cybersecurity [architect | culturist | engineer]
Aktualisiert am 18.04.2024
Profil
Freiberufler / Selbstständiger
Remote-Arbeit
Verfügbar ab: 21.04.2024
Verfügbar zu: 100%
davon vor Ort: 80%
Cloud
DevOps
Security
Sicherheitsanalyse
Sicherheitsanforderung
Sicherheitsmaßnahme
Automationstechnik
Prozessentwicklung
Prozessdokumentation
SystemArchitektur
Workshop
Trainer
Projektmanagement
Agile Softwareentwicklung
Qualitätsengineering
ISO 27001
IT-Grundschutz
AI
Risikomanagement
german
Muttersprache
english
Verhandlungssicher

Einsatzorte

Einsatzorte

Deutschland, Schweiz, Österreich
möglich

Projekte

Projekte

1 year 5 months
2022-11 - now

Freelancing

CYBERSECURITY CULTURE EVANGELIST
CYBERSECURITY CULTURE EVANGELIST
  • Security architect und DevSecOps engineer ? OnPrem / Cloud
  • Community builder, team and role coach, trainer
  • Transformation Guide for agile Security and Cloud
  • 1,5 Line in Three-Lines-(of Defense) Model
Hamburg
4 months
2023-06 - 2023-09

Build-Up Cloud Center of Excellence - Focus Security Domain and Softwaredevelopment

Transformation-Coach, Cybersecurity Consultant, Cloud-Architect AWS Azure Kubernetes ...
Transformation-Coach, Cybersecurity Consultant, Cloud-Architect
  • Support for defining the tasks and Structure of the CCoE with aws, azure, gcp, 
  • Kinds of acting with organisation for training, news, project support
  • Workshops for different roles in organisation
  • conceptual work with cloud adoption framework (CAF)
  • interaction with plattform-team and soc
aws azure gcp k8s
AWS Azure Kubernetes k8s GCP Coaching security
solution provider
5 months
2023-05 - 2023-09

TISAX Level 3 Concept for Client-Management

Cybersecurity Expert Design-Konzept Dokumentation Workshop ...
Cybersecurity Expert
  • Requirements Engineering with focus on Desktop and Mobile Devices
  • Process-Design with Roles, Information Artefacts and Decisions for Software-Delivery
  • monitoring & alerting concept
  • authorization workflow
  • workshop moderation and result reconcilation
Design-Konzept Dokumentation Workshop Moderation Requirements Engineering Anforderungsanalyse
automotive
6 months
2023-03 - 2023-08

Concept for the use of DevOps in a digitization project of public sector

DevSecOps Engineer siam DevOps DevSecOps ...
DevSecOps Engineer
  • Security Requirements: based on BSI basic protection
  • Scope: projcts with softwaredevelopment and cloud usage
  • Challenge: high dynamic in changing developers, companies and product-owner
  • Concept includes: general conditions for project structure and how to transform into product orgsnisation (siam), vision and values, trainings, control validation and auditing, devops pipeline
  • close cooperation with plattform team, project organisation, delivery manager, siam consultant
gcp k8s
siam DevOps DevSecOps Design-Konzept Softwarearchitektur SystemArchitektur Kubernetes Souverän sovereign cloud
public sector
10 months
2022-01 - 2022-10

Concept and Prototyp for Security Incident (Response) Process

Cybersecurity-Expert, Process-Owner  Requirements agiles Projektmanagement Prozessentwicklung ...
Cybersecurity-Expert, Process-Owner 

  • transparency for attacks, control-points to manage and improve security/it processes and resource planing 
  • internal ciso organisation, it department and software development
  • Requirements Engineering
  • Stakeholdermanagement
  • Process Design with Roles, Tasks, information-artefacts and -systems, escalation
  • Prototyping with JIRA
  • Take Care of confidential information
  • Suggestion for supporting Systems: CMDB, Asset Inventory, Metrics and SLAs
  • Interaction with SIEM

jira
Requirements agiles Projektmanagement Prozessentwicklung Prozessautomatisierung Prozessdokumentation IT-Sicherheitsarchitektur IT-Sicherheitsmanagement Incident Management Sicherheitsanforderung Sicherheitsmaßnahme
e-commerce
1 year
2021-04 - 2022-03

