Matthias Steinmann - Senior Consultant Security (freelance)

Q: Where is Matthias based?

Matthias is based in Panketal, Germany and can operate in on-site , hybrid , and remote work models.

Q: What languages does Matthias speak?

Matthias speaks the following languages: German (Native), English (Advanced), French (Elementary) .

Q: How many years of experience does Matthias have?

Matthias has at least 46 years of experience. During this time, Matthias has worked in at least 15 different roles and for 10 different companies . The average length of individual experience is 3 years and 10 months . Note that Matthias may not have shared all experience and actually has more experience.

Q: What is Matthias's latest experience?

Matthias's most recent position is Senior Security Consultant (freelance) at DVZ M-V .

Q: What companies has Matthias worked for in recent years?

In recent years, Matthias has worked for DVZ M-V , DTBS , BMZ , and Dataport .

Q: Which industries is Matthias most experienced in?

Matthias is most experienced in industries like Information Technology (IT) , Arts and Crafts , Media, and Entertainment and Publishing . Matthias also has some experience in Automotive , Manufacturing , and Government and Public Administration .

Q: Which business areas is Matthias most experienced in?

Matthias is most experienced in business areas like Information Technology (IT) , Quality Assurance (QA) , and Project Management . Matthias also has some experience in Supply Chain Management , Production/Manufacturing , and Logistics .

Q: Which industries has Matthias worked in recently?

Matthias has recently worked in industries like Information Technology (IT) and Government and Public Administration .

Q: Which business areas has Matthias worked in recently?

Matthias has recently worked in business areas like Information Technology (IT) , Audit , and Project Management .

Recommended expert

Panketal, Germany

Experience

Sep 2023 - Present

2 years 6 months

Senior Security Consultant (freelance)

DVZ M-V

ISMS and security concept for the Fabasoft e-file according to BSI 200-1/2, among others
Structural analysis (A.1), modeling (A.3) and basic protection checks (A.4)
Preparation for OWASP penetration test, incident response plan, risk analysis
DevOps with Bitbucket, ARC42, IAM Keycloak/AD, multi-tenant concept, DMS, SOC
Emergency preparedness concept BSI 200-4, operations and service concept (BSK), ITSM

Jun 2022 - Jun 2023

1 year 1 month

Security Architect BSI 200-2 and BSI 200-3 (freelance)

DTBS

Conducting structural analysis (A.1) and basic protection checks (A.3) for a data center/ISMS, TOMs
Creation and updating of risk analysis (A.5) according to BSI 200-3 compendium 2021/2022 and ISO 27001/27005 (UAN)
IT security architecture and analysis / preparation for data center monitoring audit
Policy development for role and authorization management (RuB)/AD

Oct 2021 - May 2022

8 months

Senior Operational Security Consultant (freelance)

BMZ

IT service manager OPSEC / SOC operations / ISO 27001 IT baseline protection
Incident management / incident response management and reporting, SOC, SIEM, Macmon NAC/zero trust, FW/IDS/IPS, Trend Micro XDR/DER, OSSIM
Process and document management in OPSEC area, Log4j measures
Concept development BSI 200-2 including DER 2.1 and DER 4.0, CVE/CVSS, WSUS
Team leadership, disaster recovery plan, shutdown and restart planning, ITSM

Sep 2020 - Sep 2021

1 year 1 month

Senior Security Consultant (freelance)

Dataport

Project manager for certification audit of multi-tenant connection zone Hamburg, Bremen, and Schleswig-Holstein under IT baseline protection/TZ5/TZ15 (implementer)
Tendering and auditor selection process
Development of security concept A.1 to A.5 according to IT baseline protection, ISMS
Conducting GSCs with IT-GS HiScout / supporting pre-audit/main audit phase IV
Audit preparation ISO 27001 IT baseline protection for ITSM operations/TQ3 department
Support for IT baseline protection GSC/RA using IT-GS HiScout
Concept development: operations concept, emergency manual, logging concept, risk analysis 100-3/200-3, authorization management including AD/PAM
Support for service management based on ITIL and BMC Remedy ITSM Suite 19.02

Aug 2017 - Aug 2020

3 years 1 month

IT Security Manager

CANCOM on line GmbH

Lead implementer for introducing ISO 27001 IT baseline protection and KRITIS sector transport and traffic at the state mobility agency of Rhineland-Palatinate (LBM RP)
Development of security concept (2018–2020) for the LBM IT network including sales support, GS tool Infodas SAVe 5
Central office network LBM / SAP LBM
Highway tunnels and control centers
Networks and infrastructure
Establishment of a central ISMS: security incident management, patch management, internal audit, asset management, risk management, technical and organizational measures (TOMs), internal SAP audit, etc.
Project approach according to BSI baseline protection (100/200-xx) / ISO 27001 / KRITIS
Structural analysis and protection needs / processes / assets, IT / OT
Modeling according to IT baseline protection including module B 5.13 SAP, IT baseline protection check
Application of B3S road traffic (signaling systems) / hazards
Preparation for audit / proof under § 8a (3) BSIG (security audit)

