Markus Willems
ISMS Implementation Consultant
Experience
ISMS Implementation Consultant
Software Services Company
Implementation of ISMS ISO/IEC 27001:
- Creation of guidelines and processes
- Creation of ISMS and reporting
- Employee training
IT Security Consultant
Investment Bank
Support in design and compliance with DORA requirements in conjunction with ISO 27001
IT Security Consultant
Investment House
Support in design and compliance with DORA requirements in conjunction with ISO 27001
IT Security Consultant
Government Agency
Creation of security, risk and emergency concepts for a nationwide operating authority in multiple locations. Conducting data protection impact assessments and completion of data protection concepts.
Creation of security concept, risk analysis, emergency concepts and data protection impact assessment according to:
- GDPR
- BSI Basic Protection 200-2, 200-3
- ISO 27001
- ISO 27005
Security Consultant
Software and Hardware Manufacturer
- C5-Cloud-Security consulting
- Creation of BSI IT baseline security concepts
- Data protection impact assessment for cloud platform
- Technical concepts for backup and software programming
- Analysis of Windows 10 systems in kiosk mode
- Creation of data protection concept for cloud platform implementation
KRITIS Consultant
IT Service Provider for Highway Maintenance
Revision of documents according to KRITIS standards. Revision and specification of KRITIS-relevant documentation to prepare for next audit:
- ISO 27001
- BSI 200-1, 200-2, 200-3, 100-4 and 200-4
- KRITIS requirements
IT Security Consultant
Swiss Federal Administration
Consulting according to ICT basic protection, ISDS responsibility for building a new digitization platform according to:
- ICT basic protection
- Swiss data protection law
KRITIS Consultant
Regional Transport Company
Revision of documents according to KRITIS standards. Revision and specification of KRITIS-relevant documentation to prepare for next KRITIS audit:
- ISO 27001
- BSI 200-1, 200-2, 200-3, 100-4 and 200-4
- KRITIS requirements
ISO 27001 Consultant
Property Management Company
Preparation for ISO 27001 and BSI IT baseline protection certification (approx. 60,000 residential units)
Key activities:
- ISO 27001, BSI 200-1, 200-2, 200-3, 100-4 and 200-4 implementation
- Close coordination with data protection officers
- Development of data protection concepts
- Completion of security concepts from compliance perspective
Security Consultant
Bank
Review of security concepts, SFO, guidelines and concepts to prepare for §44 KWG audit:
- ISO 27001
- KRITIS
- BSI basic protection 200-(1,2,3,4)
- BAFIN
- BAIT
- §44 KWG
Security Consultant
Software Company
Creation of security concepts:
- C5-Cloud-Security
- BSI IT baseline protection concepts
- Data protection impact assessment for cloud platform (AWS, Azure, RegioIT Aachen)
- Creation of data protection concepts for platform usage
IT Security Consultant
Swiss Federal Administration
Creation of information security and data protection concepts according to Si001 ICT basic protection for a government project in Switzerland according to NCSC requirements. Grouping of protection objects according to NATO C3 taxonomy.
Creation of ISDS concepts for test and production environment as well as emergency concept according to P042-Hi03 for production. Project involves multiple releases with adjusted ISDS concepts and standard documents.
Delivered objects for protection groups and individual objects according to P042 standard for enhanced protection requirements:
- Hi01 protection requirements
- RINA analysis extension
- Classification justification according to information protection ordinance
- Analysis of individual procedures
- Creation of Hi01-ISDS concept
- Hi02 risk analysis
- Consulting project groups on ISDS requirements
- Communication with ISBO team
- Project management communication and scheduling
- Participation in planning meetings
- Communication with project groups to improve progress
- Test supervision and continuous security concept optimization
Emergency Management Consultant
Insurance Service Provider
Emergency management and emergency concept creation for healthcare benefits billing in public sector according to:
- ISO 27005
- ISO 31000
- BSI 200-4
IT Security Consultant
Bank Data Center
Review of IT security documentation and preparation for BAFIN Banking Act §44 audit:
- BAIT
- MARISK
- ISO 27001
- BSI IT baseline protection
- GDPR
- Risk analysis
- Emergency concepts
- IT compliance
TISAX Consultant
Testing Organization
Review of documents and creation of guidelines in preparation for TISAX audit
Data Protection Consultant
Ministry
Data protection impact assessment for introduction of electronic file management system
IT Security Consultant
University
Creation of IT security concept for implementation of university management application (ca. 3500 employees, 15000 students):
- Security concept and risk analysis
- BSI basic protection 200-2, 200-3
- ISO 27001
- ISO 27005
- Private cloud NextCloud integration
IT Security Consultant
Charitable Organization
Creation of IT security concept for 60 locations with approx. 45 servers according to:
- BSI basic protection 200-2, 200-3
- ISO 27001
- ISO 27005
Security Architect