AI for attack detection and semi-automation of processes

SOC Expert, Product-Owner kibana Python AWS ...
SOC Expert, Product-Owner
  • more trancperancy in attacks and variants; reduce effort to detect, mitigate and report
  • User Interaction with huge Web-App
  • Requirements-Engineering
  • System-Design for detection, reporting, interaction (semi-automation)
  • UseCase Definition (Attack Patterns) and Reporting
  • Defining and reconcile integration
AWS Elastic Search Python Java Git
kibana Python AWS Prozessberatung Prozessdokumentation Prozessautomatisierung Prozessentwicklung Automationstechnik DevOps Agile Softwareentwicklung Product Lifecycle SDLC Sicherheitsmanagement Sicherheitsmaßnahme
e-commerce
1 year
2020-03 - 2021-02

AWS Secure Configuration - Monitoring und Alerting for DevOps Product-Teams (Shift-Left Security, CSPM)

Cloudsecurity Expert DevOps Kotlin IntelliJ ...
Cloudsecurity Expert
  • Role: Product-Owner
  • Goal: fast Miss-Configuration Indicators for Product-Teams in AWS environment and information for security team / soc
  • Scope: product development teams, plattform team and security team
  • Tasks:
  • -- definition of controls, check intervals and disabling; using aws cis benchmark and some self defined checks or from mitre framework
  • -- dashboard and alerting
  • -- defining the help system and trigger to disable chcks on different resources
  • -- reporting for management and training content  
AWS Kotlin Elastic Search Vue.js Git
DevOps Kotlin IntelliJ Elastic Search
e-commerce
1 year 10 months
2017-08 - 2019-05

Establish Security Champions as Community of Practice and Multiplier for Security Framework

Cybersecurity-Expert, Mentor, Workshop Moderator Moderation Teamleading Leadership ...
Cybersecurity-Expert, Mentor, Workshop Moderator
  • Multiplier for Security-Strategy and Culture, develop Subject Matter Experts
  • Softwaredevelopment, Product-Development
  • initial Workshops
  • internal marketing, organise management buy-in
  • coordinate projects and separate different topics
  • experiment with different formats to play with interested people and enthusiasts
  • motivate people to share their knowledge and work outside their team
  • develop subject matter experts outside security team
  • continous development of internal security framework and baseline (iso27001, NIST CSF, OWASP)
  • use community for aws migration and adopt and learn very fast together
Moderation Teamleading Leadership Agile Coach Security Konzepte
e-commerce
1 year 3 months
2017-09 - 2018-11

Cloud Migration - security aspects and team support

Security Manager for Software Department AWS cloud formation terraform ...
Security Manager for Software Department
  • Migrate 20 Product-Teams with hundreds of Microservices from Mesos to aws cloud with GitHub and Mongo Atlas 
  • create trainings for product-teams with cloud security mechanism and their pifalls in distributed environments
  • migration concept for f5 firewall to aws waf
  • iam concept and sync with plattform team for different cloud providers
  • define secure landingzone and self-services with plattform team
  • support teams with monitoring, mitigation, encryption, risk-assessment, vpc, networking adoption of policies, security frameworks and security 
AWS GitHub MongoDB
AWS cloud formation terraform Jenkins ESO-CPL DevOps Security Konzepte Cloud Computing Trainer Workshop agiles Projektmanagement
e-commerce
1 year 2 months
2015-12 - 2017-01

SABBATICAL 


4 years 10 months
2011-02 - 2015-11

Developer of own Migration-Framework

PARTNER & SYSTEMS ENGINEER
PARTNER & SYSTEMS ENGINEER
  • Co-Founder: Mainframe-Migration without Code-Freeze
  • Infrastructure Management and Administration
  • Project engineer for migration project
on Request
Hamburg

