Conceptual consulting for securing business processes
Consulting on planning and implementing IT and IT security projects
Security and policy checks, process optimizations, emergency planning
Project management and interim management in IT infrastructure and information security
Overview of relevant projects:
2025: Consulting on a DLP concept for Digid GmbH.
2025: Advising a client after a cybersecurity attack where the IT infrastructure was compromised and the attacker gained M365 tenant admin rights. Investigated and restored IT infrastructure. Created recommendations to improve IT security.
2025: Continued projects for Thyssenkrupp Marine Systems and Norddeutsche Landesbank.
2024: Developed a DNS concept including advice on DNS strategy and technology, DNS design, DNS security, load balancing, reverse lookup zones and automation. Created a DHCP concept including advice on DHCP design, central DHCP management system and automation. Advised on operation of these products, operational processes, and updated IT documentation and service descriptions for Thyssenkrupp Marine Systems.
2024: Current-state analysis and evaluation of provider-established network and security infrastructure regarding overall architecture, design and components. Designed solutions to improve operations for performance, security and complexity reduction. Presented findings, causes and solution options at C-level with decision templates. Developed a SASE concept based on zero-trust architecture for Norddeutsche Landesbank.
2024: Continued projects for Atlas GmbH and Deutsche Vermögensberatung AG.
2023: Advising on remediation of findings from an IT security assessment of IT infrastructure, conducting proof-of-concepts for DDoS protection, Digital Experience Monitoring (DEM) with Zscaler (ZIA, ZPA & ZDX), creating a new security architecture based on zero trust, redesigning Cisco ISE implementation and designing a DNS security solution to protect guests and financial advisors for Atlas GmbH / Deutsche Vermögensberatung AG.
2023: Continued projects for Digid GmbH, Vaillant Group GmbH (until 09/2023), Federal Institute for Geosciences and Natural Resources (until 05/2023) and Union Investment IT-Services GmbH (until 07/2023).
2022: Created and reviewed whitepapers for infrastructure and security architectures, planned new network infrastructures for the German Aerospace Center.
2022: Developed concept for technical and process modernization of a disaster recovery plan for United Nations Volunteers.
2022: Designed concept for migrating measurement data to a cloud environment, introduced network access control and delivered an awareness training for Digid GmbH.
2022: Designed network segmentation concept for DZ Hyp AG.
2022: Designed network segmentation for the Federal Employment Agency.
2021: Designed a new load balancer architecture for Bundeswehr Fuhrparkservices GmbH.
2021: Vulnerability scan and penetration test of a web frontend including evaluation and remediation recommendations based on risk and likelihood for ifi GmbH.
2021: Consulting, design and subproject management for implementing a network access control solution (certificate authentication and MAC bypass) and macro-segmentation (area and zone concept with dynamic device assignment) in office and production IT for Vaillant Group GmbH.
2021: Upgrade and optimization of LAN and WLAN infrastructure for United Nations Volunteers.
2021: Developed target concept for modernizing IT security infrastructure including DMZ (Cisco switches, firewalls, WSA, ESA, SMA), internet access, admin and management networks and wireless LAN, and supported implementation for Federal Institute for Geosciences and Natural Resources.
2021: Created micro-segmentation concept based on Cisco DNA, SGT and zero trust for Union Investment IT-Services GmbH.
2021: Reviewed and updated ISMS Level-3 policies and created procedures for Software AG.
2021: Project lead for global Tec-Refresh Meraki WLAN 2.0, coordinated outsourcing of LAN/WLAN infrastructure to an MSP and created a WLAN concept for automated guided vehicles for Heraeus Infosystems GmbH.
2021: Project management and support for “Transition of SIEM/SOC Services” project into a shared environment and interim Head of Security Operations at Datagroup SE.
2021: Workshop for future mobile device management implementation at Allgeier Experts Go GmbH.
2021: Subproject lead for implementing a firewall rule management tool and recertification of NAC endpoints based on 802.1x and MAB at Union Investment IT-Services GmbH.
2020: Developed network segmentation concept for two data centers based on Cisco and VMware for Aareon AG. Conducted current-state analysis and initiated the project. Designed micro-segmentation for data center and access network.
2020: Infrastructure and security architecture audit for Stuttgarter Versicherung AG. Analyzed IT and security architecture, reviewed contracts, process docs and manuals. Created recommendations to improve stability and operations. Designed network segmentation concept and led implementation.
2020: Consulting on setting up an ISMS-Light at Josera foodforplanet GmbH & Co. KG.
2020: Security architecture consulting at Datagroup SE. Developed future IT infrastructure and security architecture, current-state analysis of IT across 23 entities, optimization recommendations, perimeter vs. zero trust comparison, security zone concept and infrastructure architecture aligned with all entities.
2018-2019: Stream Lead in cybersecurity program at Deutsche Lufthansa AG. Responsible for design and implementation of 9 projects in IT security infrastructure and user access management and for managing project leads and experts. Project areas: network segmentation and access control, security architecture, privileged identity & access management, simplify user authentication (MFA), mobile & endpoint security, OT security, e-enabled aircraft.