Fintech Startup
IT environment conception according to Zero Trust Architecture model:
- NIST 800-207 Zero Trust Architecture
- PCI-DSS
IT Security Consultant
Government Agency
Creation of security, risk and emergency concepts for nationwide operating authority:
- Security concept and risk analysis
- Emergency concepts
- Data protection impact assessment
- GDPR
- BSI basic protection 200-2, 200-3
- ISO 27001
- ISO 27005
Security Consultant
Pentesting web application and app:
- Security analysis of web application and iOS/Android app
- Vulnerability assessment
- Coordination of remediation measures
- Security DevOps
- Ethical hacking
Security Consultant
Medical Assessment Platform
Creation of IT security concept:
- Security concept and risk analysis
- Data protection impact assessment
- GDPR
- BSI basic protection 200-2, 200-3
- ISO 27001
- ISO 27005
Interim Security Manager
Bank
Review and revision of security concepts in preparation for audit:
- Creation of concepts and guidelines
- ISO 27001
- BSI basic protection 200-1,2,3 and 100-4
IT Security Consultant
Manufacturing Company
Assessment and optimization of IT security settings
Security Consultant
Library Solution Provider
Analysis and security concept creation:
- BSI basic protection concepts
- Risk analysis and data protection impact assessment
- Employee training
- Cloud services analysis (AWS and Azure)
Security Architect
Public Broadcaster
Network zoning concept development:
- IT environment security through network rezoning
- Concept creation considering BSI-GS, ISO 27001 and NIST recommendations
- Project management for security zone model implementation
Mitigation of pentest findings and vulnerability analyses under forensic and incident response aspects
ISO 27001 Consultant
Bank
ISO 27001 audit preparation:
- Migration from GS 15.EL to GS Compendium 2020
- Review of ISO 27001 required documents
- BAFIN §44 KWG audit follow-up
- Process landscape analysis and optimization
- Cloud services analysis
- CMDB i-doIT analysis
Security Training Consultant
5-day training on security concept creation according to BSI basic protection compendium including:
- Risk analysis
- Emergency concept
- Concept creation according to BSI 200-1, 200-2, 200-3 and 100-4
ISO 27001 Consultant
Data Center
Preparation for ISO 27001 certification:
- Creation of relevant documents
- Pre-audits based on IT baseline protection compendium
Incident Response Consultant
Financial Sector Company
Post-hack recovery:
- IT operations restoration
- Security analysis
- Business security requirements analysis
- Recommendations implementation
- Vulnerability assessment
- Coordination of internal/external service providers
- Emergency organization management
Incident Response Consultant
IT System House
Post-hack recovery:
- IT operations restoration
- Security analysis
- Business security requirements analysis
- Vulnerability assessment and remediation
- Security DevOps
- IT security consulting
- Ethical hacking
Incident Response Consultant
Logistics Company
Post-hack recovery:
- IT operations restoration
- Security analysis
- Business security requirements analysis
- Vulnerability assessment and remediation
- Emergency organization management
Incident Response Consultant
Production Company
Post-hack recovery:
- IT operations restoration
- Security analysis
- Business security requirements analysis
- Vulnerability assessment and remediation
- Emergency organization management
Data Protection Consultant
Architecture Firm
Setup of all GDPR-relevant documents and processes as external data protection consultant
Security Consultant
University
Security concept creation for Windows Server 2016/2019, Office 365 and Azure rollout:
- Security concepts and process review
- Security incident handling procedures
- Works council approval documentation
Incident Response Consultant
Facility Services Company
Post-hack recovery:
- IT operations restoration
- Security analysis
- Business security requirements analysis
- Vulnerability assessment and remediation
- Emergency organization management
Incident Response Consultant
Healthcare Provider
Post-hack recovery:
- IT operations restoration
- Security analysis
- Business security requirements analysis
- Vulnerability assessment and remediation
- Emergency organization management
Incident Response Consultant
Consulting Firm
Post-hack recovery:
- IT operations restoration
- Security analysis
- Business security requirements analysis
- Vulnerability assessment and remediation
- Emergency organization management
Data Protection Consultant
Data protection consulting and external data protection officer for various clients according to EU-GDPR
IT Security Consultant
Bank
Creation of security processes and review of existing processes:
- Security incident handling procedures for SOC
- MaRisk and BAIT requirements implementation
- Standards: COBIT, ITIL, ISO 27001/27002, PCI-DSS, BSI basic protection, NIST, MaRisk, BAIT, SOX
- SIEM and SOC implementation for bank data center with over 40,000 servers and 25,000 ATMs
Security Mentor
Municipality
Review of security concepts and mentoring for new concept creation
ISMS Consultant
University
Review and optimization of ISMS after one year:
