Valeri Milke
Associate Partner - Information Security Consulting
Experience
Associate Partner - Information Security Consulting
Insentis GmbH
- Improvement of the Information Security Management System (ISMS) based on ISO 27001, NIS2, DORA, B3S, TISAX and BSI IT Baseline Protection
- Conducting comprehensive gap analyses to identify gaps and derive action plans according to the above standards and regulations; management and KPIs
- Data Loss Prevention strategy and implementation using MS Purview
- Vulnerability and patch management, security monitoring
- Risk analysis and threat modeling using the STRIDE methodology
- Development of vendor risk assessments, implementation of risk classifications, conducting supplier assessments and implementing technical monitoring solutions (e.g. Security ScoreCard)
- Securing cloud environments (AWS and Azure); expertise in CSPM/CNAPP (Wiz), cloud migration, secure CI/CD pipelines, container security and best practices in AWS, Azure and Office 365
- Application security: penetration testing, DevSecOps, OWASP, pre-commit hooks, key and secret management, IDE plugins, static source code analysis, dependency checks, container scanning, vulnerability management, CIS benchmarks and compliance
- Security assessment and hardening according to CIS benchmarks and cloud conformity in AWS, Office 365 and Azure
Lead Information Security Consultant - Team Lead, Key Account Manager
@-yet GmbH
- Leading a team (>15 members) in the information security management system (ISMS) and governance
- Developing and implementing a data loss prevention strategy
- Taking on the interim CISO role in a KRITIS organization
- Conducting internal audits according to BAIT and supporting external BAIT audits
- PMO of multiple security projects
- Risk analysis and threat modeling with STRIDE
- Incident response and forensics
- DevSecOps: pre-commit hooks, key & secret management, IDE plugins, static source code analysis, dependency checks, container scanning, vulnerability management & scanning, security monitoring, CIS benchmarks & compliance
- Penetration testing, application security (OWASP, CWE, ISO 27034, mobile security)
- Cloud security: cloud migration projects (AWS, Azure, Office 365, Google Cloud Platform)
- Security awareness: training and simulation of phishing and attacks
- Implementing a DLP solution
Senior IT-Security Consultant
softScheck GmbH
- Leading a team (6 people) and public speaking
- Key account management and customer acquisition
- Threat modeling according to BSI TR-03109 for smart meter gateways (SMGW) using STRIDE (for the BSI)
- Application security and vulnerability management
- Secure software development lifecycle (SSDLC) according to ISO 27034
- Penetration testing and fuzzing
- Static source code analysis
- Security of web applications (OWASP, Java EE) and mobile security (iOS, Android, MSTG, MASVS, backend)
- Threat modeling, security architecture and secure infrastructure using STRIDE threat modeling
- Hardening production environments as well as implementing and applying security requirements
Research Associate
Hochschule BRS
- Collaborating in the BMBF research project SoftSCheck
- Conducting threat modeling using STRIDE
- Conducting penetration tests
- Dynamic analysis and fuzzing
- Evaluating security tools
Working Student
Hubwoo
- Supporting SAP-based procurement solutions
- Conducting penetration tests
- Threat modeling
- Technical security assessments
- Project management
- Level 2 customer support
Internship
Fraunhofer IAIS
- Framework development for autonomous underwater vehicles
- Wire-Frame-Modeling
- Use of AI and physics engines
- Security evaluation
Industries Experience
See where this freelancer has spent most of their professional time. Longer bars indicate deeper hands-on experience, while shorter ones reflect targeted or project-based work.
Experienced in Information Technology (17 years), Professional Services (6 years), Aerospace and Defense (1.5 years), and Education (1 year).
Business Areas Experience
The graph below provides a cumulative view of the freelancer's experience across multiple business areas, calculated from completed and active engagements. It highlights the areas where the freelancer has most frequently contributed to planning, execution, and delivery of business outcomes.
Experienced in Information Technology (17 years), Quality Assurance (7.5 years), Project Management (6 years), Sales (6 years), Research and Development (2 years), and Procurement (2 years).
Summary
Valeri Milke is an author ("Cloud Security: Practice-Oriented Methods and Solutions for Secure Cloud Computing"), a certified ISO/IEC 27001 Lead Auditor, and managing director of VamiSec GmbH – a consulting firm specializing in information security, regulatory compliance and IT risk management. With over 15 years of professional experience and more than 150 successfully completed projects in security-critical and highly regulated industries, he is one of the most experienced security experts in the German-speaking region. His expertise covers building and developing information security and business continuity management systems (ISMS/BCMS), vulnerability and patch management, cloud and hybrid security, incident response, penetration testing, as well as security automation and the integration of AI into security processes. This is complemented by extensive knowledge of regulatory requirements such as DORA, NIS2, ISO/IEC 27001, CRA, TISAX, §8a BSIG, BSI IT Baseline Protection, as well as the AI Act and ISO/IEC 42001. Valeri Milke helps organizations with the strategic alignment of their security architecture and its operational implementation. This also includes security solutions in the context of Zero Trust, CNAPP, SIEM/SOC, data protection, supply chain risks and third-party management. As an experienced C-level advisor, he presents security architectures and measures in a target-oriented way and regularly takes on the external CISO role in both corporate and mid-market settings. His work is characterized by a holistic view of governance, risk and compliance – technology-agnostic, vendor-neutral and always up to date with current standards, threat landscapes and best practices.
