Senior Security Architect

Support Clients In Finding The Right Business And Technology Solutions As A Consultant Designing Cutting-edge Security Architectures.

Expert In Classification Regulations (Vsa), Especially The Four Classification Levels: Vs-nfd, Confidential, Secret, Top Secret.

Core Topics:

• Secure Hardware Development (Layer 2 Network Devices, Mobile Security Solutions)
• Security Architectures Following Vs-nfd Guidelines
• Development And Hardening Of Mobile Platforms (Smartphones, Tablets)
• Vulnerability Analysis And Implementation Of Protections
• More Than 15 Years Of Experience As An Analyst In It, Ot, Etc.
• Ot – Managing Physical Operations
• Iot – Bridging Physical Devices (Ot) To Digital Systems (It)
• Kritis – Critical Infrastructures Including It And Telecom, Finance And Insurance, Energy (Electricity, Gas, Oil, District Heating), Public Sector, Military Environment
• Vsa – Classification Regulations For The Four Classification Levels

Technical Strengths & Technological Expertise – Consulting & Technical Implementation (Selection):

• Many Years Of Experience As A Certified Security Consultant (Bsi 100–200, C5, Vsa Isms, Grc, Bcm, Hiscout Suite)
• Implementing Kritis With An Isms In Risk Management To Ensure The Joint Security Goals Of Availability, Confidentiality And Integrity Of Information And Systems
• Hands-on Project Management And Technical Implementation In Soc, Siem, Soar (Splunk, Ibm Qradar, Exabeam, Thehive, Cortex, Arcsight)
• Use Of Drivelock (Edr, Device & Application Control), Cyberark Epm, Pam, Psm, Beyondtrust, Zscaler, And More
• Consulting On Processing Classified Information Under Vs-nfd Criteria (National & International)
• Architecture And Implementation Of It Security Solutions In Government Environments (Germany, Nato, Eu, Usa, Embassies)
• Kritis – The Critical Infrastructures That Need Special Protection From Cyber Attacks And System Failures To Ensure Stability And Safety Of Society

Iam & Pam Expertise:

• Implementation Of Abac/rbac Solutions In Conjunction With Identity & Access Management (Iam)
• Development Of Secure Access Architectures For Cloud And Devops Environments (E.g. Cyberark Rest Api, Empowerid, Saviynt)
• Planning And Integration Of Pki, Ssl Certificates, Hsm, Ms Ndes, Safenet, And More

Project Experience & Roles (Skill Foci):

• Project Management, Pmo, Agile Coach, Technical Project Manager (Hands-on), Security Consultant
• Development Of Secure Products (Hardware And Software), Including Mobile Border Scanners, Fingerprint Solutions, Sim Card–based Authentication
• Client Focus: Public Sector, Military, Government Agencies, Banks, Insurance, Automotive, Energy And Transport

Industry Know-how & Regulations:

• Finance Sector: Dora, Bait, Vait, Risk And Compliance Management, Incident Response
• Industry & Military: Itscm, Network Security, Vs-nfd, Nato Standards, Bsi Basic Protection
• E-government: E-banking, Secure Digital Identities, Smartcard Authentication

Technology Stack (Selection):

• Security Tools: Splunk, Arcsight, Qradar, Wazuh, Exabeam, Thehive, Cortex, Misp, Nexpose, Zalert
• Penetration Testing: Wireshark, Metasploit, Acunetix, Burp Suite, Aircrack
• Cloud Platforms: Aws, Azure, Strato, Telekom Cloud – Incl. Cloud Security & Migration
• Scripting & Programming: Powershell, Batch, Vbs, Java, C++, Sql, .Net
• Os & Infrastructure: Windows Server (2003–2022), Linux/unix, Rhel/openshift, Oracle
• Protocols & Architecture: Vlan, Ngw, Ddi, Pap Structures, Secure Segmentation
• Blockchain & Quantum Security: Own Platform Developments & Research Since 2020

Soft Skills & Working Style:

• Analytical And Structured Approach
• Strategic Thinking With A Focus On Execution
• Expert-level Technical Understanding
• Team Leadership Up To 80 People, International & Remote
• Excellent Documentation, Training And Presentation Skills

Hardware Competence (25+ Years Experience) – Security Hardware & Biometrics:

