Introduced Cloud Security Governance to meet ISO/IEC 27017 and CSA CCM
Created a management system to steer cloud security, focusing on process design and roles and responsibilities
Defined security measures to protect cloud solutions
Conducted requirement analyses and defined the scope for cloud security projects
Achievements: Built an effective, NIS2-compliant cloud security governance that meets industry requirements and minimizes cloud security risks
May 2024 - Jun 2024
2 months
Security Consultant
Thyssenkrupp AG
Conducted requirement analysis and concept design for a Security Master Data Platform
Stakeholder management
Achievements: Systematically captured relevant requirements and created a clear concept for centralized management of security-critical data
Nov 2023 - Present
1 year 9 months
Berlin, Germany
University Lecturer
University of Applied Sciences for Engineering and Economics
Information Security, Data Governance, Data Security and Privacy (eng.)
Nov 2023 - Present
1 year 9 months
Strategic Business Advisor
Kertos GmbH
Advised on designing and developing an ISMS tool to support security processes
Developed templates for key documents
Achievements: Co-created a practical ISMS tool that helps companies efficiently implement security management systems
Jul 2023 - Feb 2024
8 months
Security Consultant
Alte Leipziger Lebensversicherung
Addressed findings from a BaFin audit and implemented improvement measures
Created and updated key documents to meet regulatory requirements
Advised management on security-related decisions
Achievements: Improved audit compliance through clear guidelines and efficient implementation of security measures
Nov 2022 - Mar 2024
1 year 5 months
Berlin, Germany
Security Consultant
Messe Berlin GmbH
Integrated a Managed Incident Response Service (SOC+SIEM as a Service)
Prepared requirements and supported the tender process and vendor selection
Planned and coordinated the implementation of the new service
Achievements: Introduced an efficient incident response system that greatly improved security monitoring
Jul 2022 - Dec 2022
6 months
Security Consultant
HABA Group B.V. & Co. KG
Conducted internal and external vulnerability scans
Performed penetration tests and recommended follow-up actions
Carried out the program in cooperation with the tester, Pavel Andreyeu
Presented results at management level
Achievements: Strengthened the IT security infrastructure through detailed vulnerability analyses and targeted measures
Apr 2022 - Present
3 years 4 months
Berlin, Germany
Coordinator
Messe Berlin GmbH
Developed a Technical Assessment Program including internal and external vulnerability scans, penetration tests, technical security audits, re-checks, re-scans and re-tests
Carried out the program with tester Pavel Andreyeu
Recommended measures
Created reports and presented them at management level
Produced a risk-based annual report
Achievements: Made the entire IT attack surface visible, built senior management’s understanding of issues, and outlined action options
Apr 2022 - Dec 2022
9 months
Berlin, Germany
Security Consultant
Messe Berlin GmbH
Conducted internal and external vulnerability scans
Planned and performed penetration tests on critical systems and recommended actions
Worked with tester Pavel Andreyeu
Presented results at management level
Achievements: Identified and fixed critical vulnerabilities to boost IT security
Mar 2022 - Sep 2022
7 months
Interim Manager – CISO
HABA Group B.V. & Co. KG
Built and implemented an Information Security Management System (processes, structures, policies and security concepts)
Handled security incidents
Conducted penetration tests to find and fix vulnerabilities
Worked with tester Pavel Andreyeu
Assessed and raised overall information security level
Developed and ran a training and awareness program
Designed system hardening measures
Procured a Managed Incident Response Service (SOC+SIEM as a Service)
Achievements: Successfully built a structured ISMS that improved IT security sustainably and defined clear responsibilities
Mar 2022 - Mar 2022
1 month
Berlin, Germany
Security Consultant
DIB of Messe Berlin GmbH
Planned and carried out a penetration test of a web platform according to OWASP
Created action plans and result reports
Worked with tester Pavel Andreyeu
Achievements: Identified critical vulnerabilities and developed countermeasures to boost security
Oct 2021 - Oct 2021
1 month
Berlin, Germany
Security Consultant
Smart Country Convention (Messe Berlin GmbH)
Conducted a custom technical test of the deployed IT
Uncovered and assessed vulnerabilities
Recommended countermeasures
Achievements: Delivered thorough penetration tests with vulnerability assessments
Jul 2021 - Dec 2021
6 months
Berlin, Germany
Security Consultant
Messe Berlin GmbH
Developed a custom audit format
Assessed the technical and physical IT structures based on ISO 20000
Proposed improvement and optimization measures
Produced a tailored report and presented findings
