Henryk Orantek
Security Consultant
Experience
Jun 2024 - Present
1 year 2 monthsSecurity Consultant
Daimler AG
- Developed a Cloud Security Strategy
- Introduced Cloud Security Governance to meet ISO/IEC 27017 and CSA CCM
- Created a management system to steer cloud security, focusing on process design and roles and responsibilities
- Defined security measures to protect cloud solutions
- Conducted requirement analyses and defined the scope for cloud security projects
- Achievements: Built an effective, NIS2-compliant cloud security governance that meets industry requirements and minimizes cloud security risks
May 2024 - Jun 2024
2 monthsSecurity Consultant
Thyssenkrupp AG
- Conducted requirement analysis and concept design for a Security Master Data Platform
- Stakeholder management
- Achievements: Systematically captured relevant requirements and created a clear concept for centralized management of security-critical data
Nov 2023 - Present
1 year 9 monthsBerlin, Germany
University Lecturer
University of Applied Sciences for Engineering and Economics
- Information Security, Data Governance, Data Security and Privacy (eng.)
Nov 2023 - Present
1 year 9 monthsStrategic Business Advisor
Kertos GmbH
- Advised on designing and developing an ISMS tool to support security processes
- Developed templates for key documents
- Achievements: Co-created a practical ISMS tool that helps companies efficiently implement security management systems
Jul 2023 - Feb 2024
8 monthsSecurity Consultant
Alte Leipziger Lebensversicherung
- Addressed findings from a BaFin audit and implemented improvement measures
- Created and updated key documents to meet regulatory requirements
- Advised management on security-related decisions
- Achievements: Improved audit compliance through clear guidelines and efficient implementation of security measures
Nov 2022 - Mar 2024
1 year 5 monthsBerlin, Germany
Security Consultant
Messe Berlin GmbH
- Integrated a Managed Incident Response Service (SOC+SIEM as a Service)
- Prepared requirements and supported the tender process and vendor selection
- Planned and coordinated the implementation of the new service
- Achievements: Introduced an efficient incident response system that greatly improved security monitoring
Jul 2022 - Dec 2022
6 monthsSecurity Consultant
HABA Group B.V. & Co. KG
- Conducted internal and external vulnerability scans
- Performed penetration tests and recommended follow-up actions
- Carried out the program in cooperation with the tester, Pavel Andreyeu
- Presented results at management level
- Achievements: Strengthened the IT security infrastructure through detailed vulnerability analyses and targeted measures
Apr 2022 - Present
3 years 4 monthsBerlin, Germany
Coordinator
Messe Berlin GmbH
- Developed a Technical Assessment Program including internal and external vulnerability scans, penetration tests, technical security audits, re-checks, re-scans and re-tests
- Carried out the program with tester Pavel Andreyeu
- Recommended measures
- Created reports and presented them at management level
- Produced a risk-based annual report
- Achievements: Made the entire IT attack surface visible, built senior management’s understanding of issues, and outlined action options
Apr 2022 - Dec 2022
9 monthsBerlin, Germany
Security Consultant
Messe Berlin GmbH
- Conducted internal and external vulnerability scans
- Planned and performed penetration tests on critical systems and recommended actions
- Worked with tester Pavel Andreyeu
- Presented results at management level
- Achievements: Identified and fixed critical vulnerabilities to boost IT security
Mar 2022 - Sep 2022
7 monthsInterim Manager – CISO
HABA Group B.V. & Co. KG
- Built and implemented an Information Security Management System (processes, structures, policies and security concepts)
- Handled security incidents
- Conducted penetration tests to find and fix vulnerabilities
- Worked with tester Pavel Andreyeu
- Assessed and raised overall information security level
- Developed and ran a training and awareness program
- Designed system hardening measures
- Procured a Managed Incident Response Service (SOC+SIEM as a Service)
- Achievements: Successfully built a structured ISMS that improved IT security sustainably and defined clear responsibilities
Mar 2022 - Mar 2022
1 monthBerlin, Germany
Security Consultant
DIB of Messe Berlin GmbH
- Planned and carried out a penetration test of a web platform according to OWASP
- Created action plans and result reports
- Worked with tester Pavel Andreyeu
- Achievements: Identified critical vulnerabilities and developed countermeasures to boost security
Oct 2021 - Oct 2021
1 monthBerlin, Germany
Security Consultant
Smart Country Convention (Messe Berlin GmbH)
- Conducted a custom technical test of the deployed IT
- Uncovered and assessed vulnerabilities
- Recommended countermeasures
- Achievements: Delivered thorough penetration tests with vulnerability assessments
Jul 2021 - Dec 2021
6 monthsBerlin, Germany
Security Consultant
Messe Berlin GmbH
- Developed a custom audit format
- Assessed the technical and physical IT structures based on ISO 20000
- Proposed improvement and optimization measures
- Produced a tailored report and presented findings
- Achievements: Identified improvement measures and optimized IT through custom audits
Nov 2020 - Sep 2021
11 monthsSecurity Consultant, IT Project Manager
Daimler AG
- Replaced a COBOL-based legacy time and performance system
- Developed security requirements
- Supported the tender process and POCs, evaluated offers, advised on vendor selection, and assisted with contract negotiations
- Helped introduce a cloud-based time management system
- Advised on cloud security and supported the cloud risk process
- Achievements: Successfully implemented a secure cloud solution
Oct 2020 - Sep 2023
3 yearsBerlin, Germany
Information Security Officer
Messe Berlin GmbH
- Managed information security incidents and developed a comprehensive incident response process
