Christian Decker

• Conceptual consulting for securing business processes
• Consulting for the planning and implementation of IT and IT security projects
• Security and policy checks, process optimizations, emergency planning
• Project management and interim management in the area of IT infrastructure and information security

Overview of relevant projects:

• 2025: Consulting on a DLP concept for Digid GmbH.
• 2025: Consulting for a client after a cybersecurity attack that compromised the IT infrastructure and gave the attacker M365 tenant admin rights. Investigated and restored the IT infrastructure. Developed recommendations to improve IT security.
• 2025: Continued the projects mentioned below for Thyssenkrupp Marine Systems and Norddeutsche Landesbank.
• 2024: Developed a DNS concept including advice on DNS strategy and technology, DNS design, DNS security, load balancing, reverse lookup zones, and automation. Developed a DHCP concept including advice on DHCP design, a central DHCP management system, and automation. Advised on the operation of the mentioned products, on operational processes, and adapted the IT documentation and service description for Thyssenkrupp Marine Systems.
• 2024: Current state analysis and evaluation of the network and security infrastructure established by providers regarding the overall architecture, design, and components. Designed solution proposals to improve current operations for maximum performance and security and to reduce complexity. Presented results at the C-level, explaining causes and possible solutions including decision templates. Developed a SASE concept based on a zero trust architecture for Norddeutsche Landesbank.
• 2024: Continued the projects mentioned below for Atlas GmbH and Deutsche Vermögensberatung AG.
• 2023: Consulting to address findings from an IT security assessment of the IT infrastructure, carried out proof-of-concepts for DDoS protection and digital experience monitoring (DEM) with Zscaler (ZIA, ZPA & ZDX), developed a new security architecture based on zero trust, redesigned a Cisco ISE implementation, and designed a DNS security solution to protect guests and financial advisors for Atlas GmbH / Deutsche Vermögensberatung AG.
• 2023: Continued the projects mentioned below for Digid GmbH, Vaillant Group GmbH (until 09/2023), Federal Institute for Geosciences and Natural Resources (until 05/2023), and Union Investment IT-Services GmbH (until 07/2023).
• 2022: Created and reviewed whitepapers for infrastructure and security architectures, planned new network infrastructures for the German Aerospace Center.
• 2022: Concept development for the technical and procedural modernization of a disaster recovery plan for United Nations Volunteers.
• 2022: Concept development for migrating measurement data to a cloud environment, implementation of network access control, and conducted awareness training for Digid GmbH.
• 2022: Concept development for network segmentation for DZ Hyp AG.
• 2022: Concept development for network segmentation for the Federal Employment Agency.
• 2021: Concept development for a new load balancer architecture for Bundeswehr Fuhrparkservices GmbH.
• 2021: Vulnerability scan and penetration test of a web frontend including analysis and remediation recommendations considering risk and likelihood for ifi GmbH.
• 2021: Consulting, design, and sub-project management for implementing a network access control solution (certificate authentication and MAC address bypass) and macro-segmentation (area and zone concept based on dynamic device assignment) in the office and production IT for Vaillant Group GmbH.
• 2021: Upgrade and optimization of LAN and WLAN infrastructure for United Nations Volunteers.
• 2021: Developed a target concept for modernizing IT security infrastructure including the DMZ (Cisco switches, firewalls, WSA, ESA, SMA), internet connections, admin and management networks, and wireless LAN, and supported the implementation for the Federal Institute for Geosciences and Natural Resources.
• 2021: Developed a micro-segmentation concept based on Cisco DNA, SGT, and zero trust for Union Investment IT-Services GmbH.
• 2021: Reviewed and updated ISMS level 3 policies and created procedural instructions for Software AG.
• 2021: Project management for the global tech refresh project Meraki WLAN 2.0, coordinated outsourcing the LAN/WLAN infrastructure to a managed services provider, and developed a WLAN concept for automated guided vehicles at Heraeus Infosystems GmbH.