Sep 2016 - May 2017

9 months

Senior Information Security Consultant

secunet Security Networks AG

Security concept for the SAP landscape (SAP system DRV) according to IT Baseline Protection and ISMS
Consolidation of basic security check / target-actual comparison
Additional security and risk analysis for the SAP application
Application of module B 5.13 SAP according to IT Baseline Protection
Consulting at the Federal Office for Information Security (BSI), Section 33 Federal Networks, ISMS and network security/Ü2
Consulting and auditing of document management and requirements management for the Federal Networks/IVBB
Support for the DRV infrastructure components project: kickoff, structural analysis, GSC

Feb 2015 - Aug 2016

1 year 7 months

Certified Ethical Hacker CEHv9

EC-Council / Firebrand Training

Penetration Testing / Vulnerability Assessment
Web and Cybersecurity
Cryptography and Social Engineering

Aug 2010 - Jan 2015

4 years 6 months

Senior Project Manager / IT Security Manager in large-scale projects

T-Systems International GmbH

DAVOS project / Information Network Berlin-Bonn (IVBB) / NdB, ITSM / data center
IT security management according to IT Baseline Protection in IVBB subprojects
IT Baseline Protection basic check and risk analysis
ITSM tool BMC Remedy, ISO 27001, TKG

Aug 2009 - Jul 2010

1 year

Program Manager for Nearshore and Offshore Regulation (NOR)

T-Systems International GmbH

Ensuring IT security compliance in Systems Integration (SI)/Ü2
Implementation and support of requirements for classified information protection (GBS), privacy (GPR) and legal (GLA)/TKG
Establishment of NOR compliance in 102 SI applications (including SAP BMS-IT (P02)), implementation of measures and partial repatriation of offshore capacities

May 2007 - Jan 2015

7 years 9 months

Senior Consultant IT Security and Process Management

T-Systems International GmbH

Internal audits/checks of 30 top projects in project monitoring according to TSI PM and SE standards
Conducting ISO 27001 assessments, quality gates (reviews) in projects and services
Information security and data protection according to TSI standard NOR/IRON, TKG
Service management according to ITSM/ITIL, SLA
Internal audits, among others for DB, DP and Fraport projects

May 2007 - Jul 2009

2 years 3 months

International Delivery Network (IDN) - Consulting (Near- and Offshoring)

T-Systems International GmbH

IDN process rollout project management (PM book)/software engineering (SE book) in SI country subsidiaries (LG)
IDN project monitoring for projects including subsidiaries in France, Spain, Mexico

Jun 2000 - Apr 2007

6 years 11 months

Consultant Central Quality Assurance / ISO 9001

T-Systems / Gedas Deutschland GmbH

Support SAP service contract VW ITSM/SLA/service catalog based on ITIL
Proposal and project review board/document management ISO 9001
Process manager proposal review board and project monitoring: process analysis and process design/process modeling in ARIS

Sep 1999 - May 2000

9 months

SAP Consultant for Materials Management (MM)

T-Systems / Gedas Deutschland GmbH

Central spare parts logistics project VW AG "Spare Parts 2000" (ET2000) in Kassel
Worldwide distribution and support of SAP material master data and pricing (ALE)

Feb 1998 - Aug 1999

1 year 7 months

SAP Consultant for Controlling (CO/subproject lead)

T-Systems / Gedas Deutschland GmbH

SAP implementation project for Shanghai Volkswagen
Implementation of SAP CO module (cost center accounting, CO orders, product costing)

Aug 1988 - Jan 1998

9 years 6 months

Freelance work as sound engineer and studio musician

Sep 1979 - Jul 1988

8 years 11 months

Transport Technologist

Kabelwerk Oberspree Berlin

Developing material flow analyses and transport technologies

CISSP/CSSP – Qualification

Fernschule Weber

Network Security, Access Control, Physical Security, Application Security
Compliance Management (COSO, COBIT), Business Continuity, Operational Security

IT Security Manager (ISMS/ISO 27001)

TÜV Rheinland Akademie GmbH

Information security governance according to DIN ISO/IEC 27001, 27002:2013 including IT security processes, ISMS, risk management

Industries Experience

See where this freelancer has spent most of their professional time. Longer bars indicate deeper hands-on experience, while shorter ones reflect targeted or project-based work.