Aus- und Weiterbildung

Aus- und Weiterbildung

1 month
2022-05 - 2022-05

CISSP - Certified Information Systems Security Professional

CISSP, (ISC)^2
CISSP
(ISC)^2

- Aspects of Secure Software Systems, spread across different landscapes (on-prem, cloud models)

- asset handling, risk & bc management

- access management

- general security principles

1 month
2018-07 - 2018-07

Leadership Training

uLead Lateral Leadership, change 4 success, hamburg
uLead Lateral Leadership
change 4 success, hamburg

- training for team- and project-lead positions

- agile mindset, people interaction, conflict handling

- motivation

1 month
2017-07 - 2017-07

Agile Project Management Certification

Professional Scrum Master I, Scrum.org, Munic
Professional Scrum Master I
Scrum.org, Munic

- more insides into agile pm

- new interaction models and methods

5 months
2016-03 - 2016-07

Project Management Certification

IPMA LEVEL C, PM ZERT (HAMBURG)
IPMA LEVEL C
PM ZERT (HAMBURG)

- softskills and people interaction

- methods and procedures

- Level C, because project management and coordination was part of my job the last 7 years

1 month
2008-01 - 2008-01

ITIL Basics

ITIL v2 Foundation Certificate, TÜV SÜD
ITIL v2 Foundation Certificate
TÜV SÜD

- Basic workshop with certification

- my focus: asset & configuration management, change management

6 years 4 months
1997-09 - 2003-12

computer science studies

Diploma in business informatics (FH), TFH Wildau
Diploma in business informatics (FH)
TFH Wildau

programming: java, .net c#, c

os: suse & debian linux

data storage: oracle db, ms sql server, xml

projects: dynamic web apps & small network setup with ldap, smb, dns, 

diplom thesis: product-development of a E-Learning Plattform for small and medium business

Position

Position

cyber security culture evangelist

This means that I use

  1. my experience as a system architect, engineer and strategist
  2. from various projects with many different people
  3. and my broad knowledge of cyber security

to establish a security culture that encompasses the entire system - starting with employee empowerment.

My mission is to support organizations on their way to becoming secure and resilient organisms!

Kompetenzen

Kompetenzen

Top-Skills

Cloud DevOps Security Sicherheitsanalyse Sicherheitsanforderung Sicherheitsmaßnahme Automationstechnik Prozessentwicklung Prozessdokumentation SystemArchitektur Workshop Trainer Projektmanagement Agile Softwareentwicklung Qualitätsengineering ISO 27001 IT-Grundschutz AI Risikomanagement

Produkte / Standards / Erfahrungen / Methoden

Project Management
Fortgeschritten
IPMA Level C
Fortgeschritten
Agile
Fortgeschritten
AI
Fortgeschritten

Profile:

My big drivers are challenging projects, especially those that make sense in the long term and have a sustainable impact - cyber security is therefore made for me. As a security culture evangelist with experience in various roles and industries in the field of software and system development, I see myself primarily as an enabler. I not only implement your requirements, but also share my experience and develop solutions together. Always with the aim of supporting your organization on its way to becoming a secure and resilient organism.


SKILLS:

  • Mindset: agile, cooperative, initiative
  • Tech: curious Hands-On architect
  • Acting: interdisciplinary driver
  • Solutions: innovative & sustainable
  • Security culture: enabler and shift-lef

Betriebssysteme

Linux
Fortgeschritten
Windows
Fortgeschritten

Programmiersprachen

Python
Fortgeschritten
Java
Fortgeschritten
Kotlin
Basics
Typescript
Basics

Design / Entwicklung / Konstruktion

Requirements-Management
Fortgeschritten
Process-Design
Fortgeschritten
System-Architecture
Fortgeschritten

Riskmanagement

Risk-Analysis
Fortgeschritten
Threat-Modelling
Experte

Compliance & Sicherheit Finanzwesen

CISSP
Experte
BSI Grundschutz
Fortgeschritten
TISAX
Basics
ISO27001
Basics
NIST CSF
Fortgeschritten
OWASP
Fortgeschritten
SSDLC
Experte
DevSecOps
Experte

