Henryk O. - Security Consultant

Go to Website

Blankenfelde-Mahlow, Germany

Experience

Jun 2024 - Present

1 year 7 months

Security Consultant

Daimler AG

Developed a Cloud Security Strategy
Introduced Cloud Security Governance to meet ISO/IEC 27017 and CSA CCM
Created a management system to steer cloud security, focusing on process design and roles and responsibilities
Defined security measures to protect cloud solutions
Conducted requirement analyses and defined the scope for cloud security projects
Achievements: Built an effective, NIS2-compliant cloud security governance that meets industry requirements and minimizes cloud security risks

May 2024 - Jun 2024

2 months

Security Consultant

Thyssenkrupp AG

Conducted requirement analysis and concept design for a Security Master Data Platform
Stakeholder management
Achievements: Systematically captured relevant requirements and created a clear concept for centralized management of security-critical data

Nov 2023 - Present

2 years 2 months

Berlin, Germany

University Lecturer

University of Applied Sciences for Engineering and Economics

Information Security, Data Governance, Data Security and Privacy (eng.)

Nov 2023 - Present

2 years 2 months

Strategic Business Advisor

Kertos GmbH

Advised on designing and developing an ISMS tool to support security processes
Developed templates for key documents
Achievements: Co-created a practical ISMS tool that helps companies efficiently implement security management systems

Jul 2023 - Feb 2024

8 months

Security Consultant

Alte Leipziger Lebensversicherung

Addressed findings from a BaFin audit and implemented improvement measures
Created and updated key documents to meet regulatory requirements
Advised management on security-related decisions
Achievements: Improved audit compliance through clear guidelines and efficient implementation of security measures

Nov 2022 - Mar 2024

1 year 5 months

Berlin, Germany

Security Consultant

Messe Berlin GmbH

Integrated a Managed Incident Response Service (SOC+SIEM as a Service)
Prepared requirements and supported the tender process and vendor selection
Planned and coordinated the implementation of the new service
Achievements: Introduced an efficient incident response system that greatly improved security monitoring

Jul 2022 - Dec 2022

6 months

Security Consultant

HABA Group B.V. & Co. KG

Conducted internal and external vulnerability scans
Performed penetration tests and recommended follow-up actions
Carried out the program in cooperation with the tester, Pavel Andreyeu
Presented results at management level
Achievements: Strengthened the IT security infrastructure through detailed vulnerability analyses and targeted measures

Apr 2022 - Present

3 years 9 months

Berlin, Germany

Coordinator

Messe Berlin GmbH

Developed a Technical Assessment Program including internal and external vulnerability scans, penetration tests, technical security audits, re-checks, re-scans and re-tests
Carried out the program with tester Pavel Andreyeu
Recommended measures
Created reports and presented them at management level
Produced a risk-based annual report
Achievements: Made the entire IT attack surface visible, built senior management’s understanding of issues, and outlined action options

Apr 2022 - Dec 2022

9 months

Berlin, Germany

Security Consultant

Messe Berlin GmbH

Conducted internal and external vulnerability scans
Planned and performed penetration tests on critical systems and recommended actions
Worked with tester Pavel Andreyeu
Presented results at management level
Achievements: Identified and fixed critical vulnerabilities to boost IT security

Mar 2022 - Sep 2022

7 months

Interim Manager – CISO

HABA Group B.V. & Co. KG

Built and implemented an Information Security Management System (processes, structures, policies and security concepts)
Handled security incidents
Conducted penetration tests to find and fix vulnerabilities
Worked with tester Pavel Andreyeu
Assessed and raised overall information security level
Developed and ran a training and awareness program
Designed system hardening measures
Procured a Managed Incident Response Service (SOC+SIEM as a Service)
Achievements: Successfully built a structured ISMS that improved IT security sustainably and defined clear responsibilities

Mar 2022 - Mar 2022

1 month

Berlin, Germany

Security Consultant

DIB of Messe Berlin GmbH

Planned and carried out a penetration test of a web platform according to OWASP
Created action plans and result reports
Worked with tester Pavel Andreyeu
Achievements: Identified critical vulnerabilities and developed countermeasures to boost security

Oct 2021 - Oct 2021

1 month

Berlin, Germany

Security Consultant

Smart Country Convention (Messe Berlin GmbH)

Conducted a custom technical test of the deployed IT
Uncovered and assessed vulnerabilities
Recommended countermeasures
Achievements: Delivered thorough penetration tests with vulnerability assessments

Jul 2021 - Dec 2021

6 months

Berlin, Germany

Security Consultant

Messe Berlin GmbH

Developed a custom audit format
Assessed the technical and physical IT structures based on ISO 20000
Proposed improvement and optimization measures
Produced a tailored report and presented findings
Achievements: Identified improvement measures and optimized IT through custom audits

