Jan (G. e.) Kopia
Consultant for Information Security & Auditor
Experience
Consultant for Information Security & Auditor
Kopiasonsulting GmbH
Operational management of the company: building teams and infrastructure, developing products, analysis and implementation of IT security measures
Project assignments in the IT security environment focusing on establishing blue teaming activities (defensive processes and technologies) to defend against cyber attacks
Conducting red teaming processes, including penetration tests and security analyses for companies
Consulting on setting up Security Operation Centers and implementing SIEM systems, and building Computer Incident Response Teams (CSIRT)
Auditor for ISO 9001 and ISO 27001, § 8a, ISO 27019, § 11 1a EnWG, TISAX
Advising companies in critical infrastructures on information security and compliance with the IT Security Act
Building SIEM/SOC processes and SOC analyst work (Splunk, ELK-Stack)
Integrating data into monitoring tools (Prometheus, Grafana)
Consulting on BSI IT baseline protection, ISO 9001, ISO 27001, BCM, ITIL and risk management
Security assessments and penetration testing of IT and network architectures
Software Team Lead and IT Security Project Manager
BallyWulff Games & Entertainment GmbH
Leading the software team (12 people)
Organizing software development projects in embedded and x86 technology
Optimizing product development processes, including hardware production workflows
Project management of hardware and software development in the embedded domain (e.g. according to ISA99/IEC62443)
Designing a security module (hardware and software), threat modeling and deciding on cryptographic measures
Creating a security target based on Common Criteria and preparing audits for BSI-certified IT security
Penetration testing of the internal IT environment and security assessments
Reverse engineering of software / network forensics and automation scripts (Bash, Perl, Python)
Head of Department / Executive Assistant
OpenLimit SignCubes GmbH
Operational management of the IT department (35 IT specialists, 5 direct reports)
Introducing and shifting the development methodology to an agile Scrum process
Project management for Common Criteria certifications and support for ISO 27001/ISO 9001 certifications
Creating risk management and IT security concepts for embedded systems
Threat modeling, security assessments and penetration testing of solutions
Developing defense strategies against DDoS attacks and implementing BSI baseline protection requirements
Senior Project Manager and Scrum Master
Immobilienscout24
Serving as Scrum Master for a cross-functional team (1–2 teams, each with 7 people)
Implementing the CRM system Salesforce.com for 500 users
Designing and introducing an external event management system into company processes
Evaluating and implementing an Enterprise Service Bus (ESB) with SOA architecture and setting up BPM
Launching a social media / Enterprise 2.0 intranet
Migrating a BI tool and introducing a new business intelligence system
Partner
Synthesos Wirtschaftsberatungs-GmbH
Consulting and coaching clients on IT processes, financing and HR management
Conducting security assessments and penetration tests
Developing mobile apps (iOS, Android) and writing technical articles
Designing business plans and giving presentations at networking events
Head of Consulting & Project Management
DIS AG
Development and implementation of sales ideas and business unit strategy for consulting and project management
Advising on business processes (CMMI, ITIL, ISO 20000, information security) and IT decisions (SOA, outsourcing, migration)
Pricing and preparation of proposals for personnel assignments
Interim assignments as manager and freelancer for clients such as Axel Springer AG, BP, and Cornelsen
Head of IT
New Impact AG
Disciplinary management of the IT department (20 employees)
Resource planning and operational responsibility for IT processes following ITIL, including security aspects
Project management (requirements specifications, workshops, controlling) based on Hermes
Client consulting and architectural decisions (OOA/OOD with UML)
IT Consultant
Yener Marketing & Vertrieb
Design and implementation of an automated e-business system
Coordination of additional developers and client consulting
Requirements analysis, proposal preparation, and technical specifications
Project management and development of a B2B system (PHP, MySQL, Linux, Apache)
Skills
General Activities
- Audits For Iso 27001, §8a, Iso 27019, §11 1a Enwg, Tisax, Iso 9001