Branchen

Branchen

  • all: agil security as non functional requirement, security culture for secure and resilient organism
  • automobile / automotive: tisax level 3
  • public sector: project management and bsi basic protection, iso27001

Einsatzorte

Einsatzorte

Deutschland, Schweiz, Österreich
möglich

Projekte

Projekte

1 year 5 months
2022-11 - now

Freelancing

CYBERSECURITY CULTURE EVANGELIST
CYBERSECURITY CULTURE EVANGELIST
  • Security architect und DevSecOps engineer ? OnPrem / Cloud
  • Community builder, team and role coach, trainer
  • Transformation Guide for agile Security and Cloud
  • 1,5 Line in Three-Lines-(of Defense) Model
Hamburg
4 months
2023-06 - 2023-09

Build-Up Cloud Center of Excellence - Focus Security Domain and Softwaredevelopment

Transformation-Coach, Cybersecurity Consultant, Cloud-Architect AWS Azure Kubernetes ...
Transformation-Coach, Cybersecurity Consultant, Cloud-Architect
  • Support for defining the tasks and Structure of the CCoE with aws, azure, gcp, 
  • Kinds of acting with organisation for training, news, project support
  • Workshops for different roles in organisation
  • conceptual work with cloud adoption framework (CAF)
  • interaction with plattform-team and soc
aws azure gcp k8s
AWS Azure Kubernetes k8s GCP Coaching security
solution provider
5 months
2023-05 - 2023-09

TISAX Level 3 Concept for Client-Management

Cybersecurity Expert Design-Konzept Dokumentation Workshop ...
Cybersecurity Expert
  • Requirements Engineering with focus on Desktop and Mobile Devices
  • Process-Design with Roles, Information Artefacts and Decisions for Software-Delivery
  • monitoring & alerting concept
  • authorization workflow
  • workshop moderation and result reconcilation
Design-Konzept Dokumentation Workshop Moderation Requirements Engineering Anforderungsanalyse
automotive
6 months
2023-03 - 2023-08

Concept for the use of DevOps in a digitization project of public sector

DevSecOps Engineer siam DevOps DevSecOps ...
DevSecOps Engineer
  • Security Requirements: based on BSI basic protection
  • Scope: projcts with softwaredevelopment and cloud usage
  • Challenge: high dynamic in changing developers, companies and product-owner
  • Concept includes: general conditions for project structure and how to transform into product orgsnisation (siam), vision and values, trainings, control validation and auditing, devops pipeline
  • close cooperation with plattform team, project organisation, delivery manager, siam consultant
gcp k8s
siam DevOps DevSecOps Design-Konzept Softwarearchitektur SystemArchitektur Kubernetes Souverän sovereign cloud
public sector
10 months
2022-01 - 2022-10

Concept and Prototyp for Security Incident (Response) Process

Cybersecurity-Expert, Process-Owner  Requirements agiles Projektmanagement Prozessentwicklung ...
Cybersecurity-Expert, Process-Owner 

  • transparency for attacks, control-points to manage and improve security/it processes and resource planing 
  • internal ciso organisation, it department and software development
  • Requirements Engineering
  • Stakeholdermanagement
  • Process Design with Roles, Tasks, information-artefacts and -systems, escalation
  • Prototyping with JIRA
  • Take Care of confidential information
  • Suggestion for supporting Systems: CMDB, Asset Inventory, Metrics and SLAs
  • Interaction with SIEM

jira
Requirements agiles Projektmanagement Prozessentwicklung Prozessautomatisierung Prozessdokumentation IT-Sicherheitsarchitektur IT-Sicherheitsmanagement Incident Management Sicherheitsanforderung Sicherheitsmaßnahme
e-commerce
1 year
2021-04 - 2022-03