2018: Security architecture consulting at Deutsche Lufthansa AG. Project lead for development, evaluation and management of company-wide information security architecture. Developed security strategy and roadmap for zero trust. Evaluated market security solutions, services and tools. Defined RfP requirements, evaluated offers, maintained architecture artifacts. Conducted security reviews of existing and new IT systems and services.
2018: ISMS consulting at GLS IT Services GmbH. Advised on ISMS implementation and initial operation based on ISO27001. Audited IT environments of GLS national subsidiaries. Analyzed and assessed IT security risks and derived measures. Developed solutions with stakeholders. Managed project and handed over ISMS to operations.
2016-2018: Security pre-sales consultant for Cisco Systems GmbH. Nationwide strategic and conceptual consulting for major enterprise and finance clients on Cisco and Meraki security products and services like Firepower, WSA, ESA, Stealthwatch, ISE.
2017-2018: Designed and built ISMS at Verivox GmbH. Conducted BIAs and gap analyses. Created security policies based on ISO2700x. Served as interim Information Security Officer.
2017: Created emergency plan for VPV Lebensversicherungs-AG. Reviewed and updated IT emergency handbook.
2016: Consulting and project management for cloud & hosting services design at Vodafone Group Services GmbH. Analyzed and optimized sell-build-run process. Created detailed design for cloud products.
Jan 2013 - Dec 2016
4 years
Gross-Umstadt, Germany
Freelance IT Infrastructure and Security Consultant
christiandecker.net
2015-2016: Consulting and project management to set up IT security demand management for corporate security at Vodafone Germany GmbH. Supported the Information Security Officer. Proof-of-concept of a WAF integrated with SIEM. Security check of top 10 applications. Security review of a cloud solution for an internal DMS. Security audit of a data center coupling. Migration of SOC from Kabel Deutschland to Vodafone. Defined security parameters for a VDI environment.
2015: Created telephony security concept for VPV Lebensversicherungs-AG.
2014-2015: Consulting and various IT security project management for corporate security at Kabel Deutschland Vertrieb und Service GmbH. Implemented NAC with 4000 endpoints based on Cisco ISE and 802.1x as preparation for TrustSec microsegmentation. Deployed a firewall policy tool based on Tufin. Optimized processes and SIEM integrations with Arcsight. Deployed a vulnerability scanner based on Tripwire. Introduced mobile device management based on SAP Afaria. Reviewed and aligned security policies of both companies.
Jan 2008 - Dec 2013
6 years
Wiesbaden, Germany
Head of Infrastructure & Security and Service Desk / Information Security Officer
Commerz Real AG
Upgraded Windows Server 2003 to 2008.
New employee evaluation system.
Project management for project managers 1–4.
Visualization and presentations.
Jan 2006 - Dec 2008
3 years
Egelsbach, Germany
Head of Technology
Com-Sys Gesellschaft für Netzwerktechnik mbH
IT security criteria comparison (ITIL, BS2700x).
Realtech network management and Funkwerk UTM appliance.
Jan 2002 - Dec 2006
5 years
Egelsbach, Germany
Senior Support Engineer
Com-Sys Gesellschaft für Netzwerktechnik mbH
Avaya Advanced 1st and 3rd level support.
Experience with Enterasys PEN, IDS, IDS-Advanced.
Experience with Kobil SmartKey, SmartToken, SecOvid and mIDentity.
Varysys Packetalarm administrator.
Experience with Enterasys routing, VPN, UPN and IDS.
Jan 2000 - Dec 2002
3 years
Frankfurt, Germany
Team Lead IP Network Management
Deutsche Telekom AG
Led team in IP network management using Cisco technologies (ICND, BSCN, BCMSN, BCRAN, CVOICE, CIT, CID, CATM, AOSPF, ABGP, SNAM, CCIE-VB).
Jan 1999 - Dec 2000
2 years
Frankfurt, Germany
Network Planning and Design Specialist
Fraport AG
Airport management.
Cisco router configurations on IOS.
Conflict management, facilitation and presentations.
Jan 1997 - Dec 1999
3 years
Frankfurt, Germany
Network Operations Center Specialist
Fraport AG
NOC operations trainee.
UNIX, migrated to Solaris.
Federal Data Protection Act.
Basics of Ethernet / Token Ring / ATM.
Sniffer Network Analyzer.
Jan 1996 - Dec 1997
2 years
Frankfurt, Germany
Network Installation Service Specialist
Fraport AG
Jan 1993 - Dec 1996
4 years
Frankfurt, Germany
Apprentice Communication Electronics Technician, Telecommunications
Fraport AG
Bosch Integral 22x/E.
Summary
Conceptual consulting for securing business processes
Consulting on planning and implementing IT and IT security projects
Security and policy checks, process optimizations, emergency planning
Project management and interim management in IT infrastructure and information security
Languages
German
Native
English
Advanced
French
Elementary
Education
Oct 1993 - Jun 1996
Fraport AG
Apprenticeship · Communication Electronics Technician, Telecommunications · Frankfurt, Germany