Alexander Sänn - Owner and Managing Director

Recommended expert

Bayreuth, Germany

Experience

Jan 2025 - Dec 2025

1 year

Lead Audit Conformity & IT Security Catalog

DAX Group energy provider in the renewable energy division

Support in implementing the requirements of §8a of the BSI Act for critical infrastructures.
Systematic preparation and support of internal and external audits, resolution of previous non-conformities (HA, NA, VP).
Implementation of the specific requirements of the IT Security Catalog.
Development of training programs, creation of run books and conducting assessments to ensure operational effectiveness.

Jan 2025 - Dec 2025

1 year

External Information Security Officer

E-commerce and closed-loop provider

Conducting risk analyses and vulnerability assessments
Supporting the implementation of an information security management system (ISMS) as a basis for meeting the criteria under the Digital Operational Resilience Act (DORA)
Preparing software development for the requirements of the Cyber Resilience Act (CRA)
Setting up a management system for vulnerabilities and security threats

Jan 2025 - Dec 2025

1 year

Lead of the workstream Log Collection, Extraction & Aggregation to enable a SIEM according to SzA

Critical infrastructure in international energy supply

Implementing a central log management system to meet KRITIS requirements in energy supply
Serving as the workstream lead for collecting, extracting and aggregating log data from selected power plants
Installing and configuring security components such as the genua cyber diode and SYSLOG to ensure logging

Jan 2025 - Dec 2025

1 year

Consulting on the strategic implementation of the Cyber Resilience Act

Mechanical engineering

Taking stock and conducting a gap analysis according to IEC 62443
Developing recommendations to ensure CRA compliance

Jan 2024 - Dec 2025

2 years

Project consulting in the area of innovation

International mobility provider

Horizon scan: designing a trend analysis for IT emergency management using prelead

Jan 2024 - Dec 2025

2 years

Project Consulting for Security Concept and NIS2 Compliance

Water Supply

Consulting on implementing NIS2 and network segmentation in a KRITIS-relevant environment
Development of a security concept for a technical monitoring system including early warning logic, taking into account hybrid IT environments
Creation of concepts and action plans according to the security requirements of ISO 27001 and BSI IT Baseline Protection

Jan 2023 - Dec 2024

2 years

Project Manager for Establishing a Cybersecurity Program

DAX-listed Energy Supply Group

Responsibility for setting up the project and managing delivery to the finish line
Analysis of the program's and project's challenges and risks
Definition of an effective approach
Restructuring and mobilizing colleagues and partner staff
Support for the newly organized cybersecurity department on its path to the next level of operational maturity (e.g., evolution into a customer-focused, standardized, and sustainable organization)

Jan 2022 - Dec 2025

4 years

Lead for Standards and Regulatory Requirements in Cybersecurity

DAX-listed Machinery and Plant Engineering Group

Lead for a DAX-listed company, the largest industrial manufacturing company in Europe. In charge of certification and manufacturer self-certification according to IEC 62443-4-2 and GDPR.

Analysis, aggregation, and assessment of the regulatory impacts of the EU Cyber Resilience Act (CRA), EU AI Acts, EU Data Act, and NIS2
Development of a preparation and implementation plan, as well as implementation of the necessary steps to achieve compliance
Stakeholder management and coordination with external auditors
Representation in industry-specific internal and external committees

Jan 2022 - Dec 2025

4 years

§8a KRITIS Audit Support

International Mobility Provider

Audit support for the world's second-largest transportation company. Assessment and completion of the information security policies and the documentation framework for IDW and BSI audit standards.

Support for the 2nd Line of Defense in building and operating an Information Security Management System (ISMS) according to ISO 27001
Creation and maintenance of policies, processes, and other (framework) documents (e.g., work instructions and manuals)
Co-development of the information security strategy
Support in information security risk management
Implementation of measures to eliminate/mitigate information security risks and deficiencies
Preparation for the next §8a audit cycle (2023)
Coordination with departments to identify KRITIS-relevant assets
Creation of a scope document for KRITIS-relevant assets
Collection and preparation of evidence

Jan 2022 - Dec 2023

2 years

Project Consulting for 'ISALIP – Information Security Awareness, Literacy and Privacy'

Research Project

The project aimed to improve European citizens' readiness for the digital age. It addressed individual awareness of information security, related competencies, and risk management in professional and private contexts.

