Matthias Steinmann - Senior Consultant Security (freelance)

Go to Website

Panketal, Germany

Experience

Sep 2023 - Present

1 year 11 months

Germany

Senior Consultant Security (freelance)

DVZ M-V

ISMS and security concept E-Akte Fabasoft according to BSI 200-1/2 including structure analysis (A.1), modeling (A.3) and baseline checks (A.4)
Preparation of penetration test OWASP, incident response plan, risk analysis
DevOps Bitbucket, ARC42, IAM Keycloak/AD, tenant concept, DMS, SOC
Emergency planning concept BSI 200-4, operations and service concept (BSK), ITSM
Training: Update ISO/IEC 27001:2022 – DQS/EA TOGAF Standard - udemy

Jun 2022 - Jun 2023

1 year 1 month

Security Architect BSI 200-2 and BSI 200-3 (freelance)

DTBS

Conducted structure analysis (A.1) and baseline checks (A.3) for a data center/ISMS, TOMs
Created and updated risk analysis (A.5) according to BSI 200-3 compendium 2021/2022 and ISO 27001/27005 (UAN)
IT security architecture and analysis / prepared data center surveillance audit
Drafting guideline for roles and access management (RaA)/AD

Oct 2021 - May 2022

8 months

Senior Consultant Operational Security (freelance)

BMZ

IT service manager OPSEC / SOC operation / ISO 27001 IT baseline protection
Incident management / incident response management and reporting, SOC, SIEM, Macmon NAC/Zero Trust, FW/IDS/IPS, Trend Micro XDR/DER, OSSIM
Process and document management OPSEC area, Log4j measures
Drafted BSI 200-2 including DER 2.1 and DER 4.0, CVE/CVSS, WSUS
Team lead, disaster recovery plan, shutdown-restart planning, ITSM

Sep 2020 - Sep 2021

1 year 1 month

Hamburg, Germany

Senior Consultant Security (freelance)

Dataport

Project lead certification audit multi-tenant connection zone Hamburg, Bremen and state of Schleswig-Holstein according to IT baseline protection/TZ5/TZ15 (implementer)
Tender and selection of auditor
Created security concept A.1 to A.5 according to IT baseline protection, ISMS
Carried out GSCs including IT-BP HiScout/support pre-audit/main audit IV
Audit prep ISO 27001 IT baseline protection for ITSM operations/TQ3
Supported IT baseline protection GSC/RA using IT-BP HiScout
Drafted operations concept, emergency manual, logging concept, risk analysis 100-3/200-3, access management including AD/PAM
Support service management based on ITIL and BMC Remedy ITSM Suite 19.02
Training: ISACA Cyber Security Practitioner, ISACA German Chapter

Aug 2017 - Aug 2020

3 years 1 month

Germany

IT Security Manager

Cancom on line GmbH

a) Lead implementer for ISO 27001 IT baseline protection and KRITIS transport sector at State Office for Mobility Rhineland-Palatinate (LBM RP)
Created security concept (2018–2020) for LBM IT network including sales support, BP tool Infodas SAVe 5
Central LBM office network/SAP LBM
Highway tunnels and control centers
Networks and infrastructure
Established central ISMS: security incident management, patch management, internal audit, asset management, risk management, TOMs, internal SAP audit and more
Project approach according to BSI baseline protection (100/200-xx)/ISO 27001/KRITIS:
Structure analysis and protection needs/processes/assets, IT/OT
Modeling according to baseline protection including module B 5.13 SAP, baseline protection check
Application B3S road traffic (signal systems)/threats
Audit prep/proof §8a (3) BSIG (security audit)
b) Created security and BCM concepts per BSI 100/200-xx for Berlin schools/Senate Administration Berlin, including ISMS policy, security and emergency concept LUSD (client and network management), emergency manual SenBJF, standard fallback procedures, processes, BIA
c) Audit prep ISO 27001 IT baseline protection in 2018 Cancom on line GmbH
Updated baseline protection check/risk analysis
Tool selection and rollout IT baseline protection tool verinice XP/data import
d) ISO 27001 group security CANCOM-SE: ISMS, access concept/AD CS
GRC tool, MaRisk, SOA, internal audits/prep audit in 2018
Training: PECB Certified ISO/IEC 27001 Lead Auditor (03/2019)
Additional audit competence §8a (3) BSIG IT security audits for KRITIS operators/Bitkom Akademie (with certificate 06/2019)

