The focus of my profile is cybersecurity engineering and governance for IT, OT, Automotive. ISO27001, IEC62443, Nis2, ISO21434 and cloud securtiy
Aktualisiert am 19.05.2026
Profil
Freiberufler / Selbstständiger
Remote-Arbeit
Verfügbar ab: 19.05.2026
Verfügbar zu: 100%
davon vor Ort: 100%
IT-Security
Cloud Security
IEC62443
IT-Grundschutz
PKI
Verschlüsselung
HSM
Digital Operational Resilience Act
Security Konzepte
Cyberark
ISO 27001
Automotive Sicherheitsysteme
SIEM
Secure Embedded Operating Systems
Secure coding
English
Fluent
German
Fluent
Persian
Muttersprache

Einsatzorte

Einsatzorte

Deutschland, Schweiz, Österreich
möglich

Projekte

Projekte

11 months
2025-07 - now

shaping cybersecurity policy, stan- dards, and resilience strategies

  • Appointed as a member of the (on request) in shaping cybersecurity policy, stan- dards, and resilience strategies across the EU.
  • Contribute insights on EU AI ACT security, cloud risk governance, and cyber threat resilience, with a focus on aligning ENISA's work with frameworks such as NIS2, DORA, EU AI Act and CRA.
  • Collaborate with multidisciplinary experts and national authorities to assess regulatory gaps, emerging threats, and best practices in operational security.
  • Participate in working groups and consultations to review strategic documents and provide guidance on the secure deployment of emerging technologies, including LLMs and AI-based infrastructure.
Remote - Part-time
3 years 7 months
2022-11 - now

Cybersecurity consulting

CO-FOUNDER & (FREELANCING AND CONSULTING)
CO-FOUNDER & (FREELANCING AND CONSULTING)
  • Cybersecurity consulting across IT, Medical, automotive and ICT sectors, delivering architecture, com- pliance, and hands-on security solutions.
on request
Frankfurt, Germany
9 months
2025-08 - 2026-04

Creating and designing security Architecture

CyberSecurity Expert &Vulnerability Manager
CyberSecurity Expert &Vulnerability Manager
  • Creating and designing security Architecture for enabling AI solution based on AWS Bedrock so- lution and performing threat modelling and defining Guard Rails, DLPs, and Monitoring mech- nisms to scurely onboard LLM solutions.
  • Performing Report analysis and creating test cases process for verification and validation of Pentesting results
  • Evaluating and validating tools and suggestion for the open-source tools to perform Penetration testing according to the defined scope
  • Create Policies, Procedures and Work instructions for vulnerability Management.
  • Performed deep analysis on identified vulnerabilities and discuss it with product team and cre- ate action plans to mitigate the risk.
Fresenius
1 year
2024-09 - 2025-08

Writing policies and procedures for incident management

External IT cybersecurity consultant
External IT cybersecurity consultant
  • Writing policies and procedures for incident management, business continuity management, cryptography, backup recovery plan, and risk management according to the requirements of ISO27001 and TISAX.
  • Creating a security Enterprise Architecture for Github Copilot and performing a threat model to enable it on Microsoft Azure.
  • Performed threat modeling on Microsoft Active Directory and Microsoft Office Oboarding, and identifying the gaps and create action plans based on the findings.
  • creating security policies and procedures to align with EU AI ACT
  • Build up PKI infrastructure for the network segmentation and field laptop access.
  • integrate and using OWASP ZAP for identifying and caning domains and ports
  • created and implemented a complete risk management procedure from risk identification to risk management (Stride methodology for risk identification).
  • Security Architecture design for Integration of Microsoft Defender EDR/XDR solution into the company IT infrastructure and end point.
  • Security Architecture design for Integration of EDR/XDR solutions.
  • Evaluated and integrated SIEM-based solution to identify cybersecurity incidents according to the incident management procdedure.
  • Developed remediation plans post internal audit findings
  • defined Palo Alto XDR detection rules based on the risks identified in the organization's risk reg- ister, ensuring alignment between documented threats and automated response mechanisms.
  • Designed AWS security architecture with IAM role separation, CloudTrail logging, and Config monitoring.
  • Designed an Implemented Vulnerability management and 3rd party risk management structure within the company.
  • Integration of SBOM Generation for internal tool development and Vulnerability management for the internally developed software.
  • onboarding WIZ tooling on AWS system and create process around it for alreting and required action plans.
  • Provided training and workshops to process owners on ISO 27001 Annex A controls.
Drees & Sommer
11 months
2023-11 - 2024-09