AI for attack detection and semi-automation of processes

SOC Expert, Product-Owner kibana Python AWS ...
SOC Expert, Product-Owner
  • more trancperancy in attacks and variants; reduce effort to detect, mitigate and report
  • User Interaction with huge Web-App
  • Requirements-Engineering
  • System-Design for detection, reporting, interaction (semi-automation)
  • UseCase Definition (Attack Patterns) and Reporting
  • Defining and reconcile integration
AWS Elastic Search Python Java Git
kibana Python AWS Prozessberatung Prozessdokumentation Prozessautomatisierung Prozessentwicklung Automationstechnik DevOps Agile Softwareentwicklung Product Lifecycle SDLC Sicherheitsmanagement Sicherheitsmaßnahme
e-commerce
1 year
2020-03 - 2021-02

AWS Secure Configuration - Monitoring und Alerting for DevOps Product-Teams (Shift-Left Security, CSPM)

Cloudsecurity Expert DevOps Kotlin IntelliJ ...
Cloudsecurity Expert
  • Role: Product-Owner
  • Goal: fast Miss-Configuration Indicators for Product-Teams in AWS environment and information for security team / soc
  • Scope: product development teams, plattform team and security team
  • Tasks:
  • -- definition of controls, check intervals and disabling; using aws cis benchmark and some self defined checks or from mitre framework
  • -- dashboard and alerting
  • -- defining the help system and trigger to disable chcks on different resources
  • -- reporting for management and training content  
AWS Kotlin Elastic Search Vue.js Git
DevOps Kotlin IntelliJ Elastic Search
e-commerce
1 year 10 months
2017-08 - 2019-05

Establish Security Champions as Community of Practice and Multiplier for Security Framework

Cybersecurity-Expert, Mentor, Workshop Moderator Moderation Teamleading Leadership ...
Cybersecurity-Expert, Mentor, Workshop Moderator
  • Multiplier for Security-Strategy and Culture, develop Subject Matter Experts
  • Softwaredevelopment, Product-Development
  • initial Workshops
  • internal marketing, organise management buy-in
  • coordinate projects and separate different topics
  • experiment with different formats to play with interested people and enthusiasts
  • motivate people to share their knowledge and work outside their team
  • develop subject matter experts outside security team
  • continous development of internal security framework and baseline (iso27001, NIST CSF, OWASP)
  • use community for aws migration and adopt and learn very fast together
Moderation Teamleading Leadership Agile Coach Security Konzepte
e-commerce
1 year 3 months
2017-09 - 2018-11

Cloud Migration - security aspects and team support

Security Manager for Software Department AWS cloud formation terraform ...
Security Manager for Software Department
  • Migrate 20 Product-Teams with hundreds of Microservices from Mesos to aws cloud with GitHub and Mongo Atlas 
  • create trainings for product-teams with cloud security mechanism and their pifalls in distributed environments
  • migration concept for f5 firewall to aws waf
  • iam concept and sync with plattform team for different cloud providers
  • define secure landingzone and self-services with plattform team
  • support teams with monitoring, mitigation, encryption, risk-assessment, vpc, networking adoption of policies, security frameworks and security 
AWS GitHub MongoDB
AWS cloud formation terraform Jenkins ESO-CPL DevOps Security Konzepte Cloud Computing Trainer Workshop agiles Projektmanagement
e-commerce
1 year 2 months
2015-12 - 2017-01

SABBATICAL 


4 years 10 months
2011-02 - 2015-11

Developer of own Migration-Framework

PARTNER & SYSTEMS ENGINEER
PARTNER & SYSTEMS ENGINEER
  • Co-Founder: Mainframe-Migration without Code-Freeze
  • Infrastructure Management and Administration
  • Project engineer for migration project
on Request
Hamburg

Aus- und Weiterbildung

Aus- und Weiterbildung

1 month
2022-05 - 2022-05

CISSP - Certified Information Systems Security Professional

CISSP, (ISC)^2
CISSP
(ISC)^2

- Aspects of Secure Software Systems, spread across different landscapes (on-prem, cloud models)

- asset handling, risk & bc management

- access management

- general security principles

1 month
2018-07 - 2018-07

Leadership Training

uLead Lateral Leadership, change 4 success, hamburg
uLead Lateral Leadership
change 4 success, hamburg

