PERSONAL SUMMARY
- A highly skilled senior cybersecurity architect with extensive experience in designing, developing, and deploying complex and secure global architectures and infrastructures. Proven ability to lead and support project teams in delivering top-quality solutions in challenging and dynamic agile environments.
- Always eager to embrace new challenges that leverage my expertise while fostering both personal and professional growth
AREAS OF EXPERTISE
Zero Trust Architecture:
- Expert in designing and implementing Zero Trust frameworks, ensuring robust security measures and minimizing attack surfaces.
Identity and Access Management:
- Proficient in managing hybrid identities, enterprise application integration, and advanced authentication methods.
Cloud Architecture:
- Skilled in architecting and deploying secure cloud solutions on Azure and AWS platforms.
Office365 Design & Administration:
- Experienced in designing and administering Office365 environments, enhancing productivity and collaboration.
Authentication & Authorization:
- Specialized in implementing secure authentication and authorization mechanisms, including SAML, OAuth, and OIDC.
Federation Services:
- Adept at configuring and managing federation services to enable seamless single sign-on experiences.
Certification Authorities-PKI:
- Knowledgeable in managing public key infrastructure and certification authorities to ensure secure communications.
Infrastructure Services Knowledge:
- Comprehensive understanding of infrastructure services, including DHCP, DNS, and Active Directory.
Project Management:
- Proven ability to lead and manage complex projects, delivering highquality solutions in dynamic environments.
Intune Management:
- Experienced in managing and securing devices using Microsoft Endpoint Manager (Intune).
ITIL:
- Certified in ITIL, ensuring best practices in IT service management.
Azure Active Directory:
- Proficient in managing Azure Active Directory, including conditional access authentication methods, application integration and identity protection.
Security Tiering Knowledge:
- Expertise in implementing security tiering strategies to enhance organizational security posture.
PERSONAL SKILLS
Strategic Thinking:
- Ability to develop and implement longterm strategies that align with organizational goals.
Leadership:
- Proven leadership skills, including the ability to inspire and motivate teams.
Problem-Solving:
- Strong problem-solving skills, with a focus on finding innovative solutions.
Communication:
- Excellent communication skills, both written and verbal, enabling effective interaction with stakeholders at all levels.
Project Management:
- Expertise in managing complex projects, ensuring timely delivery and high-quality outcomes.
Technical Proficiency:
- In-depth knowledge of various technologies and tools relevant to your field.
Continuous Learning:
- Commitment to continuous learning and professional development.
TECHNOLOGIES USED
- Microsoft Entra ID
- Azure AD Conditional Access
- Azure AD Identity Protection
- Azure AD Enterprise Applications
- Azure Privileged Identity Management
- Entitlement management
- Azure AD Connect
- Azure AD Application Proxy
- Active Directory
- Active Directory Federation Service
- Microsoft Certification Authority-PKI
- Office365
- Azure Cloud
- AWS Cloud
KEY SKILLS AND COMPETENCIES
- Judgment in Complex Problem-Solving: Demonstrated ability to evaluate complex problems and choose the most effective solutions.
- Proactive Initiative and Innovation: Skilled at identifying opportunities and proactively proposing innovative ideas and solutions.
- Adaptability: Successfully adapt to changing situations and environments, ensuring seamless transitions and continued productivity.
- Confident Team Collaboration: Work confidently within groups, fostering collaboration and achieving collective goals.
- Commercial Acumen: Understand the commercial realities affecting the organization and align strategies accordingly.
- Results-Driven: Determined to get things done, constantly seeking better ways to achieve results and make things happen.
- Cloud Infrastructure Expertise: Possess strong knowledge and expertise in cloud infrastructure, including Azure and AWS.
WORK EXPERIENCE
01/2023 ? today:
Role: Director Information Security
Customer: adidas AG
Tasks:
Role
- As the technical authority, i led the Zero Trust program at adidas, driving the implementation of robust security measures and ensuring the highest standards of protection across the organization.
- As the global architect for all IAM platforms and processes, I am responsible for shaping the IAM strategy and defining all related solutions to ensure robust and secure identity management across the organization.
- Provided expert guidance and mentorship to IAM Team.
Key Responsibilities
- Collaborated with Enterprise Architecture, Networking, Data Security, Application Security, Identity, and Digital Workplace teams to define and drive the implementation of Zero Trust architecture across all these domains, ensuring comprehensive security integration and alignment.
