IT-Sec Profi mit Schwerpunkten in Security Assessments, Vulnerability und Risk-Management
Aktualisiert am 08.04.2024
Profil
Freiberufler / Selbstständiger
Remote-Arbeit
Verfügbar ab: 08.04.2024
Verfügbar zu: 100%
davon vor Ort: 100%
Security Konzepte
IT-Sicherheitsarchitektur
Vulnerability-Management
Hardening
Security-Assessments
Risikomanagement
NIST
ISO 27001
IT-Grundschutz
Penetrationstest
CSF 2.0

Einsatzorte

Einsatzorte

Düsseldorf (+50km) Köln (+50km)
Deutschland
möglich

Projekte

Projekte

3 Monate
2024-01 - 2024-03

Risk Management Process Optimization

  • Analysed existing risk management procedures and performed gap analysis
  • Developed improvement proposals to enhance the effectiveness of risk management
  • Ensured alignment with industry best practices and regulatory requirements

9 Monate
2023-07 - 2024-03

Security compliance document analysis

Security compliance document analysis in automated way, document generation using pattern matching techniques

  • Huge complexity and number of documents required for Security Assessments pose challenge for accuracy and completeness
  • Pattern matching and rule-based analysis applied for requirements analysis and data generation
  • Document generation and formatting for final document submission in automated, adoptable way, effort optimization achieved

3 Jahre 11 Monate
2020-05 - 2024-03

Vulnerability Management of IT-Core Systems

  • Analysed reports of Tripwire, Qualys, Symantec CCS, conducted various CVE reviews
  • Assessed the impact and criticality of vulnerabilities and aligned with management for necessary actions
  • Reviewed existing processes and proposed enhancements to strengthen vulnerability management
4 Jahre 6 Monate
2019-10 - 2024-03

Assessment of IT-Core Systems

  • Developed a rapid assessment framework for low-effort analysis and evidence generation
  • Aligned supplier security procedures and developed an impact analysis toolset
  • Ensured comprehensive evaluation of Core systems and identified improvement opportunities

9 Monate
2023-04 - 2023-12

Containerized Architecture Security Assessment

  • Reviewed proposed requirements and thoroughly studied supplier architecture
  • Conducted a comprehensive assessment, summarizing findings for effective team presentations
  • Ensured alignment with security standards and identified areas for improvement
1 Jahr
2022-05 - 2023-04

Endpoint Security for IT-Core Systems

  • Defined project scope and collaborated with suppliers (MDE, Microsoft Defender Endpoint Security) to ensure successful implementation
  • Acquired and Allocated budget, provided reasoning for the project, ensuring optimal resource utilization
  • Led project planning, guided the team, and conducted result reviews, fine-tuning as necessary
  • Delivered impactful management presentations to keep stakeholders informed and engaged
1 Jahr 3 Monate
2022-01 - 2023-03

Identity Management and 2F-Authentication, Management Analysis, and Briefing

  • Analysed global security requirements and proposed a roadmap to introduce CyberArk into the supplier's Core infrastructure
  • Conducted in-depth analysis and delivered informative presentations to key stakeholders
  • Presented results to supplier and triggered improvements
6 Monate
2021-09 - 2022-02

RFQ Analysis for Security

  • Reviewed requirements definition documents for security and discussed relevance
  • Analysed compliancy and reasoning of supplier and related supply chain parties
  • Discussed analysed results with stakeholder and presented conclusions
  • Summarized and ranked options and parties, evaluated winning parties
  • Ensured alignment with overall strategy and corporate vision

8 Monate
2021-05 - 2021-12

General Security Trainings

  • Developed comprehensive training materials covering basic and advanced security concepts
  • Conducted engaging training presentations and assessment activities
  • Focused on vulnerability management and other key security areas

Aus- und Weiterbildung

Aus- und Weiterbildung

Education

  • RWTH-Aachen, Ruhr-University Bochum
  • PhD in Network and Protocol Communications (ComNets, RWTH-Aachen)


Trainings

  • Teachings on Communication Protocols (SDL)at RWTH-Aachen
  • Teachings on CCNA at Technical College FH Lippe-Höxter, Department of Electrical Engineering



