Successfully implemented vulnerability management with DefectDojo
Consulting and implementing technical and process aspects of vulnerability management with DefectDojo
Advising on implementation for a secure software development lifecycle
Skills:** Gitlab, DefectDojo, Vulnerability Management, SCA, SAST, DAST, Python, Kubernetes, ArgoCD, Docker, AWS, Azure, Whitesource/Mend, Greenbone
Conducting threat and risk analyses (TARA) on industrial products
Advising customers in the threat modeling process
Performing STRIDE-based threat modeling using Microsoft Threat Modeling Tool
Skills:** STRIDE, TARA, MS Threat Modelling Tool
Consulting and reviewing developer teams on application security and secure coding in a large federal project
Promoting awareness of a DevSecOps culture, shift-left, and security-by-design principles
Implementing tools for a secure software development lifecycle
Skills:** AppSec, DevSecOps, SCA, OWASP ZAP, Tekton, Azure DevOps, OpenShift Advanced Cluster Security, OWASP Dependency-Track, Sonarqube
Setting up a secure software development lifecycle using GitLab for students for hands-on testing and learning in software engineering
Implementing CI/CD pipelines with various security tools like SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), and dependency scanners
Teaching threat modeling, risk assessments, and incident management in a hands-on course
Skills:** Gitlab, SCA, SAST, DAST, TARA, Incident Mangement
Conceptualizing, defining requirements, and creating a proof of concept for a security application interface for industrial machines
Creating a security concept, developing the software and related tools, and organizing a penetration test for the proof of concept
Assessing feasibility and presenting results from the proof-of-concept case study
Skills:** Docker, Podman, embedded Systems, Bash, Rust, Python, Threat Modelling, Secure SDLC
Setting up the IT security team in software development
Developing guidelines for internal and external software projects regarding the secure software development lifecycle (SSDLC)
Training and raising awareness for secure software development
Assessing and implementing a DevSecOps process and tools like SCA, SAST, DAST, threat modeling, etc.
Skills:** Gitlab, Secure SDLC, Project Management, Threat Modelling, SCA, Dependency-Track
I'm Nils, a dedicated freelancer specializing in AppSec and DevSecOps. My focus is on securing software and implementing robust security practices in software development.
Discover other experts with similar qualifications and experience