Conducted threat analysis and risk assessment

External OT & Automotive cybersecurity Consultant
External OT & Automotive cybersecurity Consultant
  • Conducted threat analysis and risk assessment (TARA) for infotainment and telematics ECUs using STRIDE methodology.
  • Designed secure diagnostics mechanism and key management in the system-on-chip (SOC) of Qualcomm and Samsung.
  • converted EN 18031 requirements into actionable security measures (network protection, data privacy) and ensured their implementation in the infotainment system.
  • Assisted the Infotainment team in preparing VDE-compliant technical documentation, including the system description, interface inventory, and SBOM-based vulnerability-monitoring evidence
  • Create security concept for Secure boot and implementation of Secure boot in MPSOC.
  • Enabling secure bootloader mechanism for the FPGA of MPSOC.
  • Programming FPGA by VHDL and enabling secure diagnostic on FPGA.
  • Created cybersecurity Concept aligned with ISO 21434.
  • Conducted threat surface analysis for automotive OTA updates
  • Performed Cybersecurity threat and risk assessment(TRA) according to IEC 62443-3-2 standard 
  • Integrated tools for generating SBOM and performed Vulnerability analysis and Risk Assess- ment (VARA) based on the SBOM by using CVE Database.
Harman
1 year
2022-11 - 2023-10

Architected AWS-native security solutions

External Cloud Cybersecurity Consultant
External Cloud Cybersecurity Consultant
  • Architected AWS-native security solutions including least-privilege IAM, GuardDuty integration, CloudTrail alerts, and S3 bucket protection.
  • Developed DORA control implementation roadmaps and aligned BCP/DRP with regulatory needs.
  • Conducted threat modeling for financial SaaS SIEM products (Datadog, Dynatrace, Splunk).
  • Onboarding and integrating WIZ into the first line of defense and create and define policies for enforcing and create the ecosystem around it.
  • Led vendor reviews and third-party security assessments and supported the PQC pilot evalua- tion.
  • Designed SBOM gathering procedure to address DORA requirements.
  • Create a risk registry aligned with DORA's ICT risk management framework (Article 5-16), ensur- ing structured tracking, assessment, and mitigation of ICT-related risks across LoB's applications and processes.
  • Perform internal audits and pre-assessments to ensure the required security measures have been met.
  • Integration of SIEM and SOAR solutions for LoB applications for monitoring of Cybersecurty incidents
  • Design security architecture for the integration of logging and metrics into LoB applications, using solutions such as Dynatrace, Grafana, Datadog, Splunk, Cloudwatch and ThousandEyes.
  • Designed and developed a key management system based on AWS KMS.
  • Re-designed the cybersecurity architecture for one of the LoB applications, reducing costs by 30% annually.
  • Integrated IAM policies with RBAC roles to ensure a least privilege access mechanism for devel- opers and users in both development and production environments.
Confidential Financial Institution
3 years 11 months
2019-01 - 2022-11

