Program: Enterprise Data Security & Varonis Transformation Initiative
Scope: ~1 TB sensitive engineering & defense-related data | Multi-domain AD environment
Architected and led the end-to-end deployment of Varonis Data Security Platform to remediate excessive access rights across ~1 TB of mission-critical engineering and program data.
Performed structured data exposure analysis and entitlement risk mapping, identifying high-risk access paths to export-controlled and ITAR-relevant assets.
Designed and executed a least-privilege transformation program, including:
Permission model redesign
Security group rationalization
Removal of legacy and shadow access structures
Elimination of dormant privileged accounts
Mapped technical remediation measures directly to audit and regulatory controls (ISO 27001 Annex A, NIST AC family, internal aerospace compliance requirements).
Led audit preparation activities, producing defensible evidence packages demonstrating:
Controlled access to sensitive repositories
Segregation of duties enforcement
Privileged access governance
Integrated Varonis UEBA capabilities with SIEM (QRadar) to enhance insider threat detection and abnormal access pattern monitoring.
Established automated reporting dashboards for executive leadership highlighting:
Access risk reduction metrics
Permission hygiene improvements
High-risk user behavior trends
Coordinated cross-functional alignment between IT, engineering, compliance, and security governance teams.
Impact & Results
Reduced excessive permissions footprint across critical repositories.
Increased visibility into sensitive data access patterns in a regulated aerospace environment.
Strengthened audit readiness and materially improved defensibility during compliance reviews.
Transitioned environment from reactive permission management to data-centric security governance model.
Collins Aerospace
Germany + EU + USA, Remote
2 years 11 months
2023-02 - 2025-12
Cybersecurity in the manufacturing industry
Cybersecurity Solution Architect
Cybersecurity Solution Architect
Focused entirely on Manufacturing & Industrial Cybersecurity, bridging the gap between Operational Technology (OT), IT and Cybersecurity departments. Originally deployed in Germany, my role quickly expanded globally to support Autoliv?s cybersecurity strategy across Europe, China, USA and Africa.
Established global OT cybersecurity governance, ensuring ISO 21434, TISAX and ISA/IEC 62443 compliance.
Conducted TISAX assessments across multiple manufacturing plants.
Developed secure OT network architectures, implementing firewall segmentation, IDS/IPS monitoring, and secure access controls.
Deployed security solutions for new production lines, ensuring adherence to cybersecurity policies.
Led supplier security assessments, defining traceability mechanisms for external partners accessing critical systems.
Delivered workshops and training programs for production teams on OT security best practices.
Autoliv
Germany, Europe, USA, China, Africa
1 year 7 months
2021-08 - 2023-02
Security assessment of IT and OT infrastructure
IT & Manufacturing Cybersecurity Solution Architect
IT & Manufacturing Cybersecurity Solution Architect
Conducted a full security assessment of Volkswagen?s IT and OT infrastructure to identify gaps, vulnerabilities, and compliance risks.
Designed and implemented proxy solutions for internet traffic filtering, ensuring compliance with ISO 21434 and UNECE R155/R156.
Created a supplier security framework, working with the legal team to draft cybersecurity contracts.
Established secure remote access and network segmentation for industrial control systems.
Led executive presentations to stakeholders, translating technical security risks into business decisions.
Volkswagen do Brasil
São Carlos, Brazil
1 year 9 months
2019-05 - 2021-01
Development and implementation of an internet filtering system
Network & Manufacturing Solution Architect
Network & Manufacturing Solution Architect
Designed and implemented ZScaler-based internet filtering and access control across multiple ADNOC locations.
Integrated security controls for manufacturing environments, introducing manual update strategies for non-SCCM-compatible machines.
Configured Active Directory policies, PAC files, VPNs, and GRE tunnels for secure network operations.
Developed executive-level cybersecurity reports with risk assessments, compliance insights, and mitigation strategies.
ADNOC
Abu Dhabi, United Arab Emirates
1 year 1 month
2018-02 - 2019-02
Saudi Downtown Smart City
Network Solution Architect
Network Solution Architect
Designed a Zero Trust architecture for Saudi Downtown?s network, ensuring strict access control and NIST-compliant security.
Led a 25-member international team to define and enforce firewall and security policies.
Established service ownership in SNET for multiple government applications.
Deployed Crowdstrike, ZScaler, and Active Directory security controls.
Saudi Arabia (Remote)
Aus- und Weiterbildung
Aus- und Weiterbildung
2012 - 2013 Industrial Cybersecurity ? Florida Tech, Melbourne, USA
Experienced Cybersecurity Architect with deep expertise in IT and OT security, specializing in automotive and manufacturing industries. My work focuses on Zero Trust architectures, network security, and the seamless integration of Operational Technology (OT) into enterprise security frameworks. Throughout my career, I have helped global companies establish security strategies, align with industry standards, and enhance cybersecurity maturity by implementing cutting-edge security solutions.
I have collaborated with leading global organizations, often managing multiple projects simultaneously. My experience spans industries such as automotive, industrial manufacturing, oil and gas, banking, and the public sector, where I played a key role in the design and security of critical infrastructure.
My work is aligned with key security standards and frameworks, including ISO 27001, ISA/IEC 62443, TISAX, UNECE R155/R156, ISO 21434, ASPICE, and NIST, ensuring compliance and resilience in critical environments.