• Developed The First Portable Android-based Passport Scanner With Integrated Multi-fingerprint Recognition For Border Control, Police, Bka And Banks
• Developed Patented Biometric Systems Based On Fingerprint Recognition (E.g. Nurugo Technology)
• Integrated Secure Sim And Sd Cards For Passwordless Authentication In Mobile And Stationary Security Applications

Embedded Systems & Cryptography:

• Experience In Designing And Implementing Security-critical Embedded Hardware With Hardware-based Encryption Mechanisms (Aes-256, Diffie-hellman, Quantum Ready)
• Research And Development In Quantum Computing–based Encryption (Since 2020)

Security Components & Interfaces:

• Development And Integration Of Nfc And Smartcard Technology
• High-security Solutions For Transactions (Uaf, Biometric)
• Hardware Security Modules (Hsm) & Key Management Systems (Kms)
• Pap Architectures (Packet Filters, Application Layer Gateway)

Production & Technical Implementation:

• Lead Prototype Development, Production Control And Documentation Of Security-critical Hardware
• Rollout Of Security-certified Devices In Cooperation With Government, Military And Civilian Organizations Worldwide

Software And Technology Competence – Cloud & Infrastructure:

• Planning, Architecture And Migration Of Cloud Environments (Aws, Azure, Strato, Telekom Cloud)
• Building Secure Cloud Platforms With Marketplace Integration For Cloud Services (Xaas, Saas, Iaas)
• Virtualization And Automation Solutions (Vmware Vrealize, Vmware Cloud Foundation, Ansible)

Cybersecurity Solutions:

• Siem/soc/edr: Splunk, Ibm Qradar, Exabeam, Hpe Arcsight, Elk/elastic Siem, Thehive, Cortex, Nexpose, Misp
• Endpoint Security: Fireeye, Sophos, Trendmicro, Drivelock (Device Control, Application Control, Encryption)
• Iam & Pam: Empowerid, Cyberark, Beyondtrust, Saviynt, Psm, Pvwa, Cpm, Abac/rbac Integration, Epm, Pam, Psm
• Pki & Certificate Management: Ms Ndes, Safenet, Ssl/tls, Hsm Integration

Network & Security:

• Network Analysis And Segmentation: Vlan, Ngw, Ddi, Pap Architecture
• Penetration Testing: Metasploit, Burp Suite, Acunetix, Aircrack, Wireshark
• Security Architectures For Classification Levels: Vs-nfd, Vsa, Nato Secret/restricted, Usa/tc Standards

Software Development & Scripting:

• Languages: Java, C++, .Net, Sql, Json
• Scripting: Powershell, Vbs, Batch
• Source Code Analysis, Extensions, Adaptations & Fixes
• Version Control & Devops: Git, Gitlab, Ci/cd Integration

Standards & Regulations:

• Iso/iec 27001, Bsi 200-2, Bsi C5, Nist, Enisa, Gdpr, Dora, Bait, Vait
• Emergency Management According To Bsi 100-4
• Risk Management, Grc, Business Continuity Management (Bcm)
• 5g Security Tools, Palo Alto Networks, Zscaler Zero-trust, Cisco, Fortinet, Proofpoint

Roles & Responsibilities In Projects – Project Leadership & Management:

• Project Manager/pmo For Complex It And Security Projects With Up To 80 Team Members – Local And International (Remote/on-site)
• Responsible For Project Planning, Budget, Schedule, Quality And Risk Control
• Applying Agile Methods (Scrum, Kanban, Safe), Certified In Jira & Atlassian Suite

Consulting & Technical Expertise:

• Enterprise Security Consultant Focusing On High-security Requirements In Government/military And Industrial Environments
• Analysis And Evaluation Of Existing Security Architectures
• Development Of Tailored Security Solutions According To International Standards
• Point Of Contact For Classified Information Processes (Vs-nfd, Nato, Eu, Usa, Embassies)

Security Operations & Incident Response:

• Setup And Operation Of Siem And Soc Environments Including Use Case Development, Playbooks, Escalation Chains
• Consulting And Technical Implementation Of Soar Automation (Splunk, Cortex Etc.)
• Vulnerability Management & Assessment Including Cdc Interface And Incident Documentation

Product Development & Innovation:

• Development Of New Security Products (Hardware & Software) From Concept To Market Launch
• Technical And Commercial Leadership In Pre-sales And Sales Situations
• Supporting Research Teams With Trend Analysis And Market Introductions For Innovative It Security Solutions