- Designed and delivered an awareness program for staff
- Advised senior management on information security and supported decision making
- Achievements: Built a security culture that led to noticeable improvements in security levels
Mar 2020 - Dec 2023
3 years 10 monthsBerlin, Germany
Security Consultant
Messe Berlin GmbH
- Established an information security governance structure (roles, processes) according to ISO/IEC 27001 and BSI IT Baseline
- Added other management system components
- Risk management
- Business continuity management
- IT emergency management
- Awareness management
- Audit and test management
- Conducted trainings and workshops
- Achievements: Built effective information security governance that meets industry needs and minimizes risks
Feb 2020 - Apr 2020
3 monthsMunich, Germany
Security Consultant
Versicherungskammer Bayern
- Supported the setup of a Security Operations Center (SOC)
- Wrote and quality-checked runbooks
- Assisted with tenders and vendor selection
- Coordinated and planned penetration tests
- Achievements: Successfully supported SOC setup
Sep 2019 - Dec 2020
1 year 4 monthsSecurity Consultant
Zertificon Solutions GmbH
- Led cryptography projects for secure data transmission and encryption
- Implemented a project management structure for efficient IT security projects
- Prepared security approvals and CC certifications for critical IT systems
- Achievements: Optimized security architectures through clear project management and reliable encryption solutions
Mar 2019 - Present
6 years 5 monthsBlankenfelde-Mahlow, Germany
Independent Security Consultant
APASEC Consulting
- Advised on information security and cyber security topics
- Security interim management
- Security coaching
- Supported procurement and IT projects
- Coordinated security tests
Mar 2019 - Jan 2020
11 monthsMunich, Germany
Interim Manager – Risk Manager
Versicherungskammer Bayern
- Built a VAIT-compliant risk management system with clear roles and processes
- Performed protection need analyses and created structured risk reports
- Supported a KRITIS audit and implemented required security measures
- Achievements: Established a robust risk management system that met regulatory requirements and optimized security processes
Mar 2019 - Aug 2019
6 monthsSecurity Consultant
Douglas / Softline Solutions GmbH
- Implemented an ISMS
- Created security policies and ran workshops
- Advised on cloud security and cyber policies
- Achievements: Successfully introduced an ISMS to optimize security processes
Oct 2018 - Aug 2019
11 monthsBerlin, Germany
University Lecturer
Berlin School of Economics and Law
- Organizational Design (eng.)
Aug 2016 - Feb 2019
2 years 7 monthsKiel, Germany
Sales Management Cyber Security
Consist Software Solutions GmbH
- Developed a service portfolio
- Managed client relationships
- Negotiated and closed contracts
Jun 2015 - Jul 2016
1 year 2 monthsBerlin, Germany
IT Account Manager
Ferchau Engineering GmbH
- Recruiting and leading staff
- Managing client relationships
- Negotiating and closing contracts
Oct 2014 - Aug 2018
3 years 11 monthsBerlin, Germany
University Lecturer
Beuth University of Applied Sciences Berlin
- Basics of business management
- Operations and personnel management
Jan 2014 - May 2015
1 year 5 monthsBerlin, Germany
Account Manager
Euro Engineering AG
- Recruiting and leading staff
- Managing client relationships
- Negotiating and closing contracts
Jan 2013 - Dec 2015
3 yearsBerlin, Germany
Scientific Project Work
Institute for Value-Based Management, Beuth University of Applied Sciences Berlin, North Atlantic Doctoral Academy
- In the field of business management (part-time)
Oct 2010 - Sep 2012
2 yearsBerlin, Germany
Tutor for Financial Accounting and Cost and Performance Accounting
Berlin School of Economics and Law
Sep 1998 - Aug 2010
12 yearsGermany
Officer in the Air Force (Captain)
German Armed Forces
- IT Officer
- Data Processing and Programming Officer
- Air Force Security Troops Officer
Summary
- Steering Cyber Security projects
- Building Information Security Management Systems (ISMS)
- Creating security concepts
- Information risk management; setting up BAIT- and VAIT-compliant risk management
- Project management for SOC implementations
- Consulting: SIEM and SOAR, Identity Management and Privileged Access Management, Cloud Security etc.
- Consulting: ISMS – ISO/IEC 27001, BSI IT Baseline, ZDv A 960/1, CISIS12
- Internal audits, awareness trainings, protection needs and level assessments, structural analyses
- Process design and modeling
- Agile project management
- Management and organizational concepts
- BAIT, KAIT and VAIT compliance
- DORA, NIS2, KRITIS compliance
Languages
German
NativeEnglish
Advanced Education
Oct 2012 - Jun 2013
Beuth University of Applied Sciences Berlin
Master of Science · Industrial Engineering – Mechanical Engineering · Berlin, Germany
Oct 2009 - Sep 2012
Berlin School of Economics and Law in cooperation with Beuth University of Applied Sciences Berlin
Bachelor of Engineering · Industrial Engineering – Environment and Sustainability, Process Engineering · Berlin, Germany
Certifications & licenses
AgilePM (DSDM)
Certified Cyber Security Incident Manager SOC/CDC CERT/CSIM
Certified ISMS-Lead Implementer ISO/IEC 27001
Certified IT-Risk Manager ISO/IEC 27005/31000
Certified Information Security Officer ISO/IEC 27001
Certified Information Systems Security Professional (CISSP)
Certified Lead Auditor ISO/IEC 27001
Certified TISAX Implementer
Certified TISAX Lead Auditor
Certified TISAX Professional
Certified Technical Security Analyst CERT/TSA
DORA Foundation
ITIL
SCRUM
Certified BSI IT Baseline Expert
Certified Business Continuity Manager ISO 22301/27031
Certified CISO
Certified IT Security Officer
Need a freelancer? Find your match in seconds.
Try FRATCH GPT More actions
Similar Freelancers
Discover other experts with similar qualifications and experience
