System and Endpoint Hardening

• Identification, assessment, and prioritization of vulnerabilities in Windows and Linux server and client environments
• Implementation of stakeholder and remediation processes
• Remediation confirmation
• Reporting
• CIS system and application hardening
• Rapid7 Nexpose / InsightVM life cycle management
• Implementation of CIS Controls using CIS Community Defense Model v2 and CIS GPO Benchmarks for browsers, Windows Server/Client, SQL Server
• Use of Microsoft Security Compliance Toolkit and Security Baselines and integrated tools against existing GPOs (compare, test, inject)
• Creation of technical and organizational documentation

Skills:

• Vulnerability management with Rapid7 Nexpose / InsightVM
• Reporting and escalation
• Remediation
• TO-BE / AS-IS analysis and implementation of NIST2, KRITIS, BSI Basic Protection, VSA, VS-NfD, ISO 27001, NIS-2, CERT, OWASP, NIST, CERT/CC, NVD, MITRE ATT&CK
• SQL query design
• CIS Controls / Benchmarks
• Endpoint hardening
• IT service / business continuity management

• Rollout and management of Trend Micro products: Apex One, Apex Central

For this client, I took over the planning and redesign of the Symantec Endpoint Protection infrastructure with over 10,000 Windows and Linux endpoints, including modeling and adjustment of policies to compliance requirements as well as administration and management of the endpoint security solution. Anti-malware protection, incident response, forensic analyses, malware analyses, lifecycle and patch management, report generation and collaboration with the involved departments in 2nd and 3rd level support were other focuses of my activities. SQL jobs and scripts were also tested and adapted for functionality.

Since 2016, I have worked for Sparkassen Finanz Informatik in the areas of cybersecurity/defense, compliance, information security management, business continuity, cloud security, Azure Entra ID, IT service management, audits, regulations, license management, product lifecycle, security infrastructure design and support.

As part of planning and implementing a Microsoft Azure security architecture, I followed these structured steps:

• TO-BE / AS-IS analysis of the existing Azure security infrastructure: Conducted a thorough AS-IS analysis of all security mechanisms, tools and processes in the current environment, including network security, access controls and identity and permission structures. Defined TO-BE requirements based on specific security needs and Microsoft Cybersecurity Reference Architectures (MCRA).
• Verification of identified entities: Verified virtual machines, networks, storage and users for potential vulnerabilities, unused resources and misconfigurations to ensure accurate integration into the security architecture.
• Concept and design of the Azure security architecture with Microsoft Defender: Developed a tailored architecture using Microsoft Defender solutions (NSGs, Azure Firewall, WAF, Zero Trust, Defender for Endpoint, Defender for Office 365, Defender for Identity, Defender for Cloud, Defender for Cloud Apps and Sentinel) for comprehensive threat detection, protection and response.
• Project execution and implementation with stakeholders: Collaborated with IT operations, DevOps and security teams to configure Defender solutions and establish secure infrastructure policies, focusing on automation for efficiency and consistency.
• Validation: Performed automated and manual penetration tests to validate the effectiveness of implemented security measures and ensure compliance with defined requirements.
• Operations and lifecycle: Transitioned the architecture to production with ongoing monitoring and reporting, making regular adjustments and upgrades to address new threats and requirements, ensuring robustness and scalability.

Additional activities arising from these efforts included:

• Azure Entra ID identity and access management
• Purview design, data loss prevention classifications, labeling and protection policies, activity monitoring
• Purview insider and privacy risk management
• Purview Microsoft 365 App Governance including privacy and data security analyses with Microsoft Copilot for Security
• Management of Exchange/SharePoint and Teams security in the Microsoft 365 Admin Center
• Attack vector detection and analysis (IOC, IOA)
• Sandbox attack flow analyses
• And many more beyond scope due to complexity.

In vulnerability management, I administered the Qualys platform, planned scans, generated reports and managed escalations to stakeholders for mitigation.

I prepared and supported security audits for regulatory compliance requirements and implemented resulting findings.

