Matthias Steinmann

Senior Consultant Security (freelance)

Panketal, Germany
Experience
Sep 2023 - Present
1 year 11 months
Germany

Senior Consultant Security (freelance)

DVZ M-V

  • ISMS and security concept E-Akte Fabasoft according to BSI 200-1/2 including structure analysis (A.1), modeling (A.3) and baseline checks (A.4)
  • Preparation of penetration test OWASP, incident response plan, risk analysis
  • DevOps Bitbucket, ARC42, IAM Keycloak/AD, tenant concept, DMS, SOC
  • Emergency planning concept BSI 200-4, operations and service concept (BSK), ITSM
  • Training: Update ISO/IEC 27001:2022 – DQS/EA TOGAF Standard - udemy
Jun 2022 - Jun 2023
1 year 1 month

Security Architect BSI 200-2 and BSI 200-3 (freelance)

DTBS

  • Conducted structure analysis (A.1) and baseline checks (A.3) for a data center/ISMS, TOMs
  • Created and updated risk analysis (A.5) according to BSI 200-3 compendium 2021/2022 and ISO 27001/27005 (UAN)
  • IT security architecture and analysis / prepared data center surveillance audit
  • Drafting guideline for roles and access management (RaA)/AD
Oct 2021 - May 2022
8 months

Senior Consultant Operational Security (freelance)

BMZ

  • IT service manager OPSEC / SOC operation / ISO 27001 IT baseline protection
  • Incident management / incident response management and reporting, SOC, SIEM, Macmon NAC/Zero Trust, FW/IDS/IPS, Trend Micro XDR/DER, OSSIM
  • Process and document management OPSEC area, Log4j measures
  • Drafted BSI 200-2 including DER 2.1 and DER 4.0, CVE/CVSS, WSUS
  • Team lead, disaster recovery plan, shutdown-restart planning, ITSM
Sep 2020 - Sep 2021
1 year 1 month
Hamburg, Germany

Senior Consultant Security (freelance)

Dataport

  • Project lead certification audit multi-tenant connection zone Hamburg, Bremen and state of Schleswig-Holstein according to IT baseline protection/TZ5/TZ15 (implementer)
  • Tender and selection of auditor
  • Created security concept A.1 to A.5 according to IT baseline protection, ISMS
  • Carried out GSCs including IT-BP HiScout/support pre-audit/main audit IV
  • Audit prep ISO 27001 IT baseline protection for ITSM operations/TQ3
  • Supported IT baseline protection GSC/RA using IT-BP HiScout
  • Drafted operations concept, emergency manual, logging concept, risk analysis 100-3/200-3, access management including AD/PAM
  • Support service management based on ITIL and BMC Remedy ITSM Suite 19.02
  • Training: ISACA Cyber Security Practitioner, ISACA German Chapter
Aug 2017 - Aug 2020
3 years 1 month
Germany

IT Security Manager

Cancom on line GmbH

  • a) Lead implementer for ISO 27001 IT baseline protection and KRITIS transport sector at State Office for Mobility Rhineland-Palatinate (LBM RP)
  • Created security concept (2018–2020) for LBM IT network including sales support, BP tool Infodas SAVe 5
  • Central LBM office network/SAP LBM
  • Highway tunnels and control centers
  • Networks and infrastructure
  • Established central ISMS: security incident management, patch management, internal audit, asset management, risk management, TOMs, internal SAP audit and more
  • Project approach according to BSI baseline protection (100/200-xx)/ISO 27001/KRITIS:
  • Structure analysis and protection needs/processes/assets, IT/OT
  • Modeling according to baseline protection including module B 5.13 SAP, baseline protection check
  • Application B3S road traffic (signal systems)/threats
  • Audit prep/proof §8a (3) BSIG (security audit)
  • b) Created security and BCM concepts per BSI 100/200-xx for Berlin schools/Senate Administration Berlin, including ISMS policy, security and emergency concept LUSD (client and network management), emergency manual SenBJF, standard fallback procedures, processes, BIA
  • c) Audit prep ISO 27001 IT baseline protection in 2018 Cancom on line GmbH
  • Updated baseline protection check/risk analysis
  • Tool selection and rollout IT baseline protection tool verinice XP/data import
  • d) ISO 27001 group security CANCOM-SE: ISMS, access concept/AD CS
  • GRC tool, MaRisk, SOA, internal audits/prep audit in 2018
  • Training: PECB Certified ISO/IEC 27001 Lead Auditor (03/2019)
  • Additional audit competence §8a (3) BSIG IT security audits for KRITIS operators/Bitkom Akademie (with certificate 06/2019)
Sep 2016 - May 2017
9 months
Germany

Senior Consultant Information Security

secunet Security Networks AG

  • Security concept for SAP network SAP system DRV according to baseline protection, ISMS
  • Consolidation of baseline security check/actual vs target comparison
  • Additional security and risk analysis for the SAP application
  • Applying module B 5.13 SAP according to baseline protection
  • Consulting at Federal Office for Information Security (BSI) department 33 federal networks, ISMS and network security/Ü2
  • Consulting and revision document management and requirements management federal networks/IVBB
  • Support for DRV infrastructure project: kickoff, structure analysis, GSC
  • Training:
  • Certified data protection officer for companies/authorities - Kommunales Bildungswerk e.V. (11/2016 and 10/2019)
  • SAP audit – IBS Schreiber GmbH training (5 days/06/2017)
Feb 2015 - Aug 2016
1 year 7 months