Nov 2020 - Sep 2021

11 months

Security Consultant, IT Project Manager

Daimler AG

Replaced a COBOL-based legacy time and performance system
Developed security requirements
Supported the tender process and POCs, evaluated offers, advised on vendor selection, and assisted with contract negotiations
Helped introduce a cloud-based time management system
Advised on cloud security and supported the cloud risk process
Achievements: Successfully implemented a secure cloud solution

Oct 2020 - Sep 2023

3 years

Berlin, Germany

Information Security Officer

Messe Berlin GmbH

Managed information security incidents and developed a comprehensive incident response process
Designed and delivered an awareness program for staff
Advised senior management on information security and supported decision making
Achievements: Built a security culture that led to noticeable improvements in security levels

Mar 2020 - Dec 2023

3 years 10 months

Berlin, Germany

Security Consultant

Messe Berlin GmbH

Established an information security governance structure (roles, processes) according to ISO/IEC 27001 and BSI IT Baseline
Added other management system components
Risk management
Business continuity management
IT emergency management
Awareness management
Audit and test management
Conducted trainings and workshops
Achievements: Built effective information security governance that meets industry needs and minimizes risks

Feb 2020 - Apr 2020

3 months

Munich, Germany

Security Consultant

Versicherungskammer Bayern

Supported the setup of a Security Operations Center (SOC)
Wrote and quality-checked runbooks
Assisted with tenders and vendor selection
Coordinated and planned penetration tests
Achievements: Successfully supported SOC setup

Sep 2019 - Dec 2020

1 year 4 months

Security Consultant

Zertificon Solutions GmbH

Led cryptography projects for secure data transmission and encryption
Implemented a project management structure for efficient IT security projects
Prepared security approvals and CC certifications for critical IT systems
Achievements: Optimized security architectures through clear project management and reliable encryption solutions

Mar 2019 - Present

6 years 10 months

Blankenfelde-Mahlow, Germany

Independent Security Consultant

APASEC Consulting

Advised on information security and cyber security topics
Security interim management
Security coaching
Supported procurement and IT projects
Coordinated security tests

Mar 2019 - Jan 2020

11 months

Munich, Germany

Interim Manager – Risk Manager

Versicherungskammer Bayern

Built a VAIT-compliant risk management system with clear roles and processes
Performed protection need analyses and created structured risk reports
Supported a KRITIS audit and implemented required security measures
Achievements: Established a robust risk management system that met regulatory requirements and optimized security processes

Mar 2019 - Aug 2019

6 months

Security Consultant

Douglas / Softline Solutions GmbH

Implemented an ISMS
Created security policies and ran workshops
Advised on cloud security and cyber policies
Achievements: Successfully introduced an ISMS to optimize security processes

Oct 2018 - Aug 2019

11 months

Berlin, Germany

University Lecturer

Berlin School of Economics and Law

Organizational Design (eng.)

Aug 2016 - Feb 2019

2 years 7 months

Kiel, Germany

Sales Management Cyber Security

Consist Software Solutions GmbH

Developed a service portfolio
Managed client relationships
Negotiated and closed contracts

Jun 2015 - Jul 2016

1 year 2 months

Berlin, Germany

IT Account Manager

Ferchau Engineering GmbH

Recruiting and leading staff
Managing client relationships
Negotiating and closing contracts

Oct 2014 - Aug 2018

3 years 11 months

Berlin, Germany

University Lecturer

Beuth University of Applied Sciences Berlin

Basics of business management
Operations and personnel management

Jan 2014 - May 2015

1 year 5 months

Berlin, Germany

Account Manager

Euro Engineering AG

Recruiting and leading staff
Managing client relationships
Negotiating and closing contracts

Jan 2013 - Dec 2015

3 years

Berlin, Germany

Scientific Project Work

Institute for Value-Based Management, Beuth University of Applied Sciences Berlin, North Atlantic Doctoral Academy

In the field of business management (part-time)

Oct 2010 - Sep 2012

2 years

Berlin, Germany

Tutor for Financial Accounting and Cost and Performance Accounting

Berlin School of Economics and Law

Sep 1998 - Aug 2010

12 years

Germany

Officer in the Air Force (Captain)

German Armed Forces

IT Officer
Data Processing and Programming Officer
Air Force Security Troops Officer

Summary

Steering Cyber Security projects
Building Information Security Management Systems (ISMS)
Creating security concepts
Information risk management; setting up BAIT- and VAIT-compliant risk management
Project management for SOC implementations
Consulting: SIEM and SOAR, Identity Management and Privileged Access Management, Cloud Security etc.
Consulting: ISMS – ISO/IEC 27001, BSI IT Baseline, ZDv A 960/1, CISIS12
Internal audits, awareness trainings, protection needs and level assessments, structural analyses
Process design and modeling
Agile project management
Management and organizational concepts
BAIT, KAIT and VAIT compliance
DORA, NIS2, KRITIS compliance