Leading the cyber security project team to develop security concept

CYBERSECURITY ENGINEER
CYBERSECURITY ENGINEER
  • Leading the cyber security project team to develop security concept for Aston Martin OEM 
  • Conducting customer discussions during quotation phase and development process 
  • Requirement creation and integration for Telemetry Control Unit according to EN18031.
  • Secure Boot concept design and Implementation for Radar and Camera systems for Mercedes and Uber based on authenticated boot and secure boot and using trusted anchor and HSE.
  • PKI architecture design to build a hierarchial diagnostic methodology for authentication and authorization of products.
  • Secure Boot enablement on FPGA system and programing the FPGA to enable Dynamic partial reconfiguration to verify the new received architecture for FPGA.
  • Supporting HW/SW teams to develop the products based on ISO/SAE 21434 standard (Draft Version)
  • Performing/evaluating threat analysis and risk assessment for advanced driving assistant sys- tems (ADAS)
  • Proposing appropriate Cyber security defense strategies against possible attacks
  • developing cyber security test strategies
  • Official auditor for cybersecurity work packages based on ISO21434
  • Design cyber security concept for the product
  • Design cyber security concept for production line
  • Supporting production team to integrate security concept in production line & OT systems (ICS&SCADA system)
  • Assisting production team to pass TISAX certification audit
  • Conducting Production team in Sibiu to receive IEC62443 certification
  • Conducted threat analysis and remediation planning as external consultant for FDA-regulated medical devices (medical sector).
CONTINENTAL ENGINEERING SERVICES
Frankfurt, Germany
1 year 1 month
2018-01 - 2019-01

Performed TARA on embedded firmware and real-time interface layers

HARDWARE SECURITY ENGINEER
HARDWARE SECURITY ENGINEER
  • Integrated cryptographic primitives into IoT edge sensors and evaluated threat vectors for in- dustrial protocols.
  • Performed TARA on embedded firmware and real-time interface layers.
  • Contributed to IEC 62443 control gap closure for operational firmware.
WIKA
Klingenberg am Main, Germany
4 years 4 months
2014-09 - 2018-12

Designed authentication protocols

HARDWARE ENGINEER
HARDWARE ENGINEER
  • Designed authentication protocols for FPGAs; implemented key derivation and challenge-response logic. 
  • Built hardware prototypes and executed functional and security testing under physical stress. 
  • Led MCU programming for secure embedded workflows.
CRYPTOLOCK GMBH
Aachen, Germany

Aus- und Weiterbildung

Aus- und Weiterbildung

2017 ? 2025

DUISBURG-ESSEN UNIVERSITY

EXTERNAL PHD. IN CYBERSECURITY


2010 ? 2014

RWTH AACHEN

M.SC. INCOMMUNICATIONS ENGINEERING


2004 ? 2009

QIAU

B.SC. IN ELECTRONICS ENGINEERING


CERTIFICATES

  • AWS Solution Architect
  • TISAX Implementor
  • NIS2 Implementor
  • IEC 62443 Expert

Kompetenzen

Kompetenzen

Top-Skills

IT-Security Cloud Security IEC62443 IT-Grundschutz PKI Verschlüsselung HSM Digital Operational Resilience Act Security Konzepte Cyberark ISO 27001 Automotive Sicherheitsysteme SIEM Secure Embedded Operating Systems Secure coding

Produkte / Standards / Erfahrungen / Methoden

SUMMARY

He is a hands-on cybersecurity architect, researcher and consultant with deep expertise in IT, OT and secure cloud architecture, and cyber risk compliance. He has led ISO 27001, FDA, ISO 21434, IEC 62443, TISAX, EN18031 and NIS2 implementations across automotive, finance, OT, and medical sectors. His combines system-level thinking with practical engineering skills to deliver security solutions, secure embedded systems, and scalable DevSecOps pipelines.