Other interesting tasks included:

• Report creation
• Endpoint hardening
• Product lifecycle management
• Incident, change and problem management in ServiceNow
• Creation of operating manuals, technical and organizational documentation
• Security solution architecture design
• Presentations and workshops

Skills:

• Microsoft Azure
• Microsoft Entra ID
• Identity and access rights management
• Microsoft Purview
• Data loss prevention
• Intune
• Microsoft Active Directory
• Microsoft Defender (all products)
• Microsoft Sentinel
• Microsoft 365 App Security
• Trellix ePolicy Orchestrator / Endpoint
• EDR / XDR
• Symantec Endpoint Security
• BlueCoat Proxy
• SQL scripting and query design
• PowerShell scripting
• Patch and release management
• Qualys vulnerability management
• SOC
• Endpoint hardening
• Architecture design
• Regulatory and security consulting for finance sector (DORA)
• ECB / TÜVSec audits
• License, permission and policy management
• Privileged access management
• Splunk SIEM
• Security incident analysis
• IOC / IOA evaluation (MITRE ATT&CK)
• Security concept, manual, technical and organizational documentation creation
• KPI reporting
• Product lifecycle management
• Market and product screening
• CIS GPO benchmarking
• REST API
• BSI KRITIS
• SecOps
• BSI Basic Protection
• NIS-2
• BSI C5
• ISO 27001
• ISMS
• IT service / business continuity management
• ServiceNow incident, change and problem management
• 2nd and 3rd level support
• Workshops
• CMDB and stakeholder management
• Escalation management

My core responsibilities included centralized management of McAfee ePolicy Orchestrator servers and their system infrastructure, API scripting, SQL scripting, migrations and updates, policy/task/antivirus/intrusion/firewall rule automation, vulnerability and system encryption management, IT disaster planning and management, enforcement and reevaluation of corporate policies, as well as report creation and test environment setup. Recently completed was the migration from McAfee ePolicy Orchestrator version 4.x to 5.x to build a tenant-independent central antivirus management system and migrate existing ePO servers and managed systems to the new environment despite heterogeneous system landscapes. A new client deploys Symantec Endpoint Protection on ~5000 units, which we replaced and migrated to McAfee VirusScan and Move AV in close collaboration with server/virtualization, network/firewall, database and security/change management teams under ITIL-compliant approvals. The migration to a new data center and network zone concept required intensive testing and preparation to ensure communication between ePO server, database and endpoints (port openings for vulnerability manager, agent handler, VMware vSphere, MSSQL). I also introduced McAfee Move Antivirus Multiplatform, evaluated and promoted it to production. To address performance issues and growing exclusions on virtualized endpoints while preparing for a VDI infrastructure, we coordinated with departments and clients, resulting in a 30-50% performance gain and policy compliance improvements. The ePO 5 migration also impacted the underlying SQL Server 2005 installations. We chose Microsoft SQL Server 2008 R2 on Windows Server 2008 R2 Cluster for high availability to meet availability, scalability, tenant-independence and future-proof requirements. I now manage and administer the SQL servers, configuring ODBC, users, security, roles, permissions, maintenance plans, and special parameters, and handle disaster recovery. I monitor performance with PowerShell, Management Studio and SQL Monitor, analyze IPsec traffic with Wireshark, create reports for departments, management and clients. Daily, I use McAfee Vulnerability Manager for compliance, vulnerability analysis and network protection, conduct audits, produce comprehensive reports, maintain product documentation and knowledge base. I update endpoints with VirusScan Enterprise and Move AntiVirus, run custom scans, review logs, handle incident response, resolve issues, identify root causes, monitor new vulnerabilities and threats, and manage ePO server lifecycle, licenses and certificates. I create users and permission sets, configure server/client tasks and policies and automated responses, define SiteAdvisor Enterprise policies for web portals, build SCCM deployment packages with Installation Designer, escalate issues to McAfee support, and evaluate signature updates and new products in test environments.

Skills:

• Working with McAfee, Symantec and TrendMicro management platforms
• SEP to McAfee migration
• Endpoint security configuration and management
• Monitoring and reporting
• Database and storage management
• Threat prevention and detection
• Protection analysis and tuning
• Product evaluation and release management
• License management
• Disaster recovery planning
• Technical documentation
• Oracle, DB2, MSSQL server administration
• Storage design and management
• SQL clustering
• Security, patch and release management
• Documentation

Together with the security team, I migrated McAfee ePolicy Orchestrator from 3.x to 4.x, including policies, tasks, agents and antivirus components. I integrated, customized and maintained the ePolicy Orchestrator system structure to the global Active Directory schema, created and assigned client/server tasks, performed user audits, and configured server and authentication parameters. I responded to, analyzed and assessed security incidents and resolved issues in production. I also administered SQL Server 2005/2008, handled database migrations, installations and configurations of additional instances, monitored and tuned existing databases, and managed backups and security. I provided ITIL-based incident, change and request management, technical support for administrative staff at domestic and international sites, and created documentation, reports and statistics for departments and management, and conducted user training.