Sep 2016 - May 2017

9 months

Germany

Senior Consultant Information Security

secunet Security Networks AG

Security concept for SAP network SAP system DRV according to baseline protection, ISMS
Consolidation of baseline security check/actual vs target comparison
Additional security and risk analysis for the SAP application
Applying module B 5.13 SAP according to baseline protection
Consulting at Federal Office for Information Security (BSI) department 33 federal networks, ISMS and network security/Ü2
Consulting and revision document management and requirements management federal networks/IVBB
Support for DRV infrastructure project: kickoff, structure analysis, GSC
Training:
Certified data protection officer for companies/authorities - Kommunales Bildungswerk e.V. (11/2016 and 10/2019)
SAP audit – IBS Schreiber GmbH training (5 days/06/2017)

Feb 2015 - Aug 2016

1 year 7 months

Certified Ethical Hacker CEHv9

EC-Council / Firebrand Training

Penetration testing/vulnerability assessment, web and cybersecurity, cryptography and social engineering

Feb 2015 - Aug 2016

1 year 7 months

CISSP/CSSP – Training

Fernschule Weber

Network security, access control, physical security, application security
Compliance management (COSO, COBIT), business continuity, operational security

Feb 2015 - Aug 2016

1 year 7 months

IT Security Manager (ISMS/ISO 27001)

TÜV Rheinland Akademie GmbH

Information security governance according to ISO/IEC 27001, 27002:2013 including security processes, ISMS, risk management

Aug 2010 - Jan 2015

4 years 6 months

Germany

Senior Project Manager / IT Security Manager in large projects (50%)

T-Systems International GmbH (TSI)

Project DAVOS/information network Berlin-Bonn (IVBB)/NdB, ITSM/data center
IT security management according to baseline protection in IVBB subprojects/baseline check and risk analysis, ITSM tool BMC Remedy, ISO 27001, TKG

Sep 2009 - Jan 2015

5 years 5 months

Germany

Senior Consultant IT Security and Process Management (50%)

T-Systems International GmbH (TSI)

Internal audits/check of 30 top projects in project monitoring according to TSI project management (PM) and software engineering (SE) standards, conducted ISO 27001 assessments, quality gates (reviews) in projects and services, information security and data protection according to TSI NOR/IRON standard, TKG, service management ITSM/ITIL, SLA, internal audits on projects like DB, DP, Fraport and others

Aug 2009 - Jul 2010

1 year

Germany

Program Manager Nearshore and Offshore Regulation (NOR)

T-Systems International GmbH (TSI)

Ensured IT security compliance in systems integration (SI)/Ü2
Implemented and supported requirements for Classified information protection (GBS), privacy (GPR) and legal (GLA)/TKG/team lead
Achieved NOR compliance in 102 SI applications including SAP BMS-IT (P02), implemented measures and partly brought back offshore capacities

May 2007 - Jul 2009

2 years 3 months

Germany

International Delivery Network (IDN) - Consulting (Near- and Offshoring)

T-Systems International GmbH (TSI)

IDN process rollout project management (PM) book/software engineering (SE) book in SI subsidiaries
IDN project monitoring for projects in France, Spain, Mexico and others

Jun 2000 - Apr 2007

6 years 11 months

Germany

Consultant Central Quality Assurance / ISO 9001

T-Systems / Gedas Deutschland GmbH

Support SAP service contract VW ITSM/SLA/service catalog based on ITIL
Proposal and project review board/document management ISO 9001
Process manager proposal review board and project monitoring: conducted process analysis and design/process modeling in ARIS

Sep 1999 - May 2000

9 months

Kassel, Germany