SKILLS

STANDARDS

ISO 27001 | ISO 21434 | IEC 62443 | TISAX | NIST | UNR155


REGULATIONS

GDPR | FDA | CRA | NIS2 | DORA | PCIDSS


TECHNOLOGIES

AWS | Azure | Terraform | PowerBI | TensorFlow | Medini | Ray | OPCUA | WIZ | IoT


Tools:

Kali Linux, Microsoft Office, Git, Docker, Nitro PDF


Soft Skills:

Strategic mindset, team leadership, client-oriented communication

Programmiersprachen

Python
VHDL
MATLAB
EmbeddedC/C++
SPS

Hardware

FPGA (Xilinx)
Microcontrollers
Beckhoff
CAN, ModBus, Ethernet
SCADA

Einsatzorte

Einsatzorte

Deutschland, Schweiz, Österreich
möglich

Projekte

Projekte

11 months
2025-07 - now

shaping cybersecurity policy, stan- dards, and resilience strategies

  • Appointed as a member of the (on request) in shaping cybersecurity policy, stan- dards, and resilience strategies across the EU.
  • Contribute insights on EU AI ACT security, cloud risk governance, and cyber threat resilience, with a focus on aligning ENISA's work with frameworks such as NIS2, DORA, EU AI Act and CRA.
  • Collaborate with multidisciplinary experts and national authorities to assess regulatory gaps, emerging threats, and best practices in operational security.
  • Participate in working groups and consultations to review strategic documents and provide guidance on the secure deployment of emerging technologies, including LLMs and AI-based infrastructure.
Remote - Part-time
3 years 7 months
2022-11 - now

Cybersecurity consulting

CO-FOUNDER & (FREELANCING AND CONSULTING)
CO-FOUNDER & (FREELANCING AND CONSULTING)
  • Cybersecurity consulting across IT, Medical, automotive and ICT sectors, delivering architecture, com- pliance, and hands-on security solutions.
on request
Frankfurt, Germany
9 months
2025-08 - 2026-04

Creating and designing security Architecture

CyberSecurity Expert &Vulnerability Manager
CyberSecurity Expert &Vulnerability Manager
  • Creating and designing security Architecture for enabling AI solution based on AWS Bedrock so- lution and performing threat modelling and defining Guard Rails, DLPs, and Monitoring mech- nisms to scurely onboard LLM solutions.
  • Performing Report analysis and creating test cases process for verification and validation of Pentesting results
  • Evaluating and validating tools and suggestion for the open-source tools to perform Penetration testing according to the defined scope
  • Create Policies, Procedures and Work instructions for vulnerability Management.
  • Performed deep analysis on identified vulnerabilities and discuss it with product team and cre- ate action plans to mitigate the risk.
Fresenius
1 year
2024-09 - 2025-08

Writing policies and procedures for incident management

External IT cybersecurity consultant
External IT cybersecurity consultant
  • Writing policies and procedures for incident management, business continuity management, cryptography, backup recovery plan, and risk management according to the requirements of ISO27001 and TISAX.
  • Creating a security Enterprise Architecture for Github Copilot and performing a threat model to enable it on Microsoft Azure.
  • Performed threat modeling on Microsoft Active Directory and Microsoft Office Oboarding, and identifying the gaps and create action plans based on the findings.
  • creating security policies and procedures to align with EU AI ACT
  • Build up PKI infrastructure for the network segmentation and field laptop access.
  • integrate and using OWASP ZAP for identifying and caning domains and ports
  • created and implemented a complete risk management procedure from risk identification to risk management (Stride methodology for risk identification).
  • Security Architecture design for Integration of Microsoft Defender EDR/XDR solution into the company IT infrastructure and end point.
  • Security Architecture design for Integration of EDR/XDR solutions.
  • Evaluated and integrated SIEM-based solution to identify cybersecurity incidents according to the incident management procdedure.
  • Developed remediation plans post internal audit findings
  • defined Palo Alto XDR detection rules based on the risks identified in the organization's risk reg- ister, ensuring alignment between documented threats and automated response mechanisms.
  • Designed AWS security architecture with IAM role separation, CloudTrail logging, and Config monitoring.
  • Designed an Implemented Vulnerability management and 3rd party risk management structure within the company.
  • Integration of SBOM Generation for internal tool development and Vulnerability management for the internally developed software.
  • onboarding WIZ tooling on AWS system and create process around it for alreting and required action plans.
  • Provided training and workshops to process owners on ISO 27001 Annex A controls.
Drees & Sommer
11 months
2023-11 - 2024-09

