• Establishing and maintaining a comprehensive IT security management system (ISMS) in accordance with applicable standards (e.g., ISO/IEC 27001, NIST).
• Ensuring the information security of all IT systems and platforms, especially to sensitive data to members, sections, and partners.
• Advising the management on all matters relating to information security and emerging technological risks.
• Ensuring compliance with regulatory requirements and standards for IT security.
• Responsibility for IT security-related systems, applications, and services such as vulnerability scanning, penetration tests, firewalls, IDS/IPS, patch management, forensics, EDR/XDR/SOAR, SIEM & SOC, PAM, IAM, etc.
• Establishing an IT security culture within the association at all levels, from full-time staff to volunteer structures
• Developing and implementing the security strategy in line with the DAV's goals and values.
• Formulating and maintaining security guidelines, procedures, and standards.
• Creating emergency plans and conducting regular risk analyses.
• Monitoring IT systems and networks for security incidents.
• Management and control of IT security projects.
• Leadership of incident response teams in the event of security incidents.
• Conducting training courses for full-time and volunteer employees on IT security issues.
• Communicating the importance of security measures at all levels of the association.
• Coordinating with external IT service providers and security consultants.
• Assisting in the drafting of contracts with service providers to security requirements.
• Regular reporting to management on security risks, measures, and developments.
• Preparing audit reports and security assessments.

• Implementation of measures for hardening systems and application according to DISA STIGs, CIS, FBI, CIA, BSI Grundschutz / BSI Grundschutzkompendium, CERTBw, DEUmilSAA, NATO, NIST, and other guidelines
• Conduct a comprehensive assessment of the navigation data distributor, focusing on the Operating Systems and Infrastructure components
• Identify and resolve issues within the network and Linux-based environments through targeted troubleshooting
• Execute upgrades of operating systems and ensure successful deployment of the application software
• Set up and perform validation testing using MT-Windows installation notebooks
• Develop detailed technical documentation outlining system status, procedures, and implemented changes

• Establishment of an analysis of the technical and professional BSI (Federal Office of Information Security) requirements and specification of the military security catalog for ITSecurity
• Implementation of measures for hardening systems and application according to DISA STIGs, CIS, FBI, CIA, BSI Grundschutz / BSI Grundschutzkompendium, CERTBw, DEUmilSAA, NATO, NIST, and others guidelines
• Establishment of an analysis of the network and their network requirements
• Establishment of vulnerability remediation concepts for the network with focus to harden network security components
• Setting up the virtualized cluster server systems (virtualization platform Microsoft Hyper-V) of new networks on Debian Linux
• Configuration of Cisco firewalls using Ansible scripts
• Hardening of Cisco 9xxx Series switches, Genua Genuscreen firewalls according to requirements
• Execution of system tests and documentation
• Elimination of errors according to previously created concepts
• Creation of detailed technical documentation
• Installation and configuration of Microsoft Windows 10/11 endpoints in Bare-Metal and virtual environments (VMware ESXi & VMware Workstation) with secured hardened profiles based on requirements
• Installation and configuration of Red Hat Enterprise Linux server and maintainer terminals with secured profiles according to OpenSCAP and DISA STIGs
• Hardening of Red Hat Enterprise Linux Server and Red Hat Enterprise Linux Workstations based on OpenSCAP and DISA STIGs
• Maintain and configuration of Red Hat Enterprise Linux Satellite Server, Foreman proxy and Ansible playbooks and roles in a GIT controlled environment
• Implementation secured configuration for HP switches
• Configuration of secured profiles for ICS switches, type Belden Hirschmann BOBCAT and MOXA switches
• Hardening of BIOS / UEFI firmware
• Ensuring the operation of an "attack detection system" (SzA / Systeme zur
• Angriffserkennung im Bereich OT und IT-Infrastruktur) in accordance to BSIG
• Providing multiple Information Security Awareness Trainings based of ISO 27001 and IEC
• 62443 for different team members and project members
• Blackbox- & White-box penetration tests (Nessus Pro and Metasploit with own developed scripts and exploits), OWASP TOP 10 checks and vulnerability scans with Nessus Professional/Burp Suite Pro on IT/OT/ICS hardware
• Security validation and verification (SVV3+4) acc. IEC 62443
• Deployment of multiple network devices via Zero Touch Provisioning (ZTP)
• Testing of configuration with Robot-Framework
• Application management for Linux applications and dependencies
• Led complex IT/OT projects in critical infrastructure (KRITIS) with a focus on stringent security and compliance requirements
• Coordinated cross-functional teams and ensured timely, on-budget project delivery
• Managed external providers through KPI-based performance tracking, clear contract expectations, and oversight from planning to final handover