Kompetenzen

Kompetenzen

Top-Skills

Security Konzepte IT-Sicherheitsarchitektur Vulnerability-Management Hardening Security-Assessments Risikomanagement NIST ISO 27001 IT-Grundschutz Penetrationstest CSF 2.0

Produkte / Standards / Erfahrungen / Methoden

Executive Summary

  • I am a highly skilled and experienced professional who specializes in various aspects of security assessments, including containerized architecture, endpoint security, vulnerability management, identity management, risk management, and general security trainings. 
  • With a proven track record, I have successfully led and managed diverse security projects, optimized processes, and implemented proactive security measures. 
  • My expertise extends to core systems, software development, and large-scale systems modelling. I am committed to delivering exceptional results by providing effective team guidance, meticulous project planning, and impactful management presentations.


Other Professional Projects

  • Review and Optimization of SBC Key Management Procedures
  • Analysed vendor proposals and benchmarked them against the current status
  • Conducted extensive research and optimized process steps
  • Introduced standardized documentation templates for efficient key management


Introducing Proactive Security Measures as IDS/WAF

  • Led the project for the deployment of operational procedures for IDS/WAF, self-learning FW stresses processes established
  • Managed security incident management processes and optimized workflow tools, implement iterative learning procedures
  • Conducted trainings and workflow optimizations for enhanced security measures


Web Architecture Optimisation using Event-bus Kafka

  • Architecture Analysis, Weaknesses and Strengths, particular reasons for data corruption
  • Proposed Event-bus based on publish / subscribe pattern for implementing micro-services
  • Developed trainings for evolved architecture options


GIS-Framework Optimization for System and Network Simulation

  • Optimized frameworks to enhance system efficiency and productivity
  • Implemented best practices and streamlined processes for better outcomes


Large-Scale Systems Modelling with Matlab/Simulink

  • Modelled and optimized complex systems as mobile radio networks using Matlab/Simulink
  • Achieved efficient system performance and improved overall functionality


General Software Development

  • Utilized C++, Python, R, and Linux-like systems for the development of various software applications
  • Ensured seamless integration and optimal performance


Security Toolings and Forensic Analytics

  • Utilized Nmap, Metasploit, Burp, Openscap, Bastill, Lynis for validation and evidence provisioning
  • Filtered and analysed and false positives, graded issues and risks, organized defect sessions and triggered improvements


Einsatzorte

Einsatzorte

Düsseldorf (+50km) Köln (+50km)
Deutschland
möglich

Projekte

Projekte

3 Monate
2024-01 - 2024-03

Risk Management Process Optimization

  • Analysed existing risk management procedures and performed gap analysis
  • Developed improvement proposals to enhance the effectiveness of risk management
  • Ensured alignment with industry best practices and regulatory requirements

9 Monate
2023-07 - 2024-03

Security compliance document analysis

Security compliance document analysis in automated way, document generation using pattern matching techniques

  • Huge complexity and number of documents required for Security Assessments pose challenge for accuracy and completeness
  • Pattern matching and rule-based analysis applied for requirements analysis and data generation
  • Document generation and formatting for final document submission in automated, adoptable way, effort optimization achieved

3 Jahre 11 Monate
2020-05 - 2024-03

Vulnerability Management of IT-Core Systems

  • Analysed reports of Tripwire, Qualys, Symantec CCS, conducted various CVE reviews
  • Assessed the impact and criticality of vulnerabilities and aligned with management for necessary actions
  • Reviewed existing processes and proposed enhancements to strengthen vulnerability management
4 Jahre 6 Monate
2019-10 - 2024-03

Assessment of IT-Core Systems

  • Developed a rapid assessment framework for low-effort analysis and evidence generation
  • Aligned supplier security procedures and developed an impact analysis toolset
  • Ensured comprehensive evaluation of Core systems and identified improvement opportunities

9 Monate
2023-04 - 2023-12

Containerized Architecture Security Assessment

  • Reviewed proposed requirements and thoroughly studied supplier architecture
  • Conducted a comprehensive assessment, summarizing findings for effective team presentations
  • Ensured alignment with security standards and identified areas for improvement
1 Jahr
2022-05 - 2023-04

Endpoint Security for IT-Core Systems

  • Defined project scope and collaborated with suppliers (MDE, Microsoft Defender Endpoint Security) to ensure successful implementation
  • Acquired and Allocated budget, provided reasoning for the project, ensuring optimal resource utilization
  • Led project planning, guided the team, and conducted result reviews, fine-tuning as necessary
  • Delivered impactful management presentations to keep stakeholders informed and engaged
1 Jahr 3 Monate
2022-01 - 2023-03