Conducted threat analysis and risk assessment

External OT & Automotive cybersecurity Consultant
External OT & Automotive cybersecurity Consultant
  • Conducted threat analysis and risk assessment (TARA) for infotainment and telematics ECUs using STRIDE methodology.
  • Designed secure diagnostics mechanism and key management in the system-on-chip (SOC) of Qualcomm and Samsung.
  • converted EN 18031 requirements into actionable security measures (network protection, data privacy) and ensured their implementation in the infotainment system.
  • Assisted the Infotainment team in preparing VDE-compliant technical documentation, including the system description, interface inventory, and SBOM-based vulnerability-monitoring evidence
  • Create security concept for Secure boot and implementation of Secure boot in MPSOC.
  • Enabling secure bootloader mechanism for the FPGA of MPSOC.
  • Programming FPGA by VHDL and enabling secure diagnostic on FPGA.
  • Created cybersecurity Concept aligned with ISO 21434.
  • Conducted threat surface analysis for automotive OTA updates
  • Performed Cybersecurity threat and risk assessment(TRA) according to IEC 62443-3-2 standard 
  • Integrated tools for generating SBOM and performed Vulnerability analysis and Risk Assess- ment (VARA) based on the SBOM by using CVE Database.
Harman
1 year
2022-11 - 2023-10

Architected AWS-native security solutions

External Cloud Cybersecurity Consultant
External Cloud Cybersecurity Consultant
  • Architected AWS-native security solutions including least-privilege IAM, GuardDuty integration, CloudTrail alerts, and S3 bucket protection.
  • Developed DORA control implementation roadmaps and aligned BCP/DRP with regulatory needs.
  • Conducted threat modeling for financial SaaS SIEM products (Datadog, Dynatrace, Splunk).
  • Onboarding and integrating WIZ into the first line of defense and create and define policies for enforcing and create the ecosystem around it.
  • Led vendor reviews and third-party security assessments and supported the PQC pilot evalua- tion.
  • Designed SBOM gathering procedure to address DORA requirements.
  • Create a risk registry aligned with DORA's ICT risk management framework (Article 5-16), ensur- ing structured tracking, assessment, and mitigation of ICT-related risks across LoB's applications and processes.
  • Perform internal audits and pre-assessments to ensure the required security measures have been met.
  • Integration of SIEM and SOAR solutions for LoB applications for monitoring of Cybersecurty incidents
  • Design security architecture for the integration of logging and metrics into LoB applications, using solutions such as Dynatrace, Grafana, Datadog, Splunk, Cloudwatch and ThousandEyes.
  • Designed and developed a key management system based on AWS KMS.
  • Re-designed the cybersecurity architecture for one of the LoB applications, reducing costs by 30% annually.
  • Integrated IAM policies with RBAC roles to ensure a least privilege access mechanism for devel- opers and users in both development and production environments.
Confidential Financial Institution
3 years 11 months
2019-01 - 2022-11

Leading the cyber security project team to develop security concept

CYBERSECURITY ENGINEER
CYBERSECURITY ENGINEER
  • Leading the cyber security project team to develop security concept for Aston Martin OEM 
  • Conducting customer discussions during quotation phase and development process 
  • Requirement creation and integration for Telemetry Control Unit according to EN18031.
  • Secure Boot concept design and Implementation for Radar and Camera systems for Mercedes and Uber based on authenticated boot and secure boot and using trusted anchor and HSE.
  • PKI architecture design to build a hierarchial diagnostic methodology for authentication and authorization of products.
  • Secure Boot enablement on FPGA system and programing the FPGA to enable Dynamic partial reconfiguration to verify the new received architecture for FPGA.
  • Supporting HW/SW teams to develop the products based on ISO/SAE 21434 standard (Draft Version)
  • Performing/evaluating threat analysis and risk assessment for advanced driving assistant sys- tems (ADAS)
  • Proposing appropriate Cyber security defense strategies against possible attacks
  • developing cyber security test strategies
  • Official auditor for cybersecurity work packages based on ISO21434
  • Design cyber security concept for the product
  • Design cyber security concept for production line
  • Supporting production team to integrate security concept in production line & OT systems (ICS&SCADA system)
  • Assisting production team to pass TISAX certification audit
  • Conducting Production team in Sibiu to receive IEC62443 certification
  • Conducted threat analysis and remediation planning as external consultant for FDA-regulated medical devices (medical sector).
CONTINENTAL ENGINEERING SERVICES
Frankfurt, Germany
1 year 1 month
2018-01 - 2019-01