• Organization and implementation of the management review at regular intervals
• Organization and execution of internal, external and certification audits as well as monitoring and continuation of the audit program, moderation and support
• Risk management for KRITIS relevant assets
• Delegation or own execution of activities within the ISMS (after consultation with with management)
• Document management of the ISMS document collection, e.g. updating and control of new documents
• Ensuring the operation of an ADS ("attack detection system") (SzA / Systeme zur Angriffserkennung im Bereich OT und IT-Infrastruktur) in accordance with EnWG and BSIG
• Training of employees regarding information security
• Implementation of measures (annex, findings, technical requirements according to BSI norms, BSI KritisV, IT-SiKat § 11 Absatz 1b EnWG, ISO 27001, ISO 27019, etc.).
• Implementation of regulatory requirements
• Monitoring and consulting of the changing regulatory environment
• Led complex IT/OT projects in critical infrastructure (KRITIS) with a focus on stringent security and compliance requirements
• Coordinated cross-functional teams and ensured timely, on-budget project delivery
• Managed external providers through KPI-based performance tracking, clear contract expectations, and oversight from planning to final handover
• Conducting regular Information Security Management meetings with executive leadership in accordance with ISO/IEC 27001 and ISO/IEC 27019, to ensure strategic oversight and continuous improvement of the organization?s information security posture, in line with KRITIS compliance requirements.

• Professional management and responsibility for Global Cyber Security of a 4 FTE Cyber Security team in Service, Germany

• Lead a virtual team and coordinate project activies i.e. ISO 27001 ISMS / IEC 62443

• Stakeholder management according to compliance requirements and opportunities for improvement

• Preparation for ISO/IEC recertification and ensure compliance with ISO/IEC standards and other Governmental/Legal regulations

• Planning, implementation and further development of OT Cyber Security strategies for Security Incident and Event Management, Monitoring, Patch-/Update- and Vulnerability Management

• Architecture and conception of network zones for implementation acc. IEC 62443 certification

• Perform security assessment on Windows/Linux operating system, and VMware, Citrix and Microsoft Hyper-V environments

• Investigate new and emerging security threats against internal/external Network Infrastructure and interconnected systems

• Coordination, identification and analyses of Cyber Security incidents and development of countermeasures

• Project management with the scope of different Information Security related Cloud- and Onpremise applications and systems

• Implementation of ISO 27001/IEC 62443 policies, guidelines and processes

• Development of processes, methods and tools to detect anomalies

• Implementation and maintaining infrastructure with Cisco Firewalls, HP Aruba, Fortigate Firewalls/Switches, Sonicwall, Checkpoint and FireEye EX/NX/HX

• Optimization of network segments and vWAN segments to/from Microsoft Azure into internal infrastructure areas

• Performing Penetration Tests against IT / OT Infrastructure with the scope of Web application, databases, hardware and mobile devices

• Blackbox- & White-box penetration tests (Nessus Pro and Metasploit with own developed scripts and exploits), OWASP TOP 10 checks and vulnera

• Vulnerability scans with Nessus Professional/Burp Suite Pro on IT/OT/ICS hardware

• Security validation and verification (SVV3+4) acc. IEC 62443

• Led complex IT/OT projects in critical infrastructure (KRITIS) with a focus on stringent security and compliance requirements

• Coordinated cross-functional teams and ensured timely, on-budget project delivery

