As part of the development of a special software system in the field of lawful interception, a security concept was developed with requirements from the BSI basic protection catalogue. The special feature was the system architecture of the software, which was built entirely on bare metal Kubernetes and still had to fulfil the security requirements of a high protection requirement.
Responsibilities:
Evaluation of different passive OT Security Monitoring solution based on a
pre-defined requirements catalog, including security features and detection
capabilites, OT protocol support, physical requirmenents. Conducting different
Proof-of-values in different production sites. Creating a decision-making basis
for an international rollout of an OT security solution for top-management.
German car manufacturer
5 Monate
2023-05 - 2023-09
OT Asset Discovery and Security Modernization
OT Security Consultant
OT Security Consultant
Implementation of an OT
asset discovery solution including vulnerability management to detect devices
in production and to analyze their communication relationships. Based on this:
Implementation of a network segmentation including network access control and
firewalling concept for 2 customer sites. Implementation of vulnerability
management and transfer of the entire project into a managed service.
Electronic device manufacturer
3 Jahre 1 Monat
2020-01 - 2023-01
ISMS implementation
Team Lead Information Security
Team Lead Information Security
Responsibilities:
Implementation of an ISMS based on BSI IT-Grundschutz and specific German law
enforcment requirements for a large German Police IT-system. This included all
phases of the BSI-200 methodology, which also included
Risk analysis
Classification of the IT environment
Threat analysis
Risk classification
Documentation of implemented technical measures ( Overall
over 1200 requirements were identified and implemented to technical measures.)
Verinice
Public Sector
4 Monate
2019-06 - 2019-09
Elasticsearch SIEM PoC and Installation
IT Security Consultant
IT Security Consultant
Planning
and implementation of an Elasticsearch based SIEM platform for Private Cloud environment
with extended security requirements due to external and internal regulations.
KRITIS
Deutschland
1 Monat
2019-05 - 2019-05
Container Security Solution Planning and Rollout
Planning and implementation of a Container Security
solution giving the customer detailed information about the current status of
secure images during build, ship and run phase of containers in a Kubernetes
based enviroment.
Conducting a two day
Training with different stakeholders of the customer
Certification Authority
Schweiz
2 Monate
2019-04 - 2019-05
Implementation of a Container Security Solution
IT Security Consultant
IT Security Consultant
Planning and implementation of a Container Security
solution giving the customer detailed information about the current status of
secure images during build, ship and run phase of containers in a Kubernetes
based enviroment.
Conducting a three day
Training with different stakeholders of the customer
Enterprise IT
Deutschland
Aus- und Weiterbildung
Aus- und Weiterbildung
3 Jahre 7 Monate
2009-04 - 2012-10
Informatik Studium
Master of Science, Hochschule Darmstadt
Master of Science
Hochschule Darmstadt
IT Security
Position
Position
Senior Consultant für OT Security, Informationssicherheit, SOC und SIEM Beratung, CISO as a Service
As part of the development of a special software system in the field of lawful interception, a security concept was developed with requirements from the BSI basic protection catalogue. The special feature was the system architecture of the software, which was built entirely on bare metal Kubernetes and still had to fulfil the security requirements of a high protection requirement.
Responsibilities:
Evaluation of different passive OT Security Monitoring solution based on a
pre-defined requirements catalog, including security features and detection
capabilites, OT protocol support, physical requirmenents. Conducting different
Proof-of-values in different production sites. Creating a decision-making basis
for an international rollout of an OT security solution for top-management.
German car manufacturer
5 Monate
2023-05 - 2023-09
OT Asset Discovery and Security Modernization
OT Security Consultant
OT Security Consultant
Implementation of an OT
asset discovery solution including vulnerability management to detect devices
in production and to analyze their communication relationships. Based on this:
Implementation of a network segmentation including network access control and
firewalling concept for 2 customer sites. Implementation of vulnerability
management and transfer of the entire project into a managed service.
Electronic device manufacturer
3 Jahre 1 Monat
2020-01 - 2023-01
ISMS implementation
Team Lead Information Security
Team Lead Information Security
Responsibilities:
Implementation of an ISMS based on BSI IT-Grundschutz and specific German law
enforcment requirements for a large German Police IT-system. This included all
phases of the BSI-200 methodology, which also included
Risk analysis
Classification of the IT environment
Threat analysis
Risk classification
Documentation of implemented technical measures ( Overall
over 1200 requirements were identified and implemented to technical measures.)
Verinice
Public Sector
4 Monate
2019-06 - 2019-09
Elasticsearch SIEM PoC and Installation
IT Security Consultant
IT Security Consultant
Planning
and implementation of an Elasticsearch based SIEM platform for Private Cloud environment
with extended security requirements due to external and internal regulations.
KRITIS
Deutschland
1 Monat
2019-05 - 2019-05
Container Security Solution Planning and Rollout
Planning and implementation of a Container Security
solution giving the customer detailed information about the current status of
secure images during build, ship and run phase of containers in a Kubernetes
based enviroment.
Conducting a two day
Training with different stakeholders of the customer
Certification Authority
Schweiz
2 Monate
2019-04 - 2019-05
Implementation of a Container Security Solution
IT Security Consultant
IT Security Consultant
Planning and implementation of a Container Security
solution giving the customer detailed information about the current status of
secure images during build, ship and run phase of containers in a Kubernetes
based enviroment.
Conducting a three day
Training with different stakeholders of the customer
Enterprise IT
Deutschland
Aus- und Weiterbildung
Aus- und Weiterbildung
3 Jahre 7 Monate
2009-04 - 2012-10
Informatik Studium
Master of Science, Hochschule Darmstadt
Master of Science
Hochschule Darmstadt
IT Security
Position
Position
Senior Consultant für OT Security, Informationssicherheit, SOC und SIEM Beratung, CISO as a Service
Branchen
Branchen
Public
Health Care
Automotive
Banking
Insurance
Vertrauen Sie auf Randstad
Im Bereich Freelancing
Im Bereich Arbeitnehmerüberlassung / Personalvermittlung