Managing Director and Senior Consultant

• Conceptual consulting for securing business processes
• Consulting on planning and implementing IT and IT security projects
• Security and policy checks, process optimizations, emergency planning
• Project management and interim management in IT infrastructure and information security

Overview of relevant projects:

• 2025: Consulting on a DLP concept for Digid GmbH.
• 2025: Advising a client after a cybersecurity attack where the IT infrastructure was compromised and the attacker gained M365 tenant admin rights. Investigated and restored IT infrastructure. Created recommendations to improve IT security.
• 2025: Continued projects for Thyssenkrupp Marine Systems and Norddeutsche Landesbank.
• 2024: Developed a DNS concept including advice on DNS strategy and technology, DNS design, DNS security, load balancing, reverse lookup zones and automation. Created a DHCP concept including advice on DHCP design, central DHCP management system and automation. Advised on operation of these products, operational processes, and updated IT documentation and service descriptions for Thyssenkrupp Marine Systems.
• 2024: Current-state analysis and evaluation of provider-established network and security infrastructure regarding overall architecture, design and components. Designed solutions to improve operations for performance, security and complexity reduction. Presented findings, causes and solution options at C-level with decision templates. Developed a SASE concept based on zero-trust architecture for Norddeutsche Landesbank.
• 2024: Continued projects for Atlas GmbH and Deutsche Vermögensberatung AG.
• 2023: Advising on remediation of findings from an IT security assessment of IT infrastructure, conducting proof-of-concepts for DDoS protection, Digital Experience Monitoring (DEM) with Zscaler (ZIA, ZPA & ZDX), creating a new security architecture based on zero trust, redesigning Cisco ISE implementation and designing a DNS security solution to protect guests and financial advisors for Atlas GmbH / Deutsche Vermögensberatung AG.
• 2023: Continued projects for Digid GmbH, Vaillant Group GmbH (until 09/2023), Federal Institute for Geosciences and Natural Resources (until 05/2023) and Union Investment IT-Services GmbH (until 07/2023).
• 2022: Created and reviewed whitepapers for infrastructure and security architectures, planned new network infrastructures for the German Aerospace Center.
• 2022: Developed concept for technical and process modernization of a disaster recovery plan for United Nations Volunteers.
• 2022: Designed concept for migrating measurement data to a cloud environment, introduced network access control and delivered an awareness training for Digid GmbH.
• 2022: Designed network segmentation concept for DZ Hyp AG.
• 2022: Designed network segmentation for the Federal Employment Agency.
• 2021: Designed a new load balancer architecture for Bundeswehr Fuhrparkservices GmbH.
• 2021: Vulnerability scan and penetration test of a web frontend including evaluation and remediation recommendations based on risk and likelihood for ifi GmbH.
• 2021: Consulting, design and subproject management for implementing a network access control solution (certificate authentication and MAC bypass) and macro-segmentation (area and zone concept with dynamic device assignment) in office and production IT for Vaillant Group GmbH.
• 2021: Upgrade and optimization of LAN and WLAN infrastructure for United Nations Volunteers.
• 2021: Developed target concept for modernizing IT security infrastructure including DMZ (Cisco switches, firewalls, WSA, ESA, SMA), internet access, admin and management networks and wireless LAN, and supported implementation for Federal Institute for Geosciences and Natural Resources.
• 2021: Created micro-segmentation concept based on Cisco DNA, SGT and zero trust for Union Investment IT-Services GmbH.
• 2021: Reviewed and updated ISMS Level-3 policies and created procedures for Software AG.
• 2021: Project lead for global Tec-Refresh Meraki WLAN 2.0, coordinated outsourcing of LAN/WLAN infrastructure to an MSP and created a WLAN concept for automated guided vehicles for Heraeus Infosystems GmbH.
• 2021: Project management and support for “Transition of SIEM/SOC Services” project into a shared environment and interim Head of Security Operations at Datagroup SE.
• 2021: Workshop for future mobile device management implementation at Allgeier Experts Go GmbH.
• 2021: Subproject lead for implementing a firewall rule management tool and recertification of NAC endpoints based on 802.1x and MAB at Union Investment IT-Services GmbH.
• 2020: Developed network segmentation concept for two data centers based on Cisco and VMware for Aareon AG. Conducted current-state analysis and initiated the project. Designed micro-segmentation for data center and access network.
• 2020: Infrastructure and security architecture audit for Stuttgarter Versicherung AG. Analyzed IT and security architecture, reviewed contracts, process docs and manuals. Created recommendations to improve stability and operations. Designed network segmentation concept and led implementation.
• 2020: Consulting on setting up an ISMS-Light at Josera foodforplanet GmbH & Co. KG.
• 2020: Security architecture consulting at Datagroup SE. Developed future IT infrastructure and security architecture, current-state analysis of IT across 23 entities, optimization recommendations, perimeter vs. zero trust comparison, security zone concept and infrastructure architecture aligned with all entities.
• 2018-2019: Stream Lead in cybersecurity program at Deutsche Lufthansa AG. Responsible for design and implementation of 9 projects in IT security infrastructure and user access management and for managing project leads and experts. Project areas: network segmentation and access control, security architecture, privileged identity & access management, simplify user authentication (MFA), mobile & endpoint security, OT security, e-enabled aircraft.
• 2018: Security architecture consulting at Deutsche Lufthansa AG. Project lead for development, evaluation and management of company-wide information security architecture. Developed security strategy and roadmap for zero trust. Evaluated market security solutions, services and tools. Defined RfP requirements, evaluated offers, maintained architecture artifacts. Conducted security reviews of existing and new IT systems and services.
• 2018: ISMS consulting at GLS IT Services GmbH. Advised on ISMS implementation and initial operation based on ISO27001. Audited IT environments of GLS national subsidiaries. Analyzed and assessed IT security risks and derived measures. Developed solutions with stakeholders. Managed project and handed over ISMS to operations.
• 2016-2018: Security pre-sales consultant for Cisco Systems GmbH. Nationwide strategic and conceptual consulting for major enterprise and finance clients on Cisco and Meraki security products and services like Firepower, WSA, ESA, Stealthwatch, ISE.
• 2017-2018: Designed and built ISMS at Verivox GmbH. Conducted BIAs and gap analyses. Created security policies based on ISO2700x. Served as interim Information Security Officer.
• 2017: Created emergency plan for VPV Lebensversicherungs-AG. Reviewed and updated IT emergency handbook.
• 2016: Consulting and project management for cloud & hosting services design at Vodafone Group Services GmbH. Analyzed and optimized sell-build-run process. Created detailed design for cloud products.

• Upgraded Windows Server 2003 to 2008.
• New employee evaluation system.
• Project management for project managers 1–4.
• Visualization and presentations.

• Avaya Advanced 1st and 3rd level support.
• Experience with Enterasys PEN, IDS, IDS-Advanced.
• Experience with Kobil SmartKey, SmartToken, SecOvid and mIDentity.
• Varysys Packetalarm administrator.
• Experience with Enterasys routing, VPN, UPN and IDS.

• Airport management.
• Cisco router configurations on IOS.
• Conflict management, facilitation and presentations.