Skills:

• Central management of ~10,000 clients and 1,000 servers in backoffice, production and development environments across domestic and international sites using McAfee Agent, VirusScan, Host Intrusion Prevention, Endpoint Encryption, GroupShield for Exchange, SiteAdvisor, Rogue System Detection
• Migration from McAfee ePolicy Orchestrator 3.x to 4.x including policies, tasks, agents and antivirus components
• Integration and scripting of ePolicy Orchestrator, customization of system structure to global Active Directory schema, creation and assignment of client/server tasks, user audits, server and authentication parameter configurations
• Security incident response and analysis, SIEM analysis with SOC, SQL Server administration and migrations, SQL scripting, monitoring, tuning, reporting and backups
• Incident response and change request management and technical support for administrative staff at domestic and international sites
• Documentation, report and statistic creation for management, consulting and user training

This project required parallel operation of the old domain alongside the new domain with user access to both. We implemented a bidirectional trust and a DFS namespace configured for data synchronization via Robocopy jobs. The project also included defining and rolling out Group Policies, deploying printers via PushPrinterConnect.exe in client logon scripts, providing RemoteApps on terminal servers, migrating clients and users with ADMT (preserving old user SIDs for CRM authentication), implementing a new backup concept for HP Tape Library on CA Arcserve Backup 12.5 on Server 2008, and user support and documentation.

Skills:

• Server consolidation to VMware ESX 4.0 vSphere for high availability and training administrative staff
• Deployment of new domain controllers, terminal servers and application servers
• Provisioning RemoteApps on terminal servers
• Migration of computer and user accounts to the new domain
• Printer service and rollout via GPO
• Windows Server 2008 ADDS Group Policy management
• DFS / DFS-R deployments
• Parallel old and new domain operation via AD trust
• Integration of TrendMicro OfficeScan server and client rollout
• Implementation of new backup concept for HP Tape Library on CA Arcserve Backup 12.5 and policy management
• First, second and third level support and documentation of changes

In this project, I served as an IT system technician in the central emergency call center of Germany's largest private security services provider (~19,200 employees at 85 sites) during its merger with the second-largest player. The global group has over 260,000 employees. I integrated nationwide LAN, WAN, WLAN and FC network segments into the central data center architecture, managing all active and passive network components. I optimized office processes characterized by heterogeneous file formats and led the development of a Drupal-based CMS wiki. I migrated and managed clients and servers from Windows 2000/XP to XP/Vista and Windows Server 2000/2003 to 2003/2008, including VMware ESX Server 3.5 migrations and high-availability configuration. I provided 24x7 first, second and third level support (ticket management with OTRS) and monitored the infrastructure with Nagios and GFI Network Server Monitor. I supported Active Directory, Group Policy, print management, remote site monitoring, Microsoft Office users, and application delivery via Citrix Metaframe on Windows Server terminal farms. I oversaw network security with Symantec, McAfee, TrendMicro, SonicWall and Cisco products. I administered, reported and backed up MS SQL Server 2000/2005/2008. I consistently demonstrated a motivated, independent and team-oriented approach to improve workflows and contribute to growth, leveraging strong communication skills for successful project outcomes.

Skills:

• Support hotline (MS Office support, printer administration, ticket handling, password resets)
• Windows Server 2008 and MS SQL Server 2008 rollout
• Windows XP to Vista migration
• Facility management (building upgrades, climate control, UPS, access control)
• Client/server manufacturing for specialized applications
• Monitoring and documentation of critical processes
• Consolidation and VMware ESX server administration
• Citrix Metaframe application delivery
• Office document system process optimization
• Drupal CMS wiki in PHP
• Network documentation and performance analysis
• Backup concept and disaster recovery planning
• Hardware and software inventory
• Technical customer support for security systems (fire alarms, intrusion alarms, video surveillance)
• Alarm management system and operator client administration
• MS SQL Server database administration (2005, 2008)
• Exchange Server administration (2003, 2007)
• Active Directory management
• Antivirus administration (Symantec, eTrust, TrendMicro)

• Windows Terminal Server, Citrix Metaframe server farm, ThinPrint server and client
• Ensuring printer driver compatibility
• Load balancing
• User accounting
• Domain concept and Active Directory
• Firebird database server
• Migration of Germany-wide cash logistics centers from 16-bit to 32-bit management software
• Documentation and archiving according to ITIL guidelines
• Firewall administration, SonicWall VPN remote access
• User help desk
• On-site hardware and software support
• Printer concept planning and implementation
• Backup concept using Arcserve 11
• GFI FaxMaker server/client administration
• eTrust Antivirus Enterprise security
• MS Exchange Server administration
• Small Business Server 2003 infrastructure including Exchange 2003 and mobile remote
• Implementation of Microsoft Software Update Service for automatic client updates
• Network inventory with MOM
• MS SQL 2000 database administration

• Connecting an external office to the central network via WLAN and verifying and monitoring security and performance