Certified Ethical Hacker CEHv9

EC-Council / Firebrand Training

  • Penetration testing/vulnerability assessment, web and cybersecurity, cryptography and social engineering
Feb 2015 - Aug 2016
1 year 7 months

CISSP/CSSP – Training

Fernschule Weber

  • Network security, access control, physical security, application security
  • Compliance management (COSO, COBIT), business continuity, operational security
Feb 2015 - Aug 2016
1 year 7 months

IT Security Manager (ISMS/ISO 27001)

TÜV Rheinland Akademie GmbH

  • Information security governance according to ISO/IEC 27001, 27002:2013 including security processes, ISMS, risk management
Aug 2010 - Jan 2015
4 years 6 months
Germany

Senior Project Manager / IT Security Manager in large projects (50%)

T-Systems International GmbH (TSI)

  • Project DAVOS/information network Berlin-Bonn (IVBB)/NdB, ITSM/data center
  • IT security management according to baseline protection in IVBB subprojects/baseline check and risk analysis, ITSM tool BMC Remedy, ISO 27001, TKG
Sep 2009 - Jan 2015
5 years 5 months
Germany

Senior Consultant IT Security and Process Management (50%)

T-Systems International GmbH (TSI)

  • Internal audits/check of 30 top projects in project monitoring according to TSI project management (PM) and software engineering (SE) standards, conducted ISO 27001 assessments, quality gates (reviews) in projects and services, information security and data protection according to TSI NOR/IRON standard, TKG, service management ITSM/ITIL, SLA, internal audits on projects like DB, DP, Fraport and others
Aug 2009 - Jul 2010
1 year
Germany

Program Manager Nearshore and Offshore Regulation (NOR)

T-Systems International GmbH (TSI)

  • Ensured IT security compliance in systems integration (SI)/Ü2
  • Implemented and supported requirements for Classified information protection (GBS), privacy (GPR) and legal (GLA)/TKG/team lead
  • Achieved NOR compliance in 102 SI applications including SAP BMS-IT (P02), implemented measures and partly brought back offshore capacities
May 2007 - Jul 2009
2 years 3 months
Germany

International Delivery Network (IDN) - Consulting (Near- and Offshoring)

T-Systems International GmbH (TSI)

  • IDN process rollout project management (PM) book/software engineering (SE) book in SI subsidiaries
  • IDN project monitoring for projects in France, Spain, Mexico and others
Jun 2000 - Apr 2007
6 years 11 months
Germany

Consultant Central Quality Assurance / ISO 9001

T-Systems / Gedas Deutschland GmbH

  • Support SAP service contract VW ITSM/SLA/service catalog based on ITIL
  • Proposal and project review board/document management ISO 9001
  • Process manager proposal review board and project monitoring: conducted process analysis and design/process modeling in ARIS
Sep 1999 - May 2000
9 months
Kassel, Germany

SAP Consultant Material Management (MM)

T-Systems / Gedas Deutschland GmbH

  • Project central spare parts logistics VW AG "Spare Parts 2000" (ET2000) Kassel
  • Worldwide shipping and support of SAP material master data and pricing (ALE)
Feb 1998 - Aug 1999
1 year 7 months
Shanghai, China

SAP Consultant Controlling (CO/subproject lead)

T-Systems / Gedas Deutschland GmbH

  • Project SAP implementation Shanghai Volkswagen
  • Introduced SAP CO module (cost center accounting, CO orders, product costing)
Aug 1988 - Jan 1998
9 years 6 months

Sound Engineer and Studio Musician

Freelance

Sep 1979 - Jul 1988
8 years 11 months
Berlin, Germany

Transport Technologist

Kabelwerk Oberspree Berlin

  • Developed material flow analyses and transport technologies
Languages
German
Native
English
Advanced
French
Elementary
Education
Sep 1975 - Jul 1979
Lorem ipsum dolor sit amet

Diploma Engineer Economist, specialized in logistics · Business Administration

Sep 1969 - Jul 1973

Gymnasium Güstrow

Abitur · Güstrow, Germany

Certifications & licenses

Certified Data Protection Officer for Companies/Authorities

Kommunales Bildungswerk e.V.

Additional audit competence §8a (3) BSIG IT security audits for KRITIS operators

Bitkom Akademie

PECB Certified ISO/IEC 27001 Lead Auditor

PECB

Certified Data Protection Officer for Companies/Authorities

Kommunales Bildungswerk e.V.

CEHv9 Ethical Hacker

EC-Council / Firebrand Training

ITIL Foundation Certificate V3

Capability Maturity Model Integration (CMMI V1.2)

Project Management Professional (PMP)

PMI

ITIL Foundation Certificate V2

Need a freelancer? Find your match in seconds.
Try FRATCH GPT
More actions