Networking of experts from partner countries as well as at the overall European level
Project consulting for defining requirements, training, and qualification profiles, as well as content topics in the field of cybersecurity

Jan 2021 - Dec 2022

2 years

Germany

Development and Implementation of BSI IT-Grundschutz Projects

State Administration

Development and implementation of several BSI IT-Grundschutz projects for state ministries in North Rhine-Westphalia and for federal authorities.

Jan 2021 - Dec 2022

2 years

Introduction of BSI IT-Grundschutz

Public Sector

Introduction of BSI IT-Grundschutz within a joint, coordinated center for maritime security.

Jan 2020 - Dec 2022

3 years

Manager with signatory authority

Big4 Consulting

Project manager for the introduction and maintenance of a quality management system according to ISO 9001 for consulting, auditing and training in information security, risk management, data protection and BCM
Transition manager for the team change of 120 employees
Key expert for OT security and general consultant for technical aspects of cyber security in the energy sector and other industries

Jan 2020 - Dec 2022

3 years

Project Manager for Technical Implementation of a Cyber Security Program in the OT Area

DAX Chemical Industry Group

Technical implementation of a cyber security program in the OT area for the company's worldwide sites.

Network scanning
Vulnerability management
Access management
Endpoint protection
Asset management
Awareness and tactical alignment of further measures to develop the cyber security maturity level

Jan 2020 - Dec 2022

3 years

Lead for Data Protection Assessments within the Microsoft Supplier Security and Privacy Assurance (SSPA) Program

Digital Company

Jan 2020 - Dec 2022

3 years

Technical Lead for ISO 27001 Implementation

Mechanical Engineering

Technical Lead for the ISO 27001 implementation at a former DAX precision engineering company and world-leading manufacturer of sheetfed offset printing presses.

Jan 2017 - Dec 2020

4 years

Information Security Officer (ISO)

International TSO

Supported requirements engineering and technical implementation for the OneDMS document management system
Managed organizational change to develop a cybersecurity interface (creating policies, implementing technical requirements, awareness training, ticket management, supporting business projects with cybersecurity aspects and requirements)
Managed internal and external audits as well as supplier audits according to ISO 27001, ISO 27002 and ISO 27019 (per IT security catalog)
Supported the CISO, assessed protection needs and monitored cybersecurity aspects for IT and OT

Jan 2017 - Dec 2018

2 years

Senior Consultant

Consulting Company

Implemented ISMS and GDPR-based PMS in subsidiaries of a consulting company (500+ employees); advisor for ISO 27001-based ISMS and GDPR

Jan 2017 - Dec 2018

2 years

Project Lead

Research & Development

Study on “ISMS in the Energy Sector 2018”
In-house implementation of GDPR and ITIL-based services

Jan 2017 - Dec 2018

2 years

Senior Consultant

Real Estate Start-up

Implemented an ISMS according to ISO 27001 in a property management company

Jan 2017 - Dec 2018

2 years

Senior Consultant

Kommunale Versorgungs- und Verkehrsgesellschaft

Supported the Group CISO in governance, processes and awareness, incident management, strategic management, and technical questions in the energy sector

Jan 2015 - Dec 2017

3 years

Bayreuth, Germany

Postdoc

Universität von Bayreuth, Lehrstuhl für Innovation & Marketing

Industry study on "ISMS in the energy sector" with Energieforen Leipzig
Public study on the EU Digital Content Directive for consumer protection (Bavarian State Ministry for the Environment and Consumer Protection)

Jan 2009 - Dec 2017

9 years

Cottbus, Germany

Doctoral Candidate

Brandenburgische Technische Universität Cottbus, Lehrstuhl für Marketing und Innovationsmanagement

Location management study to overcome vacancies in industrial parks in the Lusatia energy region. Conducted for Vattenfall Europe Generation AG and the Lusatia Spreewald Energy Region
Market analysis of the Bavarian, Brandenburg, and Saxon tourism markets to derive suitable market entry strategies
Fundraising for the 20th anniversary event of Brandenburg University of Technology Cottbus
Lectures on eBusiness, international marketing, and market-oriented product development