• Managed external providers through KPI-based performance tracking, clear contract expectations, and oversight from planning to final handover

• Application Management & Security Compliance (Application Operations & Administration / Managing and optimizing business-critical applications in cloud and on-premises environments)

• Planning, implementation and further development of IT security systems and operational mentoring systems (SIEM, SOC monitoring) and improvement of automatic reports

• Standardization of network schemes/designs in the IT and OT wind energy sector

• Lead a virtual team and coordinate project activies i.e. ISO 27001 ISMS / IEC 62443

• Stakeholder management according to compliance requirements and opportunities for improvement

• Preparation for ISO/IEC recertification and ensure compliance with ISO/IEC standards and other Governmental/Legal regulations

• Design, modeling, implementation and documentation of information security management systems (ISMS management, guidelines, processes and procedures) according to ISO 27001, KRITIS and BSI Grundschutz

• Coordination and analysis of incoming security incident reports

• Establishment of a Computer Emergency Response Team and be first contact to IT related security incidents and Penetration tests

• Project management with the scope of different Information Security related Cloud- and On-premise applications and systems

• Implementation and coordination of security recommendations based on non-conformities in the area of LAN/WAN, SCADA, IT & OT Wind turbine systems and encryption

• Design/modeling of IT security networks zones & systems including automated vulnerability analysis/scans

• Management and administration of IT security systems to detect malware/ransomware and anomalies in network and web/mail traffic

• Implementation and maintaining infrastructure with Cisco Firewalls, HP Aruba, Fortigate Firewalls/Switches, Sonicwall, Checkpoint and FireEye EX/NX/HX

• Optimization of network segments and vWAN segments to/from Microsoft Azure into internal infrastructure areas

• Establishment and execution of regular audits in the context of ISO 27001

• Establishment of regular Microsoft Active Directory audits

• Application Management & Security Compliance (Application Operations & Administration / Managing and optimizing business-critical applications in cloud and on-premises environments)

• Led complex IT/OT projects in critical infrastructure (KRITIS) with a focus on stringent security and compliance requirements

• Coordinated cross-functional teams and ensured timely, on-budget project delivery

• Managed external providers through KPI-based performance tracking, clear contract expectations, and oversight from planning to final handover

Achievements:

• Successful company certification according to ISO 27001 in 2019

• Establishment of an extended security concept within the scope of IT security training courses

• Project planning and implementation of penetration tests in the energy sector

• Certification as TÜV Rheinland Information Security Officer (ISO)

• Additional examination KRITIS topic of "Additional test procedure competence for § 8a BSIG" incl. IT-SIG and BSI-KritisV

• Creation of process documentation and documentation standards in IBM DOORS

• Coordination of IT systems and their security requirements with internal and external customer projects

• Administration and management of the VMware ESX server farm

• Configuration of Juniper switches (EX4300/EX4550) and firewalls (SRX1500)

• Installation and optimization of the Windows Active Directory DS infrastructure in customer projects

• Administration and maintenance of existing Linux servers (Ubuntu/CentOS)

• Administration of virtualization and deployment environment with CI/CD tool chains under the scope of Linux and Windows deployment servers in Enterprise environments

• Hardening of Windows and Linux servers and application services

• Implementation, documentation and testing of operating systems, networks, applications on technical equipment in the field of shipping (defense technology)

• Planning and execution of penetration tests in customer projects

• Implementation of vulnerability management, IT/live forensics, security information and event management (SIEM) and firewalling in customer projects

• Creation of developmental product documents, requirements specifications and software documentation

Archievements:

• Project support with adherence to deadline targets

• Establish and improve virtualization & deployment processes including hardening parts and solutions in Military Marine projects

• Execution of automated penetration tests to increase security in projects

• 2nd/3rd Level Support

• Infrastructure project management (project planning, design, implementation)

• Administration and management of Cisco FirePower (IPS SIEM) and IronPort for e-mail security infrastructure (International wide)

• Planning, preparation and implementation for VDA/TÜV and ISO 27001 certification