• 2021: Project management and technical support for the "Transition of SIEM/SOC Services" project for a client into a shared environment and took on the interim role of Head of Security Operations at Datagroup SE.
• 2021: Workshop for future implementation of mobile device management at Allgeier Experts Go GmbH.
• 2021: Sub-project management to introduce a firewall rule management tool and recertification of NAC endpoints based on 802.1x and MAB at Union Investment IT-Services GmbH.
• 2020: Developed a network segmentation concept for two data centers based on Cisco and VMware for Aareon AG.
• Conducted current state analysis and initiated the project.
• Developed a micro-segmentation concept for the data center and access network.
• 2020: Infrastructure and security architecture audit for Stuttgarter Versicherung AG.
• Analyzed the IT infrastructure and security architecture regarding network and security component configurations. Also reviewed contracts, process descriptions, and manuals for completeness. Developed recommendations to improve stability and operations of the infrastructure. Created a network segmentation concept and managed the implementation of the measures from the analysis project.
• 2020: Consulting on building an ISMS light for Josera foodforplanet GmbH & Co. KG.
• 2020: Security architecture consulting at Datagroup SE.
• Developed a future IT infrastructure and security architecture.
• Assessed the current IT architecture of all 23 companies.
• Made recommendations to optimize IT infrastructure and prepared a comparison of classic perimeter security concept versus zero trust model.
• Created a security zone concept.
• Developed an IT infrastructure architecture in coordination with all companies.
• 2018 - 2019: Stream lead in the cybersecurity program at Deutsche Lufthansa AG.
• Responsible for conceptualizing and implementing 9 projects in IT security infrastructure and user access management and for managing project managers and experts.
• Project areas: network segmentation and access control; security architecture; privileged, identity & access management; simplified user authentication (MFA); mobile & endpoint security; OT security; e-enabled aircraft.
• 2018: Security architecture consulting at Deutsche Lufthansa AG.
• Project management for developing, evaluating, and managing the enterprise-wide information security architecture.
• Developed a security strategy and roadmap for aligning the security architecture with the zero trust model.
• Evaluated market security solutions, services, and tools.
• Defined requirements for RFPs and assessed offers.
• Developed, maintained, and monitored security architecture artifacts.
• Conducted security assessments of existing and new IT systems and security services.
• 2018: ISMS consulting at GLS IT Services GmbH.
• Advised on the introduction and initial operation of an ISMS based on ISO 27001.
• Audited IT environments of GLS country organizations.
• Analyzed and assessed IT security risks and derived necessary measures.
• Developed solution proposals in coordination with relevant stakeholders.
• Managed the project and handed over the ISMS to operational teams.
• 2016 - 2018: Security pre-sales consultant for Cisco Systems GmbH.
• Provided strategic and conceptual consulting nationwide to major enterprise and financial services customers on Cisco and Meraki security products and services such as Firepower, WSA, ESA, Stealthwatch, and ISE.
• 2017 - 2018: Conceptualized and implemented an ISMS for Verivox GmbH.
• Conducted various BIAs and gap analyses.
• Developed security policies based on ISO 2700x.
• Took on the interim role of Information Security Officer.
• 2017: Developed an emergency plan for VPV Lebensversicherungs-AG.
• Reviewed and updated the IT emergency manual.
• 2016: Consulting and project management for cloud & hosting service design at Vodafone Group Services GmbH.
• Analyzed and optimized the sell-build-run process.
• Created detailed-level designs for cloud products.

• Upgraded Windows Server 2003 to 2008.
• Implemented a new employee evaluation system.
• Project management for project leader levels 1 to 4.
• Visualization and presentations.

• Avaya advanced 1st and 3rd level support.
• Experience with Enterasys PEN, IDS, and IDS Advanced.
• Experience with Kobil SmartKey, SmartToken, SecOvid, and mIDentity.
• Varysys Packetalarm administrator.
• Experience with Enterasys routing, VPN, UPN, and IDS.

• Airport management.
• Cisco router configurations on IOS.
• Conflict management, moderating and presenting.