Valeri Milke
Associate Partner - Information Security Consulting
Experience
Associate Partner - Information Security Consulting
Insentis GmbH
- Improve the information security management system (ISMS) based on ISO 27001, NIS2, DORA, B3S, TISAX and BSI IT Baseline Protection
- Conduct comprehensive gap analyses to identify gaps and derive action plans according to the above standards and regulations; governance and KPIs
- Data Loss Prevention strategy and implementation using MS Purview
- Vulnerability and patch management, security monitoring
- Risk analysis and threat modeling using STRIDE threat modeling
- Develop vendor risk assessments, implement risk classifications, conduct supplier assessments and deploy technical monitoring solutions (e.g. Security ScoreCard)
- Secure cloud environments (AWS and Azure); expertise in CSPM/CNAPP (Wiz), cloud migration, secure CI/CD pipelines, container security, and best practices in AWS, Azure and Office 365
- Application security: penetration testing, DevSecOps, OWASP, pre-commit hooks, key and secret management, IDE plugins, static code analysis, dependency checks, container scanning, vulnerability management, CIS benchmarks and compliance
- Security assessment and hardening according to CIS benchmarks and cloud conformity in AWS, Office 365 and Azure
Senior Information Security Consultant - Team Lead, Key Account Manager
@-yet GmbH
- Led a team (>15 members) in the information security management system (ISMS) and governance
- Developed and implemented a Data Loss Prevention strategy
- Took on the interim CISO role at a critical infrastructure (KRITIS) company
- Conducted internal audits according to BAIT and supported external BAIT audits
- Acted as PMO for multiple security projects
- Performed risk analysis and threat modeling using STRIDE
- Incident response and forensics
- DevSecOps: pre-commit hooks, keys & secrets management, IDE plugins, static code analysis, dependency checks, container scanning, vulnerability management & scanning, security monitoring, CIS benchmarks & compliance
- Penetration testing, application security (OWASP, CWE, ISO 27034, mobile security)
- Cloud security: cloud migration projects (AWS, Azure, Office 365, Google Cloud Platform)
- Security awareness: training and phishing/attack simulations
- Implemented a DLP solution
Senior IT-Security Consultant
softScheck GmbH
- Led a team (6 people) and did public speaking
- Managed key accounts and acquired new clients
- Threat modeling according to BSI TR-03109 for Smart Meter Gateways (SMGW) using STRIDE (for BSI)
- Application security and vulnerability management
- Secure software development lifecycle (SSDLC) according to ISO 27034
- Penetration testing and fuzzing
- Static code analysis
- Web application security (OWASP, Java EE) and mobile security (iOS, Android, MSTG, MASVS, backend)
- Threat modeling, security architecture and secure infrastructure using STRIDE threat modeling
- Hardened production environments and implemented security requirements
Research Associate
Hochschule BRS
- Contributed to the BMBF research project SoftSCheck
- Performed threat modeling using STRIDE
- Conducted penetration tests
- Dynamic analysis and fuzzing
- Evaluated security tools
Working Student
Hubwoo
- Supported SAP-based procurement solutions
- Conducted penetration tests
- Modeled threats
- Technical security assessments
- Project coordination
- Level 2 customer support
Internship
Fraunhofer IAIS
- Development of a framework for autonomous underwater vehicles
- Wireframe modeling
- Use of AI and physics engines
- Security assessment
Summary
Valeri Milke is the author of a book ("Cloud Security: Practice-Oriented Methods and Solutions for Secure Cloud Computing"), a certified ISO/IEC 27001 Lead Auditor, and the managing director of VamiSec GmbH - a consulting firm specialized in information security, regulatory compliance and IT risk management. With over 15 years of professional experience and more than 150 successfully completed projects in security-critical and highly regulated industries, he is one of the most experienced security experts in the German-speaking region. His expertise covers the setup and further development of information security and business continuity management systems (ISMS/BCMS), vulnerability and patch management, cloud and hybrid security, incident response, penetration testing, as well as security automation and the integration of AI into security processes. This is complemented by extensive knowledge of regulatory requirements such as DORA, NIS2, ISO/IEC 27001, CRA, TISAX, §8a BSIG, BSI IT Baseline Protection, as well as the AI Act and ISO/IEC 42001. Valeri Milke supports organizations in the strategic alignment of their security architecture and its operational implementation. This also includes security solutions in the context of Zero Trust, CNAPP, SIEM/SOC, data protection, supply chain risks and third-party management. As an experienced C-level consultant, he prepares security architectures and measures in a client-oriented way and regularly assumes the external CISO role in corporate and mid-market structures. His work is characterized by a holistic view of governance, risk and compliance - technology-agnostic, vendor-neutral and always up to date with current standards, threat landscapes and best practices.