• Administration and maintenance of Linux servers (RedHat, Ubuntu, Debian, Gentoo)

• Administration and maintenance of the Shopfloor Management System (SFMS)

• IT Security monitoring with Nagios/OMD - Check_MK

• Configuration of Cisco routers, firewalls (ASA & IOS) and switches

• Installation and optimization of the Active Directory environment

• Administration of the VMware ESX server farm (based on HP Blade Center)

• Design/administration and maintenance of the Symantec Backup EXE, Commvault and Veeam backup infrastructure (World Wide)

• Ticket handling through OTRS / RT ticket system

• Installation and administration of the MobileIron Mobile Device Management (MDM) global wide

• Installation/administrate of the patch management environment for Operating systems and applications

• Establish and developments for automated installation based on Windows Deployment System

• Migration of Windows NT to next generation Windows Server 2008 R2 and 2012 R2

• Process documentation and establishing documentation standards

Archievements:

• Implementation of the security concepts, mobile device management system, patch management environment and automation of software and operating systems deployment

• Accelerate further Cisco-based network structures in the LAN/WAN area

• Technical and professional personnel management leading employees up to 10-15 FTEs

• Optimization of IT processes

• Cost optimization, negotiation of contracts and vendor relationships

• Reporting of budgeting in a quarterly review

• Training of civilian, military and military service employees

• Planning and contributing to hospital internal IT strategies and external sites

• Main responsible for IT related material, hardware & software

• Administration and maintenance of Microsoft Windows (NT 4.0 up to 2012 R2) and Linux based operating systems (RedHat, Debian, SuSE)

• Administration and optimization of Microsoft Windows AD domains

• Hardening of Windows and Linux server systems and applications according to BSI, CERTBundeswehr, Best Practices and NIST, as well as other internal guidelines to best practices

• Configuration and maintenance of appliances like Cisco Firewalls (ASA, PIX), routers & switches, Enterasys Networks core switches and Checkpoint firewalls

• Administration and optimization of Lotus Domino Server from version 4 to 8.5.3

• Installation and administration of VMware ESX server farms

• Responsibility to BCM acc. Backup and Recovery ArcServ Backup and IBM TSM

• Configuration/administration and maintenance of the Symantec security environment, Sophos SafeGuard environment (UTM, Endpoint Protection, SafeGuard Easy)

• Wi-Fi design and planning, installation and administration of the Cisco WLC environment to secure hospital networks

• Creation of process documentation and documentation standards

• Customer site visits (planning, troubleshooting and remediation)

Archievements

• Implementation of security concepts to state-of-the-art security configurations and systems

• Implementation of IT-Security training

• Extensive experience on the Internet provider side (routing, switching) with support from external companies

• Planning and implementation of the in-house telephone system to VOIP in cooperation with external service providers

• Implementation of external properties and companies to the VPN network of the Federal Armed Forces Hospital Hamburg

• Establishment of automation solutions for operating systems and applications

• Establishment of an internal patch management system

• Migration of all client systems from Microsoft Windows NT/2000/XP to latest Microsoft Windows 7/10

• Establishment of a time recording system in cooperation with external service providers

• Sales team member 

• Design and programming of websites 

• Installation, configuration of IT supported computer systems 

• Installation and setup of TV based satellite connections 

• Support of the in-house IT

• Team member in the data order input department 

• Entry of customer orders/cancellations into the inventory control system 

• Checking of customer orders based on automated scripts 

• Supporting in-house IT 

Motivation of change

Direct offer from a recruiting firm to prove yourself in a different role and start an apprenticeship in IT.

• Military defense service for 10-month located in Roth/Bavaria and Kropp/Jagel, SchleswigHolstein, German

• Up to 09/1999 Company named Comf@ctory, later renamed to Comsystem GmbH, Neumünster, Schleswig-Holstein, Germany 

• Sale of hardware and software 

• Setup, configuration and administration of heterogeneous networks 

• Modifying/Conversion of consumer goods 

• Installation and modification of electronic components in various devices   

Motivation to change

Federal Republic of Germany drafts me into 10-month military service.