Achievements: Identified improvement measures and optimized IT through custom audits
Nov 2020 - Sep 2021
11 months
Security Consultant, IT Project Manager
Daimler AG
Replaced a COBOL-based legacy time and performance system
Developed security requirements
Supported the tender process and POCs, evaluated offers, advised on vendor selection, and assisted with contract negotiations
Helped introduce a cloud-based time management system
Advised on cloud security and supported the cloud risk process
Achievements: Successfully implemented a secure cloud solution
Oct 2020 - Sep 2023
3 years
Berlin, Germany
Information Security Officer
Messe Berlin GmbH
Managed information security incidents and developed a comprehensive incident response process
Designed and delivered an awareness program for staff
Advised senior management on information security and supported decision making
Achievements: Built a security culture that led to noticeable improvements in security levels
Mar 2020 - Dec 2023
3 years 10 months
Berlin, Germany
Security Consultant
Messe Berlin GmbH
Established an information security governance structure (roles, processes) according to ISO/IEC 27001 and BSI IT Baseline
Added other management system components
Risk management
Business continuity management
IT emergency management
Awareness management
Audit and test management
Conducted trainings and workshops
Achievements: Built effective information security governance that meets industry needs and minimizes risks
Feb 2020 - Apr 2020
3 months
Munich, Germany
Security Consultant
Versicherungskammer Bayern
Supported the setup of a Security Operations Center (SOC)
Wrote and quality-checked runbooks
Assisted with tenders and vendor selection
Coordinated and planned penetration tests
Achievements: Successfully supported SOC setup
Sep 2019 - Dec 2020
1 year 4 months
Security Consultant
Zertificon Solutions GmbH
Led cryptography projects for secure data transmission and encryption
Implemented a project management structure for efficient IT security projects
Prepared security approvals and CC certifications for critical IT systems
Achievements: Optimized security architectures through clear project management and reliable encryption solutions
Mar 2019 - Present
6 years 5 months
Blankenfelde-Mahlow, Germany
Independent Security Consultant
APASEC Consulting
Advised on information security and cyber security topics
Security interim management
Security coaching
Supported procurement and IT projects
Coordinated security tests
Mar 2019 - Jan 2020
11 months
Munich, Germany
Interim Manager – Risk Manager
Versicherungskammer Bayern
Built a VAIT-compliant risk management system with clear roles and processes
Performed protection need analyses and created structured risk reports
Supported a KRITIS audit and implemented required security measures
Achievements: Established a robust risk management system that met regulatory requirements and optimized security processes
Mar 2019 - Aug 2019
6 months
Security Consultant
Douglas / Softline Solutions GmbH
Implemented an ISMS
Created security policies and ran workshops
Advised on cloud security and cyber policies
Achievements: Successfully introduced an ISMS to optimize security processes
Oct 2018 - Aug 2019
11 months
Berlin, Germany
University Lecturer
Berlin School of Economics and Law
Organizational Design (eng.)
Aug 2016 - Feb 2019
2 years 7 months
Kiel, Germany
Sales Management Cyber Security
Consist Software Solutions GmbH
Developed a service portfolio
Managed client relationships
Negotiated and closed contracts
Jun 2015 - Jul 2016
1 year 2 months
Berlin, Germany
IT Account Manager
Ferchau Engineering GmbH
Recruiting and leading staff
Managing client relationships
Negotiating and closing contracts
Oct 2014 - Aug 2018
3 years 11 months
Berlin, Germany
University Lecturer
Beuth University of Applied Sciences Berlin
Basics of business management
Operations and personnel management
Jan 2014 - May 2015
1 year 5 months
Berlin, Germany
Account Manager
Euro Engineering AG
Recruiting and leading staff
Managing client relationships
Negotiating and closing contracts
Jan 2013 - Dec 2015
3 years
Berlin, Germany
Scientific Project Work
Institute for Value-Based Management, Beuth University of Applied Sciences Berlin, North Atlantic Doctoral Academy
In the field of business management (part-time)
Oct 2010 - Sep 2012
2 years
Berlin, Germany
Tutor for Financial Accounting and Cost and Performance Accounting
Berlin School of Economics and Law
Sep 1998 - Aug 2010
12 years
Germany
Officer in the Air Force (Captain)
German Armed Forces
IT Officer
Data Processing and Programming Officer
Air Force Security Troops Officer
Summary
Steering Cyber Security projects
Building Information Security Management Systems (ISMS)
Creating security concepts
Information risk management; setting up BAIT- and VAIT-compliant risk management
Project management for SOC implementations
Consulting: SIEM and SOAR, Identity Management and Privileged Access Management, Cloud Security etc.
Consulting: ISMS – ISO/IEC 27001, BSI IT Baseline, ZDv A 960/1, CISIS12