Performed TARA on embedded firmware and real-time interface layers

HARDWARE SECURITY ENGINEER
HARDWARE SECURITY ENGINEER
  • Integrated cryptographic primitives into IoT edge sensors and evaluated threat vectors for in- dustrial protocols.
  • Performed TARA on embedded firmware and real-time interface layers.
  • Contributed to IEC 62443 control gap closure for operational firmware.
WIKA
Klingenberg am Main, Germany
4 years 4 months
2014-09 - 2018-12

Designed authentication protocols

HARDWARE ENGINEER
HARDWARE ENGINEER
  • Designed authentication protocols for FPGAs; implemented key derivation and challenge-response logic. 
  • Built hardware prototypes and executed functional and security testing under physical stress. 
  • Led MCU programming for secure embedded workflows.
CRYPTOLOCK GMBH
Aachen, Germany

Aus- und Weiterbildung

Aus- und Weiterbildung

2017 ? 2025

DUISBURG-ESSEN UNIVERSITY

EXTERNAL PHD. IN CYBERSECURITY


2010 ? 2014

RWTH AACHEN

M.SC. INCOMMUNICATIONS ENGINEERING


2004 ? 2009

QIAU

B.SC. IN ELECTRONICS ENGINEERING


CERTIFICATES

  • AWS Solution Architect
  • TISAX Implementor
  • NIS2 Implementor
  • IEC 62443 Expert

Kompetenzen

Kompetenzen

Top-Skills

IT-Security Cloud Security IEC62443 IT-Grundschutz PKI Verschlüsselung HSM Digital Operational Resilience Act Security Konzepte Cyberark ISO 27001 Automotive Sicherheitsysteme SIEM Secure Embedded Operating Systems Secure coding

Produkte / Standards / Erfahrungen / Methoden

SUMMARY

He is a hands-on cybersecurity architect, researcher and consultant with deep expertise in IT, OT and secure cloud architecture, and cyber risk compliance. He has led ISO 27001, FDA, ISO 21434, IEC 62443, TISAX, EN18031 and NIS2 implementations across automotive, finance, OT, and medical sectors. His combines system-level thinking with practical engineering skills to deliver security solutions, secure embedded systems, and scalable DevSecOps pipelines.


SKILLS

STANDARDS

ISO 27001 | ISO 21434 | IEC 62443 | TISAX | NIST | UNR155


REGULATIONS

GDPR | FDA | CRA | NIS2 | DORA | PCIDSS


TECHNOLOGIES

AWS | Azure | Terraform | PowerBI | TensorFlow | Medini | Ray | OPCUA | WIZ | IoT


Tools:

Kali Linux, Microsoft Office, Git, Docker, Nitro PDF


Soft Skills:

Strategic mindset, team leadership, client-oriented communication

Programmiersprachen

Python
VHDL
MATLAB
EmbeddedC/C++
SPS

Hardware

FPGA (Xilinx)
Microcontrollers
Beckhoff
CAN, ModBus, Ethernet
SCADA

Vertrauen Sie auf Randstad

Im Bereich Freelancing
Im Bereich Arbeitnehmerüberlassung / Personalvermittlung

Fragen?

Rufen Sie uns an +49 89 500316-300 oder schreiben Sie uns:

Das Freelancer-Portal

Direktester geht's nicht! Ganz einfach Freelancer finden und direkt Kontakt aufnehmen.