Program: Enterprise Data Security & Varonis Transformation Initiative
Scope: ~1 TB sensitive engineering & defense-related data | Multi-domain AD environment
Architected and led the end-to-end deployment of Varonis Data Security Platform to remediate excessive access rights across ~1 TB of mission-critical engineering and program data.
Performed structured data exposure analysis and entitlement risk mapping, identifying high-risk access paths to export-controlled and ITAR-relevant assets.
Designed and executed a least-privilege transformation program, including:
Permission model redesign
Security group rationalization
Removal of legacy and shadow access structures
Elimination of dormant privileged accounts
Mapped technical remediation measures directly to audit and regulatory controls (ISO 27001 Annex A, NIST AC family, internal aerospace compliance requirements).
Led audit preparation activities, producing defensible evidence packages demonstrating:
Controlled access to sensitive repositories
Segregation of duties enforcement
Privileged access governance
Integrated Varonis UEBA capabilities with SIEM (QRadar) to enhance insider threat detection and abnormal access pattern monitoring.
Established automated reporting dashboards for executive leadership highlighting:
Access risk reduction metrics
Permission hygiene improvements
High-risk user behavior trends
Coordinated cross-functional alignment between IT, engineering, compliance, and security governance teams.
Impact & Results
Reduced excessive permissions footprint across critical repositories.
Increased visibility into sensitive data access patterns in a regulated aerospace environment.
Strengthened audit readiness and materially improved defensibility during compliance reviews.
Transitioned environment from reactive permission management to data-centric security governance model.
Collins Aerospace
Germany + EU + USA, Remote
2 years 11 months
2023-02 - 2025-12
Cybersecurity in the manufacturing industry
Cybersecurity Solution Architect
Cybersecurity Solution Architect
Focused entirely on Manufacturing & Industrial Cybersecurity, bridging the gap between Operational Technology (OT), IT and Cybersecurity departments. Originally deployed in Germany, my role quickly expanded globally to support Autoliv?s cybersecurity strategy across Europe, China, USA and Africa.
Established global OT cybersecurity governance, ensuring ISO 21434, TISAX and ISA/IEC 62443 compliance.
Conducted TISAX assessments across multiple manufacturing plants.
Developed secure OT network architectures, implementing firewall segmentation, IDS/IPS monitoring, and secure access controls.
Deployed security solutions for new production lines, ensuring adherence to cybersecurity policies.
Led supplier security assessments, defining traceability mechanisms for external partners accessing critical systems.
Delivered workshops and training programs for production teams on OT security best practices.
Autoliv
Germany, Europe, USA, China, Africa
1 year 7 months
2021-08 - 2023-02
Security assessment of IT and OT infrastructure
IT & Manufacturing Cybersecurity Solution Architect
IT & Manufacturing Cybersecurity Solution Architect
Conducted a full security assessment of Volkswagen?s IT and OT infrastructure to identify gaps, vulnerabilities, and compliance risks.
Designed and implemented proxy solutions for internet traffic filtering, ensuring compliance with ISO 21434 and UNECE R155/R156.
Created a supplier security framework, working with the legal team to draft cybersecurity contracts.
Established secure remote access and network segmentation for industrial control systems.
Led executive presentations to stakeholders, translating technical security risks into business decisions.
Volkswagen do Brasil
São Carlos, Brazil
1 year 9 months
2019-05 - 2021-01
Development and implementation of an internet filtering system
Network & Manufacturing Solution Architect
Network & Manufacturing Solution Architect
Designed and implemented ZScaler-based internet filtering and access control across multiple ADNOC locations.
Integrated security controls for manufacturing environments, introducing manual update strategies for non-SCCM-compatible machines.
Configured Active Directory policies, PAC files, VPNs, and GRE tunnels for secure network operations.
Developed executive-level cybersecurity reports with risk assessments, compliance insights, and mitigation strategies.
ADNOC
Abu Dhabi, United Arab Emirates
1 year 1 month
2018-02 - 2019-02
Saudi Downtown Smart City
Network Solution Architect
Network Solution Architect
Designed a Zero Trust architecture for Saudi Downtown?s network, ensuring strict access control and NIST-compliant security.
Led a 25-member international team to define and enforce firewall and security policies.
Established service ownership in SNET for multiple government applications.
Deployed Crowdstrike, ZScaler, and Active Directory security controls.
Saudi Arabia (Remote)
Aus- und Weiterbildung
Aus- und Weiterbildung
2012 - 2013 Industrial Cybersecurity ? Florida Tech, Melbourne, USA
Experienced Cybersecurity Architect with deep expertise in IT and OT security, specializing in automotive and manufacturing industries. My work focuses on Zero Trust architectures, network security, and the seamless integration of Operational Technology (OT) into enterprise security frameworks. Throughout my career, I have helped global companies establish security strategies, align with industry standards, and enhance cybersecurity maturity by implementing cutting-edge security solutions.
I have collaborated with leading global organizations, often managing multiple projects simultaneously. My experience spans industries such as automotive, industrial manufacturing, oil and gas, banking, and the public sector, where I played a key role in the design and security of critical infrastructure.
My work is aligned with key security standards and frameworks, including ISO 27001, ISA/IEC 62443, TISAX, UNECE R155/R156, ISO 21434, ASPICE, and NIST, ensuring compliance and resilience in critical environments.