- training for team- and project-lead positions

- agile mindset, people interaction, conflict handling

- motivation

1 month
2017-07 - 2017-07

Agile Project Management Certification

Professional Scrum Master I, Scrum.org, Munic
Professional Scrum Master I
Scrum.org, Munic

- more insides into agile pm

- new interaction models and methods

5 months
2016-03 - 2016-07

Project Management Certification

IPMA LEVEL C, PM ZERT (HAMBURG)
IPMA LEVEL C
PM ZERT (HAMBURG)

- softskills and people interaction

- methods and procedures

- Level C, because project management and coordination was part of my job the last 7 years

1 month
2008-01 - 2008-01

ITIL Basics

ITIL v2 Foundation Certificate, TÜV SÜD
ITIL v2 Foundation Certificate
TÜV SÜD

- Basic workshop with certification

- my focus: asset & configuration management, change management

6 years 4 months
1997-09 - 2003-12

computer science studies

Diploma in business informatics (FH), TFH Wildau
Diploma in business informatics (FH)
TFH Wildau

programming: java, .net c#, c

os: suse & debian linux

data storage: oracle db, ms sql server, xml

projects: dynamic web apps & small network setup with ldap, smb, dns, 

diplom thesis: product-development of a E-Learning Plattform for small and medium business

Position

Position

cyber security culture evangelist

This means that I use

  1. my experience as a system architect, engineer and strategist
  2. from various projects with many different people
  3. and my broad knowledge of cyber security

to establish a security culture that encompasses the entire system - starting with employee empowerment.

My mission is to support organizations on their way to becoming secure and resilient organisms!

Kompetenzen

Kompetenzen

Top-Skills

Cloud DevOps Security Sicherheitsanalyse Sicherheitsanforderung Sicherheitsmaßnahme Automationstechnik Prozessentwicklung Prozessdokumentation SystemArchitektur Workshop Trainer Projektmanagement Agile Softwareentwicklung Qualitätsengineering ISO 27001 IT-Grundschutz AI Risikomanagement

Produkte / Standards / Erfahrungen / Methoden

Project Management
Fortgeschritten
IPMA Level C
Fortgeschritten
Agile
Fortgeschritten
AI
Fortgeschritten

Profile:

My big drivers are challenging projects, especially those that make sense in the long term and have a sustainable impact - cyber security is therefore made for me. As a security culture evangelist with experience in various roles and industries in the field of software and system development, I see myself primarily as an enabler. I not only implement your requirements, but also share my experience and develop solutions together. Always with the aim of supporting your organization on its way to becoming a secure and resilient organism.


SKILLS:

  • Mindset: agile, cooperative, initiative
  • Tech: curious Hands-On architect
  • Acting: interdisciplinary driver
  • Solutions: innovative & sustainable
  • Security culture: enabler and shift-lef

Betriebssysteme

Linux
Fortgeschritten
Windows
Fortgeschritten

Programmiersprachen

Python
Fortgeschritten
Java
Fortgeschritten
Kotlin
Basics
Typescript
Basics

Design / Entwicklung / Konstruktion

Requirements-Management
Fortgeschritten
Process-Design
Fortgeschritten
System-Architecture
Fortgeschritten

Riskmanagement

Risk-Analysis
Fortgeschritten
Threat-Modelling
Experte

Compliance & Sicherheit Finanzwesen

CISSP
Experte
BSI Grundschutz
Fortgeschritten
TISAX
Basics
ISO27001
Basics
NIST CSF
Fortgeschritten
OWASP
Fortgeschritten
SSDLC
Experte
DevSecOps
Experte

Branchen

Branchen

  • all: agil security as non functional requirement, security culture for secure and resilient organism
  • automobile / automotive: tisax level 3
  • public sector: project management and bsi basic protection, iso27001

Vertrauen Sie auf GULP

Im Bereich Freelancing
Im Bereich Arbeitnehmerüberlassung / Personalvermittlung

Fragen?

Rufen Sie uns an +49 89 500316-300 oder schreiben Sie uns:

Das GULP Freelancer-Portal

Direktester geht's nicht! Ganz einfach Freelancer finden und direkt Kontakt aufnehmen.