Skills
Information Security Management And Compliance: Specialized In Is Governance, External Ciso Services, As Well As Implementing And Certifying Isms According To Iso 27001, Tisax And Bsi It Baseline Protection. Extensive Experience In Meeting Legal Requirements Such As Nis2, Dora, Cra, Ai Act And Bsig (Kritis).
Third-party And Supply Chain Risk Management: Developing Customer And Supplier Management, Classification, Assessment And Implementation Of Organizational Measures As Well As Technical Risk Monitoring Solutions (E.g. Security Scorecard).
Cloud Security: In-depth Knowledge In Securing Cloud Environments, Especially Aws And Azure. Expertise In Cspm/cnapp (Wiz), Iam Design And Implementation Including Sso, Pam And Secure Ci/cd Pipelines, E.g. Azure Devops.
Penetration Testing & Red Teaming / Tlpt: Simulated Attacks To Identify Vulnerabilities In It Systems And Processes, Including Threat-led Penetration Testing (Tlpt) As Per Dora. A Combination Of Technical Tests And Social Engineering Approaches To Demonstrate Realistic Attack Vectors And Develop Targeted Countermeasures.
Business Continuity And Disaster Recovery: Competence In Developing And Implementing Bcms And It Emergency And Business Continuity Plans According To Iso 22301. Conducting Tabletop Crisis Exercises.
Application, Data Center And Cloud Security: Expertise In Ssdlc According To Iec 62443, Iso 21434, Cloud Migration, Devsecops, Threat Modeling (Stride), Container Security And Best Practices In Aws, Azure And Office 365 Environments.
Incident Response & Forensics: Experience Leading Critical Incident Response Projects, Forensic Investigations As Well As Proactive Threat Hunting In Cloud (M365) And On-prem Environments, For Example During A Ransomware Attack.
Ai-powered Security: Using Ai To Strengthen Cyber Resilience And Compliance To Stay Ahead In A Dynamic Regulatory Environment, For Example Through Ai-isms Tools And Ai-driven Attack Detection.
Helping Organizations Strengthen Compliance, Secure Data Centers And Hybrid It Infrastructures, And Increase Business Resilience Through Ai With The Goal Of Turning Complex Security Requirements Into Clear, Strategic Solutions.
Experience In Various Industries, Including Energy Supply, Financial Services, Manufacturing And Critical Infrastructures (Kritis).
Industry Expertise In, Among Others: Aerospace & Defense, Banking And Insurance, Automotive & Transport, Industrial & Manufacturing, Software Vendors, Fintech & Crypto Companies, Retail, Pharmaceuticals, Hospitals & Utilities, Public Sector, Both Nationally And Internationally.
Languages
Education
Fachhochschule Bonn-Rhein-Sieg
Bachelor of Science · Computer Science · Sankt Augustin, Germany · 1.3
Rheinische Akademie Köln
Vocational training in information technology · Cologne, Germany
Certifications & licenses
Auditor/Lead Auditor In Information Security, Cybersecurity And Privacy Protection - Information Security Management Systems Based On ISO/IEC 27001:2022
TÜV SÜD South Asia Pvt. Ltd.
ISO 27001:2022 Lead Auditor
InfoSecTrain
The NIS-2 Directive: Compact Knowledge for Executive and Corporate Management - Responsibilities and Obligations
TÜV Thüringen Akademie GmbH
IT Baseline Protection Practitioner
SoftEd Systems GmbH
TSA-ISMSLA-IT7-038
TÜV SÜD
Additional Audit Procedure Competence for § 8a (3) BSIG
ISACA Germany Chapter
Data Protection Officer (IHK)
Industrie- und Handelskammer zu Köln
PR320: ISMS ISO 27001:2013 Lead Auditor
TÜV Rheinland Akademie GmbH
Cloud Security Expert
CELS
AI Officer
Profile
Frequently asked questions
Do you have questions? Here you can find further information.
Where is Valeri based?
What languages does Valeri speak?
How many years of experience does Valeri have?
What roles would Valeri be best suited for?
What is Valeri's latest experience?
What companies has Valeri worked for in recent years?
Which industries is Valeri most experienced in?
Which business areas is Valeri most experienced in?
Which industries has Valeri worked in recently?
Which business areas has Valeri worked in recently?
What is Valeri's education?
Does Valeri have any certificates?
What is the availability of Valeri?
What is the rate of Valeri?
How to hire Valeri?
Average rates for similar positions
Rates are based on recent contracts and do not include FRATCH margin.
Similar Freelancers
Discover other experts with similar qualifications and experience
Experts recently working on similar projects
Freelancers with hands-on experience in comparable project as a Associate Partner - Information Security Consulting
Nearby freelancers
Professionals working in or nearby Bonn, Germany