Jan 2009 - Dec 2015

7 years

Innovation Lead

IHP GmbH – Innovation für Hochleistungsmikroelektronik

Innovation management in the "Enhanced Security for Critical Infrastructures" project and project management for R&D in information security for critical infrastructures (KRITIS) focused on "Security in sensor networks"
Requirements engineering with IC-104, PROFINET, Profibus, and other fieldbus communications to prepare for IDS/IPS implementation
Drafted several research proposals on 5G for tactile internet applications, information security architecture in future automotive developments, communication protocols, and real-time requirements for information security in industrial applications
Various workshops with the German Federal Office for Information Security (BSI), Federal Ministry of the Interior (BMI), and Federal Agency for Technical Relief (BBK) on UP-KRITIS, LÜKEX, and KRITIS

Jan 2007 - Dec 2009

3 years

Technical Associate

Fraunhofer-Anwendungszentrum für Logistikmanagement ALI und Informationssysteme

Part of the Fraunhofer Institute for Material Flow and Logistics IML.

Implemented real-time tracking systems in complex industrial environments using ubisense
Assessed physical security at Sheremetyevo Cargo Airport in Moscow, Russia
Provided user support for the Fraunhofer Public Key Infrastructure
Developed an application for digital anamnesis for online/offline use by emergency services using .NET/C#/HTML and PRINCE2 (ADAC)
Developed and promoted an EU-wide injury database (IDB)
Managed events for the "Night of Creative Minds" science roadshow
Provided organizational and technical assistance at the associated chair for Industrial IT

Jan 2005 - Dec 2009

5 years

Cottbus, Germany

Founder

PC-Hilfe Cottbus

Various office IT projects for clients, including websites, marketing, and web design
Installation and maintenance of infrastructure and IT solutions in the tourism sector, e.g. implementation of Amadeus (Sabre) and Bistro Portal
Custom software development in the insurance sector
Various services in the field of information security

Summary

ad2b-solutions GmbH protects companies in the critical infrastructure supply chain from cyber security incidents, production outages, and personal liability cases. On the basis of established standards, organization-appropriate management systems are developed, certified, and continuously improved. This covers information security, the handling of artificial intelligence (AI), and IT project management in general.

Example requirements for using a management system come from the following topics:

Cyber security according to ISO 27001, IEC 62443 and BSI IT Baseline Protection; data protection according to ISO 27001; quality management according to ISO 9001; business continuity management according to ISO 22301; risk management according to ISO 27005 and ISO 31000.
Project management according to PRINCE2, SCRUM, agile Stage Gate, Lead User and Open Innovation, taking into account established ITIL processes.

Under the brand prelead, innovation management in information security is methodically combined. This leads to the introduction and maintenance of information security while ensuring usability.

"Cyber Security as an Enabler" helps to develop processes, optimize the entire organization, and align new projects from the very beginning with requirements from regulations, market standards, and customers.

With the implementation of the practical method according to prelead, the right customer requirements are met. This avoids costly rework and missing compliance in target markets.

Skills

Certified Cyber Security Auditor Isa/iec 62443 (Ccsa) (Ul)
Certified Cyber Security Professional Iec 62443 (Ccsp) (Ul)
Certified Information System Security Professional (Cissp) (Isc2)
Certified Program Management Professional (Pgmp) Candidate (Pmmi)
Certified Information Security Manager (Cism)
Quality Systems Manager By The German Society For Quality (Dgq)
Bsi-certified It Baseline Protection Consultant
Certified Senior Lead Auditor Iso 27001 (Pecb)
Certified It Service Management (Itil)
Certified Itil It Service Management Expert (Pwc Certification Services)
Certified Data Protection Officer (Pwc Certification Services)
Leading Across A Distance (Quadriga)
Certified Ethical Hacking And Countermeasures (Ceh)
Prince2 And Itil-related Project Management (Maxpert)
Various Critical Infrastructure Workshops By The German Society For Computer Science (Gi)
Certified Scrum Master (Ismf)
Leadership At A Distance (Quadriga) And In Projects And Project Management Iso 21500 (Tiba)