Identity Management and 2F-Authentication, Management Analysis, and Briefing

  • Analysed global security requirements and proposed a roadmap to introduce CyberArk into the supplier's Core infrastructure
  • Conducted in-depth analysis and delivered informative presentations to key stakeholders
  • Presented results to supplier and triggered improvements
6 Monate
2021-09 - 2022-02

RFQ Analysis for Security

  • Reviewed requirements definition documents for security and discussed relevance
  • Analysed compliancy and reasoning of supplier and related supply chain parties
  • Discussed analysed results with stakeholder and presented conclusions
  • Summarized and ranked options and parties, evaluated winning parties
  • Ensured alignment with overall strategy and corporate vision

8 Monate
2021-05 - 2021-12

General Security Trainings

  • Developed comprehensive training materials covering basic and advanced security concepts
  • Conducted engaging training presentations and assessment activities
  • Focused on vulnerability management and other key security areas

Aus- und Weiterbildung

Aus- und Weiterbildung

Education

  • RWTH-Aachen, Ruhr-University Bochum
  • PhD in Network and Protocol Communications (ComNets, RWTH-Aachen)


Trainings

  • Teachings on Communication Protocols (SDL)at RWTH-Aachen
  • Teachings on CCNA at Technical College FH Lippe-Höxter, Department of Electrical Engineering



Kompetenzen

Kompetenzen

Top-Skills

Security Konzepte IT-Sicherheitsarchitektur Vulnerability-Management Hardening Security-Assessments Risikomanagement NIST ISO 27001 IT-Grundschutz Penetrationstest CSF 2.0

Produkte / Standards / Erfahrungen / Methoden

Executive Summary

  • I am a highly skilled and experienced professional who specializes in various aspects of security assessments, including containerized architecture, endpoint security, vulnerability management, identity management, risk management, and general security trainings. 
  • With a proven track record, I have successfully led and managed diverse security projects, optimized processes, and implemented proactive security measures. 
  • My expertise extends to core systems, software development, and large-scale systems modelling. I am committed to delivering exceptional results by providing effective team guidance, meticulous project planning, and impactful management presentations.


Other Professional Projects

  • Review and Optimization of SBC Key Management Procedures
  • Analysed vendor proposals and benchmarked them against the current status
  • Conducted extensive research and optimized process steps
  • Introduced standardized documentation templates for efficient key management


Introducing Proactive Security Measures as IDS/WAF

  • Led the project for the deployment of operational procedures for IDS/WAF, self-learning FW stresses processes established
  • Managed security incident management processes and optimized workflow tools, implement iterative learning procedures
  • Conducted trainings and workflow optimizations for enhanced security measures


Web Architecture Optimisation using Event-bus Kafka

  • Architecture Analysis, Weaknesses and Strengths, particular reasons for data corruption
  • Proposed Event-bus based on publish / subscribe pattern for implementing micro-services
  • Developed trainings for evolved architecture options


GIS-Framework Optimization for System and Network Simulation

  • Optimized frameworks to enhance system efficiency and productivity
  • Implemented best practices and streamlined processes for better outcomes


Large-Scale Systems Modelling with Matlab/Simulink

  • Modelled and optimized complex systems as mobile radio networks using Matlab/Simulink
  • Achieved efficient system performance and improved overall functionality


General Software Development

  • Utilized C++, Python, R, and Linux-like systems for the development of various software applications
  • Ensured seamless integration and optimal performance


Security Toolings and Forensic Analytics

  • Utilized Nmap, Metasploit, Burp, Openscap, Bastill, Lynis for validation and evidence provisioning
  • Filtered and analysed and false positives, graded issues and risks, organized defect sessions and triggered improvements


Vertrauen Sie auf Randstad

Im Bereich Freelancing
Im Bereich Arbeitnehmerüberlassung / Personalvermittlung

Fragen?

Rufen Sie uns an +49 89 500316-300 oder schreiben Sie uns:

Das Freelancer-Portal

Direktester geht's nicht! Ganz einfach Freelancer finden und direkt Kontakt aufnehmen.