System and endpoint hardening

• Identifying, assessing, and prioritizing vulnerabilities in Windows and Linux servers and clients
• Implementing stakeholder and remediation processes
• Remediation confirmation
• Reporting
• CIS system and application hardening
• Rapid7 Nexpose / InsightVM lifecycle management
• Implementing CIS Controls with CIS Community Defense Model v2 and CIS GPO Benchmarks for browsers, Windows Server / Client, SQL Server
• Using Microsoft Security Compliance Toolkit, security baselines, and integrated tools against existing GPOs (compare, test, inject)
• Creating technical and organizational documentation

Skills:

• Vulnerability management with Rapid7 Nexpose / InsightVM
• Reporting and escalation
• Remediation
• Target vs actual analysis and implementing NIST2, KRITIS, BSI baseline protection, VSA, VS-NfD, ISO 27001, NIS-2, CERT, OWASP, NIST, CERT/CC, NVD, MITRE ATT&CK
• SQL query design
• CIS Controls / Benchmarks
• Endpoint hardening
• IT service / business continuity management

• Rolling out and managing Trend Micro products: Apex One, Apex Central

I planned and redesigned the Symantec Endpoint Protection infrastructure for over 10,000 Windows and Linux endpoints, modeled and adjusted policies for compliance, and administered and managed the endpoint security solution. Key tasks included antimalware protection, incident response, forensic analysis, malware analysis, lifecycle and patch management, reporting, and collaboration with business units in 2nd and 3rd level support. SQL jobs and scripts were tested and adjusted as needed.

Since 2016 I worked for Sparkassen Finanz Informatik in cybersecurity/defense, compliance, information security management, business continuity, cloud security, Azure Entra ID, IT service management, audits, regulation, license management, product lifecycle, security infrastructure design and support.

For planning and implementing a Microsoft Azure security architecture I followed these steps:

• Current vs target analysis: I did a detailed review of the existing Azure security setup, checking network security, access controls, identity and authorization structures. Then I defined target requirements based on best practices and Microsoft Cybersecurity Reference Architectures (MCRA).
• Verifying entities: I verified virtual machines, networks, storage, and users for gaps, unused resources, and misconfigs, ensuring all entities fit the security architecture.
• Designing Azure security with Microsoft Defender: I built a custom architecture using Defender for multi-layered protection: NSGs, Azure Firewall, WAF, Zero Trust, Defender for Endpoint, Office 365, Identity, Cloud, Cloud Apps, and Sentinel.
• Implementation with stakeholders: I worked with IT operations, DevOps, and security teams, automating processes for consistent deployment of Defender solutions and policies.
• Validation: I tested all measures with automated checks and manual penetration tests to ensure they meet requirements.
• Operations and lifecycle: I handed over to operations with monitoring and reporting, regular reviews, and updates for ongoing security.

Additional tasks:

• Azure Entra ID identity and access management
• Purview DLP classification policies, labeling and protection, activity monitoring
• Purview insider and privacy risk management
• Purview Microsoft 365 App Governance, privacy and security analyses with Copilot for Security
• Managing Exchange, SharePoint, Teams security in M365 Admin Center
• Threat detection and analysis (IOC, IOA)
• Sandbox attack analysis
• And more too extensive to list.

In vulnerability management I ran Qualys, planned scans, generated reports, and escalated to stakeholders. I prepared and supported security audits for regulatory compliance. Other work:

• Reporting
• Endpoint hardening
• Product lifecycle management
• Incident, change, problem management in ServiceNow
• Writing manuals and technical/organizational docs
• Security architecture design
• Presentations and workshops

Skills:

• Microsoft Azure
• Microsoft Entra ID
• Identity and access management
• Microsoft Purview
• Data loss prevention
• Intune
• Active Directory
• Microsoft Defender products
• Microsoft Sentinel
• M365 App Security
• Trellix ePolicy Orchestrator / Endpoint
• EDR / XDR
• Symantec Endpoint Security
• BlueCoat Proxy
• SQL scripting and query design
• PowerShell scripting
• Patch and release management
• Qualys vulnerability management
• SOC
• Endpoint hardening
• Architecture design
• Financial sector regulatory and security consulting (DORA)
• ECB / TüVSec audits
• License, rights and policy management
• Privileged access management
• Splunk SIEM
• Incident analysis
• IOC/IOA evaluation (MITRE ATT&CK)
• Creating security concepts, manuals, docs
• KPI reporting
• Product lifecycle management
• Market and product screening
• CIS GPO benchmarking
• REST API
• BSI KRITIS
• SecOps
• BSI baseline protection
• NIS-2
• BSI C5
• ISO 27001
• ISMS
• IT service / business continuity management
• ServiceNow incident, change, problem management
• 2nd and 3rd level support
• Workshops
• CMDB and stakeholder management
• Escalation management

My core work included central management of McAfee ePolicy Orchestrator servers and infrastructure, API scripting, SQL scripting, migrations and updates, policy, task, antivirus, intrusion, firewall rule automation, vulnerability and disk encryption management, IT disaster planning, enforcing and reviewing policies, reporting, and test environments. I recently completed migrating ePO from v4.x to v5.x for a multi-tenant antivirus system, handling heterogeneous environments, replacing Symantec with McAfee on 5000 units, working with virtualization, networking, databases, and security teams. I optimized performance by 30–50%, and replaced SQL Server 2005 with a clustered SQL Server 2008 R2 solution. I manage ODBC, users, security, roles, rights, maintenance plans, emergency planning, queries, performance with PowerShell and SQL Monitor, analyze IPsec traffic, and report to stakeholders. In daily ops I handle vulnerability management, audits, reporting, documentation, updates, custom scans, logs, incident response, lifecycle, licensing, policies, SCCM packaging, and escalations.