Skills
Information Security Management And Compliance: Specialized In Is Governance, External Ciso Services, As Well As Implementing And Certifying Isms According To Iso 27001, Tisax And Bsi It Baseline Protection. Extensive Experience In Meeting Legal Requirements Such As Nis2, Dora, Cra, Ai Act And Bsig (Kritis).
Third-party And Supply Chain Risk Management: Developing Customer And Supplier Management, Classification, Assessment, And Implementation Of Organizational Measures As Well As Technical Risk Monitoring Solutions (E.g. Security Scorecard).
Cloud Security: In-depth Knowledge In Securing Cloud Environments, Especially Aws And Azure. Expertise In Cspm/cnapp (Wiz), Iam Design And Implementation Including Sso, Pam And Setting Up Secure Ci/cd Pipelines, E.g. Azure Devops.
Penetration Testing & Red Teaming / Tlpt: Simulated Attacks To Identify Vulnerabilities In It Systems And Processes, Including Threat-led Penetration Testing (Tlpt) According To Dora. Combining Technical Tests And Social Engineering Approaches To Expose Realistic Attack Vectors And Develop Targeted Countermeasures.
Business Continuity And Disaster Recovery: Proficiency In Developing And Implementing Bcms And It Emergency And Business Continuity Plans According To Iso 22301. Conducting Tabletop Crisis Exercises.
Application, Data Center, And Cloud Security: Expertise In Ssdlc According To Iec 62443, Iso 21434, Cloud Migration, Devsecops, Threat Modeling (Stride), Container Security, And Best Practices In Aws, Azure And Office 365 Environments.
Incident Response & Forensics: Experience Leading Critical Incident Response Projects, Forensic Investigations As Well As Proactive Threat Hunting In Cloud (M365) And On-prem Environments, For Example During A Ransomware Attack.
Ai-powered Security: Using Ai To Strengthen Cyber Resilience And Compliance To Stay Ahead In A Dynamic Regulatory Environment, For Example With Ai-isms Tools And Ai-based Attack Detection.
Helping Organizations Strengthen Compliance, Secure Data Centers And Hybrid It Infrastructures, And Increase Business Resilience Through Ai With The Goal Of Turning Complex Security Requirements Into Clear, Strategic Solutions.
Experience In Various Industries, Including Energy Supply, Financial Services, Manufacturing And Critical Infrastructure (Kritis).
Industry Expertise Includes: Aerospace & Defense, Banking And Insurance, Automotive & Transport, Industrial & Manufacturing, Software Vendors, Fintech & Crypto Companies, Retail, Pharma, Hospitals & Utilities, Public Sector, Both Domestic And International.
Languages
Education
Fachhochschule Bonn-Rhein-Sieg
Bachelor of Science · Computer Science · Sankt Augustin, Germany · 1.3
Rheinische Akademie Köln
Information Technology Training · Cologne, Germany
Certifications & licenses
Auditor/Lead Auditor In Information Security, Cybersecurity And Privacy Protection - Information Security Management Systems Based On ISO/IEC 27001:2022
TÜV SÜD South Asia Pvt. Ltd.
ISO 27001:2022 Lead Auditor
InfoSecTrain
The NIS-2 Directive: Essential Knowledge for Business and Corporate Management - Responsibilities and Duties
TÜV Thüringen Akademie GmbH
IT Baseline Protection Practitioner
SoftEd Systems GmbH
TSA-ISMSLA-IT7-038
TÜV SÜD
Additional Audit Procedure Competence for § 8a (3) BSIG
ISACA Germany Chapter
Corporate Data Protection Officer (IHK)
Industrie- und Handelskammer zu Köln
PR320: ISMS ISO 27001:2013 Lead Auditor
TÜV Rheinland Akademie GmbH
Cloud Security Expert
CELS
AI Officer
Similar Freelancers
Discover other experts with similar qualifications and experience
Security Consultant
Deputy Chief Information Security Officer
Project Manager NIS-2
Information Security Consultant
Ansible Automation, Windows Third Level Support
ICT Risk Management and Information Security
IT-Security Manager
Senior IT Enterprise Security Architect | Project Bank Migration
Lead Auditor
Senior Consultant / PM Infrastructure Services & Workplace Migration
Information Security Officer
System and Endpoint Hardening
Consultant in Information Security, Data Protection and Business Continuity Management
Owner and Managing Director
OT Security Champion Europe
ISO – Senior Consultant Quality & Information Security
Interim CISO (Germany, Austria, US, APAC), Auditor
Chief Information Security Officer (CISO)
GDPR Consultant
Senior Consultant Security (freelance)
Managing Director and Senior Consultant
Acting Partner
Solution Manager for PoC investigation and replacement and refinement of an existing cloud and IoT power plant control system
Information Security Manager
KRITIS Consultant
Consultant
Identity & PAM Architect
IT & Cybersecurity Project Manager
Managing Director; Data Protection Officer; Information Security Officer