- Security analysis and concept based on BSI 200-(1-3) and EU-GDPR
- Security improvement measures
- ISMS implementation
Tools/Methods: ISO 27001, BSI basic protection, security scanners/pentest tools
Security Consultant
Security consulting for 3 projects:
- BSI basic protection consulting
- Process optimization and ISO 27001 audit preparation
- Risk analysis
- PCI-DSS optimization
- Security concepts creation
- Cloud security concepts
Project scope: 8 million Euro
Security Consultant
Transport Sector
Security analysis, auditing and creation of IT security concepts
Security Consultant
Direct Bank
Security analysis and auditing:
- BSI basic protection optimization for web environment
- Creation of operational concepts and manuals
- Customer focus: approx. 5 million daily users
ISMS Consultant
University
Security analysis, concept and ISMS implementation based on ISO 27001/BSI basic protection analysis:
- Security measures improvement
- ISMS establishment
Tools/Methods: ISO 27001, BSI basic protection, security scanners/pentest tools
ISMS Consultant
Municipalities
Security analysis, concept and ISMS implementation based on ISO 27001/BSI basic protection analysis for multiple municipalities:
- Security measures improvement
- ISMS establishment
Tools/Methods: ISO 27001, BSI basic protection, security scanners/pentest tools
Process Consultant
Process design and consulting for RENITA project (digital radio network):
- ITIL process design
- Continual service improvement
- Implementation of new processes
- Customer acceptance testing
Tools: ITIL, COBIT, Office products, ServiceNow
Project Manager
Swiss Federal Authority
Server migration project management:
- Hardware server virtualization
- Latest server OS implementation
- Server security hardening
Tools: HERMES 5, Microsoft Project, Visio, Office Suite
Security Consultant
Swiss Federal Authority
Security analysis and ISMS implementation:
- Security analysis and measures plan
- Regular system analysis procedures
Tools: HERMES 5, BSI basic protection, ISO 27001, COBIT, pentest tools
ISO 27001 Consultant
Government Agency
ISMS auditing and ISO 27001 certification preparation:
- Pre-certification audit
- Gap analysis
- Remediation measures
- Certification support
ISO 27001 Consultant
ISMS auditing and ISO 27001 certification preparation:
- Pre-certification audit
- Gap analysis
- Remediation measures
- Certification support
ISO 27001 Consultant
Swiss Federal Administration
ISMS auditing and ISO 27001 certification preparation:
- Pre-certification audit
- Gap analysis
- Remediation measures
- Certification support
Web Platform Administrator
Swiss Federal Administration
Administration of LAMP web platform on SLES 9,10,11:
- Regular security analysis
- Security measures implementation
Technical Project Manager
Swiss Federal Administration
Server migration project management using HERMES 5 methodology
Systems Administrator
Administration of large SUSE Linux Enterprise Server farm (ca. 500 servers):
- Security analysis
- Penetration testing
- BSI basic protection optimization
Systems Administrator
Public Sector
Administration of SUSE Linux Enterprise Server farm (ca. 800 servers):
- Security analysis
- Penetration testing
- BSI basic protection optimization
- Server monitoring with Check_MK
Process Consultant
Mid-sized Company
Continual service improvement of existing processes using COBIT, ITIL, PRINCE2
Project Manager
Government Agency
Sub-project management for nationwide migration at 4 of 750 locations
Web Platform Administrator
Bank
Administration of web platform using Apache Tomcat and Apache web server on SUSE Linux Enterprise Server
Linux Systems Engineer
Manufacturing Company
Conceptual setup of standardized Linux server systems using RedHat Enterprise and Advanced Server
Project Manager
Transport Company
Sub-project management for large project at SBB
Systems Engineer
IT System House
Fine concept creation, test implementation and production deployment of Microsoft Operations Manager 2005
Systems Engineer
IT System House
Creation of rough and detailed concepts for Windows Server 2003 migration
Systems Engineer
IT System House
Infrastructure migration from NT 4.0 Server to Windows Server 2003
Project Manager
Government Agency
Project management for complete migration of government environment including clients and server infrastructure
Systems Engineer
Manufacturing Company
Migration of company network from Windows NT 4.0 to Windows Server 2003 and Windows XP including infrastructure services and VMware virtualization
Trainer and Consultant
Training and Consulting Company
Training, administration (Windows and Linux servers), consulting and coaching
Network Engineer
Project implementation for small and medium businesses:
- Network planning
- Network construction
- Maintenance
Support Engineer
IT Retailer
Collaboration with IT retailer:
- Network construction
- Delivery
- On-site customer support
System Administrator
University
Administration of student computer pool and Office project consulting
System Administrator
Adult Education Center
Administration of training and production networks
Linux Systems Engineer
Setup of Linux servers using SuSE Linux and integration into heterogeneous networks:
- PC service
- On-site customer support