ Windows servers, SQL databases and web apps with automated Zabbix-agent deployment, preserved SNMP visibility across 50+ customer network environments, and designed the scalable Zabbix proxy architecture and verification frameworks behind it.

      • Zabbix
      • ScienceLogic SL1
      • IBM Tivoli
      • SNMP
      • PostgreSQL
    4. 2024 — 2026

      Same role, run from the road — South & Central America

      Fully remote · ~2 days a week · still on the same team

      Once the consolidation was on track, I was trusted to take it fully remote — so I spent roughly two years travelling across South & Central America, working about two days a week, and still carried the five-country monitoring project all the way to completion from wherever I was: coworking spaces, a hammock, and every kind of network in between. The clearest proof the architecture and automation were solid — the project didn't need me in the room.

    5. 2026 — now

      Automation Specialist & Platform Engineer

      Came back to Copenhagen once the consolidation shipped and started the next big build: a new consolidated automation & orchestration engine. Full-stack — the ServiceNow-to-BigFix AD lifecycle pipeline and the event-driven infrastructure remediation platform, with C# .NET webhook services, ServiceNow Flow Designer internals, PowerShell on the endpoints, and the React/Astro tooling around them. Reverse-engineered undocumented Flow Designer internals to make it safe at scale.

      • ServiceNow
      • BigFix
      • Graph API
      • C# .NET

Stack

Tech stack

Orchestration & Automation

  • ServiceNow
  • Flow Designer
  • Scoped Apps
  • Scripted REST API
  • BigFix
  • BigFix REST API
  • ActionScript
  • BES XML

Cloud & Identity

  • Microsoft Graph API
  • Azure AD / Entra ID
  • OAuth 2.0
  • Active Directory

Monitoring & Observability

  • Zabbix
  • ScienceLogic SL1
  • IBM Tivoli
  • SNMP

Languages

  • JavaScript / Node.js
  • TypeScript
  • PowerShell
  • Python
  • C# .NET 8.0
  • Bash

Infrastructure

  • Windows Server
  • Linux (Debian, RHEL)
  • MID Server
  • Docker

Data & Integration

  • MySQL
  • PostgreSQL
  • REST API design
  • JSON / XML
  • Redis

Tools & Platforms

  • Git / GitHub
  • PM2
  • systemd
  • Express.js
  • Astro

Now

Currently

I'm wrapping up my current projects and preparing to travel.

I'm open to remote consulting engagements in ServiceNow, enterprise automation, and monitoring architecture.

Get in touch