- Development And Review Of Projects, Strategies, Processes And Systems In Information Security And It Security
- Writing It Security Concepts And Technical Articles
- Security Assessments And Penetration Testing
- Project Management (Pmi, Scrum)
- Consulting On Implementing Isms Based On It Baseline Protection (Bsi 200 Series) And Native Iso 27001
- Setting Up Security Operation Centers / Siem Processes
- Conducting Trainings
Special Areas
- Grc, Data Protection And Security Personnel, Analysis And Design Of Solutions
- Software Development Security And It Architecture/infrastructure
- Consulting
- Building Soc / Incident Response And Csirt
- It Security
- Cloud Security
- Pki And Network Infrastructure Security
- Red Teaming / Blue Teaming
- Server And Endpoint Hardening
- Common Criteria Certifications
- Modeling, Analyzing And Optimizing Processes
- Process Standards And Maturity Models (Bsi Baseline Protection (Bsi 200-1-4), Iso 9001, Iso 27001, Cmmi, Risk Management)
- Coaching And Trainings
Core Competencies And Personality
- Coordination Of Complex It And Security Topics
- Building Soc / Incident Response And Csirt Structures
- Goal-oriented
- Diplomatic
- Responsible
- Trustworthy
Experience Areas And Technical Focus
- Security Assessments & Penetration Testing / Owasp, Mitre Att&ck
- Implementation In The Common Criteria Certification Environment
- Advising Companies On Implementing Management Systems (Isms / Iso 27001, Iso 9001, Tisax, Critical Infrastructures According To §8a And It Security Catalog)
- Iso 27001 Based On Bsi It Baseline Protection
- Conducting Trainings On Various Topics, Iso 27001 / Awareness Trainings
- Security Assessments In Industrial Environments
- Building Security Operation Centers (Soc) And Siem Implementation (Including Elk And Splunk Experience)
- Secure Software Development (Secure Coding)
- Cloud Security (M365, Azure, Aws)
- Assessment And Design Of Data Centers For Information Security
- Hardening Systems, E.g. Based On Cis Standards
- Vulnerability Management
- Use Of Tools Such As Nessus, Rapid7, Splunk, Elk-stack, Kali Linux, Burp Suite, Qualys, Aws Security Tools, Palo Alto Soar, Wireshark, Azure Security Tools, Risk2value, Hiscout, Verinice, Crowdstrike
- It Architecture Assessment Based On Standards Like Togaf, Corba, Eap, Naf
- Security In Software Development Processes, Static Code Analysis, Threat Modeling
- Certified Scrum Master And Experience Working With Scrum Teams
- Project Management According To Pmi Knowledge Areas, Traditional And Agile Methods
- Leading Projects And Teams Of Up To 30 People (Agile Methods, Prince2, Pmi)
- Requirements Analysis And Process Analysis
- Creating Functional And Technical Specifications
- Analyzing Processes And It Architectures
- Workshop Moderation
- Author Of Technical Articles And Books
Languages
Education
MBA - Master of Business Administration · Business Administration
Bachelor of Science · Computer Science · Graduated with honors
PhD · Management Systems
Certifications & licenses
SOC-200
CISSP (ISC2)
ISC2
ITIL v4 Update Training
ISO 27001 Lead Auditor
IRCA
ISO 9001 Lead Auditor
IRCA
Scrum Master Certification
Scrum Alliance
Azure Pentester
CMMI
Certified Ethical Hacker (CEH)
Certified Security Analyst (ECSA)
Data Protection Officer
ISO 22301
ISO 27001:2022
ISO 27017/27018
ISO 27701 Auditor
IT Baseline Protection Practitioner
ITIL
PMP – Project Management Professional
PMI
Product Owner Training
SANS Public Cloud Security Provider
Splunk Advanced Power User
Similar Freelancers
Discover other experts with similar qualifications and experience
Owner and Managing Director
KRITIS Consultant
ISO – Senior Consultant Quality & Information Security
Managing Director and Senior Consultant
Security Consultant
Senior Consultant Security (freelance)
IT Security Consultant – Creation & Management of the IT Security Roadmap
System and Endpoint Hardening
Project Manager AOS
Deputy Chief Information Security Officer
Ansible Automation, Windows Third Level Support
ICT Risk Management and Information Security
Information Security Officer
Senior Security Architect
IT-Security Manager
Interim CISO (Germany, Austria, US, APAC), Auditor
CISO as a Service
Project Manager NIS-2
Lead Auditor
Information Security Consultant
Senior Project Manager S4HANA in the Energy Sector
ISO27001 Certification
IT Consulting / IT Rebuild
Associate Partner - Information Security Consulting
CRISC
Senior Consultant / PM Infrastructure Services & Workplace Migration
IT & Cybersecurity Project Manager
ITIL 4 Master
Managing Director; Data Protection Officer; Information Security Officer