Experienced in Information Technology (24.5 years), Arts and Crafts (9.5 years), Media and Entertainment (9.5 years), Automotive (9 years), Manufacturing (9 years), and Government and Administration (8 years).

Information Technology

Arts and Crafts

Media and Entertainment

Automotive

Manufacturing

Government and Administration

Business Areas Experience

The graph below provides a cumulative view of the freelancer's experience across multiple business areas, calculated from completed and active engagements. It highlights the areas where the freelancer has most frequently contributed to planning, execution, and delivery of business outcomes.

Experienced in Information Technology (26.5 years), Quality Assurance (18.5 years), Project Management (17 years), Supply Chain Management (9.5 years), Production (9.5 years), and Logistics (9 years).

Information Technology

Quality Assurance

Project Management

Supply Chain Management

Production

Logistics

Skills

Design/ Se
Red Hat Linux
Kali Linux
Github
Red Hat
Aris
Ms Visio
Threat Modeling
Arc42
Vm/ Pm/ Test Se
V-model
Cmmi
Itil
Itsm
Servicenow
Jira
Confluence
Mitre
F5 App Sec.
Isms-tool Verinice Xp (Sernet)
Save5 (Infodas)
Hiscout According To Bsi It-grundschutz
Bcm
It Security Management Iso 27001/27005
Cissp
Cehv9
Owasp
Bsi It-gs 200-x
Kritis
Nist
Nis2

Languages

German

Native

English

Advanced

French

Elementary

Education

Sep 1975 - Jul 1979

Diploma in Engineering Economics · Business Administration, specialization in Logistics

Sep 1969 - Jul 1973

Gymnasium Güstrow

High school diploma · Güstrow, Germany

Certifications & licenses

Corporate / Public Data Protection Officer

Kommunales Bildungswerk e.V.

PECB Certified ISO/IEC 27001 Lead Auditor

PECB

Corporate / Public Data Protection Officer

Kommunales Bildungswerk e.V.

CEHv9 Ethical Hacker

EC-Council / Firebrand Training

ITIL Foundation Certificate V3

Capability Maturity Model Integration (CMMI V 1.2)

Project Management Professional (PMP PMI)

ITIL Foundation Certificate V2

Profile

Created

January 2025

Last Update

April 2025

Need a freelancer? Find your match in seconds.

Try FRATCH GPT

Frequently asked questions

Do you have questions? Here you can find further information.

Where is Matthias based?

Matthias is based in Panketal, Germany and can operate in on-site, hybrid, and remote work models.

What languages does Matthias speak?

Matthias speaks the following languages: German (Native), English (Advanced), French (Elementary).

How many years of experience does Matthias have?

Matthias has at least 46 years of experience. During this time, Matthias has worked in at least 15 different roles and for 10 different companies. The average length of individual experience is 3 years and 10 months. Note that Matthias may not have shared all experience and actually has more experience.

What roles would Matthias be best suited for?

Based on recent experience, Matthias would be well-suited for roles such as: Senior Security Consultant (freelance), Security Architect BSI 200-2 and BSI 200-3 (freelance), Senior Operational Security Consultant (freelance).

What is Matthias's latest experience?

Matthias's most recent position is Senior Security Consultant (freelance) at DVZ M-V.

What companies has Matthias worked for in recent years?

In recent years, Matthias has worked for DVZ M-V, DTBS, BMZ, and Dataport.

Which industries is Matthias most experienced in?

Matthias is most experienced in industries like Information Technology (IT), Arts and Crafts, Media, and Entertainment and Publishing. Matthias also has some experience in Automotive, Manufacturing, and Government and Public Administration.

Which business areas is Matthias most experienced in?

Matthias is most experienced in business areas like Information Technology (IT), Quality Assurance (QA), and Project Management. Matthias also has some experience in Supply Chain Management, Production/Manufacturing, and Logistics.

Which industries has Matthias worked in recently?

Matthias has recently worked in industries like Information Technology (IT) and Government and Public Administration.

Which business areas has Matthias worked in recently?

Matthias has recently worked in business areas like Information Technology (IT), Audit, and Project Management.

What is Matthias's education?

Matthias holds a Master in Business Administration, specialization in Logistics.

Does Matthias have any certificates?

Matthias has 8 certificates. Among them, these include: Corporate / Public Data Protection Officer, PECB Certified ISO/IEC 27001 Lead Auditor, and Corporate / Public Data Protection Officer.

What is the availability of Matthias?

Matthias is immediately available full-time for suitable projects.

What is the rate of Matthias?

Matthias's rate depends on the specific project requirements. Please use the Meet button on the profile to schedule a meeting and discuss the details.