Skills:

• Working with McAfee, Symantec and TrendMicro management platforms
• SEP to McAfee migration
• Endpoint security management
• Monitoring and reporting
• Database and storage management
• Threat prevention and detection
• Protection tuning
• Product evaluation and release management
• License management
• Backup, recovery and disaster planning
• Technical documentation
• Oracle, DB2, MSSQL Server administration
• Storage design
• SQL clustering
• Security, patch and release management
• Documentation

I worked with the security team to migrate ePO from 3.x to 4.x: policies, tasks, agents and antivirus components. I integrated and adjusted ePO structure with global AD schema, created client/server tasks, user auditing, server/auth config, incident analysis and remediation, SQL Server 2005/2008 admin, database migration, instance setup, performance tuning, backups, ITIL incident/change management, documentation, reporting, and training for international branches.

Skills:

• Managing ~10,000 clients and 1,000 servers with McAfee Agent, VirusScan, Host Intrusion Prevention, Endpoint Encryption, GroupShield for Exchange, SiteAdvisor, Rogue System Detection
• ePO 3.x to 4.x migration
• ePO integration and scripting with AD
• Incident response and remediation
• SQL Server admin and scripting
• ITIL change management
• Documentation, reports, statistics, and training

I ran both old and new domains concurrently via a bidirectional trust and DFS namespace with Robocopy jobs for data sync. I defined and rolled out GPOs, deployed printers via PushPrinterConnect.exe, set up RemoteApps on terminal servers, migrated users with ADMT retaining old SIDs for CRM, implemented a new backup for HP Tape Library with CA Arcserve Backup 12.5 on Server 2008, and provided user support and documentation.

Skills:

• VMware ESX 4.0 vSphere consolidation
• Setting up domain controllers, terminal and app servers
• Deploying RemoteApps
• Migrating accounts to new domain
• Printer rollout via GPO
• ADDS GPO management
• DFS/DFS-R
• ADS trust between domains
• TrendMicro OfficeScan deployment
• New backup concept with CA Arcserve Backup
• 1st/2nd/3rd level support and documentation

I worked as an IT technician in Germany’s largest private security service center during a merger. I integrated diverse LAN, WAN, WLAN, FC segments into the central data center, managed active and passive network components, optimized office processes for incompatible file formats, proposed a Drupal-based CMS wiki, migrated clients/servers from Windows 2000/XP to XP/Vista and Windows Server 2000/2003 to 2003/2008, migrated servers to VMware ESX 3.5, supported 24x7 helpdesk with OTRS, monitored with Nagios and GFI Network Server Monitor, managed AD, GPO, print, remote sites, Office users, Citrix Metaframe, network security with Symantec, McAfee, TrendMicro, SonicWall, Cisco, and administered SQL Server 2000/2005/2008, Exchange 2003/2007. I combined technical skill, teamwork, and communication to drive efficient workflows.

Skills:

• Support hotline (Office support, printer admin, ticketing, password resets)
• Deploying Windows Server 2008 and SQL Server 2008
• Migrating XP to Vista
• Facility management (infrastructure, power, HVAC, access control)
• Client/server manufacturing for specialized apps
• Monitoring critical processes
• VMware ESX consolidation
• Citrix Metaframe application delivery
• Office process optimization
• Drupal CMS wiki in PHP
• Network documentation and performance analysis
• Backup and disaster recovery planning
• Hardware/software inventory
• Security tech support (BMA, EMA, video)
• Alarm management and operator client admin
• SQL Server 2005/2008 admin
• Exchange 2003/2007 admin
• AD management
• Symantec, eTrust and TrendMicro antivirus admin

• Windows terminal servers, Citrix Metaframe farm, ThinPrint servers and clients
• Ensuring printer driver compatibility
• Load balancing
• User accounting
• Domain concept and AD
• Firebird database server
• Upgrading nationwide cash logistics centers from 16-bit to 32-bit software
• Documentation and archiving per ITIL
• SonicWall VPN admin
• Helpdesk and on-site support
• Printer concept planning and rollout
• Backup concept with Arcserve 11
• GFI Faxmaker admin
• eTrust Antivirus enterprise
• Exchange admin
• SBS 2003 setup with Exchange and mobile remote
• WSUS implementation
• Network inventory with MOM
• SQL 2000 admin

• Connecting a remote office to the central network via WLAN and verifying security and performance