• Investigation lead of DFIR projects (e.g. ransomware, data theft, social engineering, malicious insider threat, intellectual property theft) and IT-Security projects (e.g., Incident and Forensic Readiness) 
• Assessing IT-security risks and improving processes and procedures 
• C-level advisor for cyber defense strategies 
• Conference speaker related to cyber security topics 
• Mentoring team members and supporting their careers 
• Developing and conducting incident response readiness workshops 

Achievements:

• Gaining more visibility (e.g., detections, alerts) within the IT-infrastructure of banks, insurance and manufacturing companies by adjusting monitoring tools and IT-security procedures
• Optimized project margins from 45% up to 65% by implementing self-made project managing template for budget tracking 

• Detection Engineering for several endpoint solutions to improve alerting mechanisms in SIEM/SOC tools
• Conducting IR activities within cloud environments Azure, GCP and AWS 

Achievements:

Development of service portfolio for detecting malicious activity related to cyber espionage by implementing use case rules within SIEM software 

• Investigation work stream lead of several DFIR projects (e.g. ransomware, data theft, social engineering, malicious insider threat, intellectual property theft) 
• Conduction of threat hunting and IR activities using several software tools Palo Alto XDR, Cybereason, Tanium, Carbon Black, Windows Defender for Endpoint/Identity 
• Conducting IR activities within cloud environments Azure, GCP and AWS 
• Digital forensic data acquisition and data analysis of computer systems (Windows, Linux and macOS) and mobile devices (iOS, Android) 
• Digital forensic data acquisition and data analysis of log files from different sources (e.g., firewall, proxy, antivirus, NetFlow, DNS, DHCP) 
• Documentation of investigation findings and preparation of forensic reports (aligning them to standards MITRE and NIST) 
• Monitoring of the project progress, e.g. project financials, client update meetings 
• Developing and conducting workshops related to cyber security topics (cyber readiness, social engineering, etc.) 
• Supporting the clients with remediation and recovery measures after cyber security incidents 
• Mentoring junior team members in DFIR technologies and career coaching 

Achievements:

Developed and implemented forensic analysis tools in Python for optimizing analysis duration. The duration of analysis process was reduced by half. 

• Digital forensic data acquisition and data analysis of computer systems (Windows, Linux and macOS) 
• Digital forensic data acquisition and data analysis of log files from different sources (e.g., firewall, proxy, antivirus, NetFlow) 
• Documentation of investigation findings and preparation of forensic reports 
• Review of incident management processes and development of improvement measures 

• Development and implementation of correlation searches and use cases within the SOC architecture 
• Development of SOAR and EDR playbooks 
• Monitoring and responding to security alerts