- Defined the long-term IAM strategy and North Star vision and collaborated with the entire team to create a comprehensive roadmap that supports and drives the successful implementation of this strategy.
- Delivered expert guidance and mentorship to all IAM Subject Matter Experts (SMEs), fostering a culture of excellence and continuous improvement.
Bigger Projects
- Zero-Trust Program.
- Led the adoption of Zero Trust by designing and implementing a comprehensive Zero Trust Architecture (ZTA) framework.
- Drove the progression from traditional Zero Trust maturity to Advanced levels, achieving even Optimal maturity in key areas such as Identity and Device security.
- Provided expert guidance and mentorship to program stakeholders on Zero Trust best practices and emerging trends.
- IGA Evolution Strategy.
- Evaluated the existing Identity Governance and Administration (IGA) tools and processes, considering factors such as costs and capabilities and strategic alignment, and successfully planned the transition to a more effective IGA toolset.
- External Collaboration Strategy
- Developed a comprehensive external collaboration strategy for adidas, ensuring secure interactions with external partners by strictly adhering to Zero Trust principles.
04/2018 ? 12/2022:
Role: Senior Manger Information Security
Customer: adidas AG
Tasks:
Role
- Global architect for all Identity and Access Management Platforms: Hybrid identities (cloud and on-premise Identities), Enterprise Application Integration, Authentication Methods, Conditional Access.
- The business solution architect for any direct business request.
- Defines standards, roadmaps, strategies, missions and visions for the Identity and Access Management on premise as well as in the cloud with a big focus on security.
Key Responsibilities
- Work closely with security architecture in defining the future architecture for the IAM services.
- Work together with the Infrastructure Management and Teams to deliver solutions of highest quality for different Projects.
- Work close with the security team to raise the compliance ratio of the relevant platforms on one side and raise the user satisfaction on the other side.
Bigger Projects
- Migrate federated applications from ADFS to Azure ad for over 600 Applications.
- Migrate authentication to PHS from federated authentication.
- MFA, SSPR, FIDO2, Windows Hello for Business (WHfB) deployment.
- Secure application access with Azure AD Conditional Access.
- IAM Architect for the Zero Trust project.
- Define and document supported authentication flows OAuth2, OIDC and SAML
12/2014 ? 04/2018:
Role: Engineer Directory and Windows services
Customer: adidas AG
Tasks:
Role
- Global engineer for all Identity and Access Management Services: Hybrid identities (Microsoft cloud/azure Active Directory and onpremises Active Directory), DHCP, DNS, Active Directory Federation Service, Group Policies, Private Key Infrastructure)
- Globally responsible for the above services.
- The overall IT Champion for all these services.
Key Responsibilities
- Ensure all Identity and Authentication Services and windows network services are stable, reliable and innovative in all sites of the adidas Group.
- Defines standards (software, hardware, support and administration) for the above services globally.
- Responsible that the Identity and Windows network Service Level objectives are achieved.
- Administration of all the above services.
Bigger Projects
- Support the O365 global rollout with securing access to it from managed devices only with Azure AD Conditional Access.
- Migrate ADFS 2.0 to ADFS3.0 ? refresh hundreds of SSO setups.
- Migrate application publishing from Microsoft Treat Management Gateway (TMG) to Big-IP F5 APM.
- Implemented Azure AD Password Protection
08/2011 ? 11/2014:
Role: It Consultant - Directory Services @adidas
Customer: HWS Informationssysteme GmbH
Tasks:
Duties:
- Configuration/Administration of the existing Active Directory Forests
- Deploy new AD Forests for different company needs.
- Integrate Applications with Active Directory
- Enable Single Sign On for different Applications
- Configuring new AD Federated trust relationships with external SaaS Partners
- Publish internal Web-applications through TMG to assure that internal applications are accessible form outside and comply with the security prerequisites by enforcing pre-authentication at the DMZ level.
- Apply patches in accordance with company procedures
- Create group policies for servers and client computers.
- Provide support to other teams and regions in an FTS support model
Bigger Projects
- Prepare all Domain controllers in the forest for raising the forest functional level to 2012
11/2008 ? 08/2011:
Role: Senior System Administrator
Customer: LEONI AG
Tasks:
Duties:
- Responsible for networking, design, installation and maintenance services
- Maintaining the company?s network infrastructure.
- Providing support for windows servers and windows clients.
- Management of the daily data backup.
- Coaching new employees.