Deployment as an Incident Manager following a hacking attack. Investigating vulnerabilities, sources of errors, and potential further attack vectors. Developing an enhanced emergency concept and backup strategy plan to mitigate future attacks. Planning and hardening additional system components with the operations team as technical security lead. Planning of PenTests and vulnerability management with Qualys.

Software Used:

-       SQL

-       Linux and Windows Server

-       Cisco, WatchGuard

-       Active Directory, DNS, DHCP, etc.

-       QUALYS

-       Bitdefender AV

Technical Project Manager for the Establishment of an External SOC/SIEM in the LBS Bank Group

 -       Selection and integration of the external SOC service provider

-       Development of use cases

-       Splunk SIEM Installation and integration / Forwarder Installation

-       Creation of processes in the banking environment in accordance with BAIT requirements

-       Technical development and adaptation of additional use cases

-       Integration of bank-specific applications (OS Plus, bit-MaRisk, SAP, etc.)

-       Integration of technical infrastructure (Active Directory, DNS, telecommunications, Sophos Antivirus, Cisco VPN, Citrix, etc.)

-       Central point of contact for all IT security incidents

-       Incident Manager for IT security incidents

-       Evaluation/analysis of incoming SOC incidents with operations

-       Further development of processes and use cases / technical design

-       Provider management of the SOC service provider

-       Development of incident response plans for emergency planning in emergency management and creation of playbooks for SOC/Operational Teams

-       Improvement of operational security through regular meetings, reports, SLA Tracking etc., on the current SOC threat landscape

-       Intensive collaboration with operational Teams as an interface to the SOC

-       Improvement of processes in the area of penetration testing and vulnerability management

-       Coordination, preparation, and follow-up of pen-test findings, Audit Findings and vulnerabilities

-       Consulting on improving IT security strategy / best practices

-       Evaluation / Consulting from new Security-Tools

-       Member of the Bank emergency Board / Incident Management 

-       Development of a SIEM solution for the OT (Operational Technology) sector

-       Current state analysis (IST Analysis)

-       Technical planning and coordination

-       Design of a SOC SIEM structure for OT systems

-       Consolidation planning for multiple SIEM systems (international)

-       Project Lead for the Part ?SPLUNK SIEM for OT?

Supporting the Global Defense Team as Security Analyst for Operational Technology (OT) networks with Qualys.

• Analyse / Testing OT Components (S7, Roboter etc)

• Supporting Stakeholder with Qualys

• Supporting different projects

• Onboard location (OT) into Qualys for Vulnerability scanning

• Creating special Option Profiles (Lifecycle) for OT Components

Implement a Vulnerability Management for Operational Technology (OT) networks with Qualys as Pre-Project Lead for > 20 locations.

1) Analyse of current environment, technologies and Stakeholder.

2) Build up a project plan with Milestones, capacity planning, cost calculation

3) Kickoff the first locations and start onboarding

4) Create a Community with Stakeholders to create Option Profiles for OT

Period                                     Client/sector                                       Company size

01.04.2021 ?25.07.2021                SEPAGO                         > 200 employees

Position

Senior Security Expert

Responsibilities

Process implementation and customer onboarding for "SOC as a Service" (Security Operations Center). 

Working as Security Expert / Incident Manager for the SOC, evaluation of existing processes.

Products:

AZURE, Microsoft Defender für Endpoint, Microsoft Defender ATP

Period                                     Client/sector                                       Company size

01.01.2016 – today                 AXA Group Operation                         > 100.000 employees

Position

01.01.2016: Senior Security Analyst & 01.11.2020: Vulnerability Management Expert

Responsibilities

• 1) Senior Security Analyst

Remediation and coordinating of Pen Test findings (global/local) and Audit tracking. Reporting of findings and incidents to AXA Management and solver departments. Coordination and supporting incoming requests to operational resolver groups and supporting them with security requirements according to AXA Security Guidelines and deep technical knowledge.

Regional Manager (Northern Europe Region) for DETACK epas (Enterprise Password Assessment), appliance administration incl. maintenance and central reporting for password quality reports.

• 2) Vulnerability Management Expert

• Global project supporting of the Qualys Guard Infrastructure
• Infrastructure Administration and Maintenance from Qualys Guard
• Reporting of Vulnerabilities
• Remediation and Tracking
• Asset Management and Server-Onboarding
• Vendor-Management / Coordination and support Tickets

Primary Tasks and responsibilities:

• Perform activities for vulnerability scanning and policy compliance (Qualys Guard)
• Maintain and operate password hunting and quality assurance tool
• Manage and control audit remediation activities
• Manage and support Pen Test activities
• Perform security and risk assessments
• Create security concepts

Security support for Sub-Tasks:

• Password Clear Text Scanning
• Support for CyberArk migration
• Supporting the privileged User Management and recertification
• Related requests for ICT Infrastructure and Firewall approvals
• Security Consultant for other IT Projects
• Support the global security Incident Management

Tools:

• Security Tools (epas DETACK, Nessus, OpenVAS, Metasploit, Qualys)
• Operate password hunting for Active Directory, LDAP, Windows Server, Linux, Oracle, MSSQL, Citrix and MySQL
• Microsoft Office

Period                                     Client/sector                                       Company size

01.07.2015 – 31.12.2015        AXA Konzern AG                                > 100.000 employees

Position

Senior Security Analyst / Pen Test coordinator

Responsibilities

Pen Test coordination (internal application) and Group Reporting for the Group Pen Test Campaign 2015. Planning and setup Pen Tests with external providers, provider management and assessment of risks. Detailed preparation and debriefing with stakeholders  and support with deep technical knowledge in the remediation phase. Perform lessons learned workshops after pen test activities. Preparation of Management escalations and Risk Letters for findings with high risk or high priority, communication from findings to SOC,  external providers or to AXA Tech.

Qualys Guard vulnerability management:

Act as supporter for Pen testers with  Qualys Guard Scans, Web application Scans and setup circular BlackBox Tests (incl. monitoring) for non critical AXA Web Applications

Period                                Client/sector                                       Company size

01.10.2013 – 30.06.2015         AXA-Tech                                           > 100.000 employees

Position

Senior Security Analyst / Vulnerability Management

Responsibilities

Global project supporting for Qualys Guard vulnerability management:

Establishment of a new Qualys Guard infrastructure and concept for circular vulnerability scans. Detailed breakdown from the complete AXA Germany and AXA Belgium Network with the restructuring from the existing appliance solution to a virtual environment. Rebuild new Qualys Assets and integrate new processes for deployment and vulnerability scans. Maintenance and central contact for the Qualys environment after the restructure.

Security support for Sub-Projects:

• Tracking from Audit Findings particular for high critical financial systems
• Architecture and Establishment of Privileged User Management Database for Windows, Linux, VMWare, SQL and Oracle.
• Organizational measure to capture High Privileged Accounts

Reporting, tracking and remediation of vulnerabilities, system hardening and patch management

Period                                     Client/sector                                         Company size

01.01.2013 – 31.08.2013          Deutsche Annington Immobilien SE       > 4.000 employees

                                               (Heute: Vonovia)

Position

Senior Security Expert

Responsibilities

Establishment of security concepts and processes for the IPO (stock market launch), risk evaluation and coordination Pen Testing.

• Active vendor management for the WAN/LAN/Security/Data Centre infrastructure (as support for the service management)
• Installation, reduction and sizing for the MPLS/VPN connectivity
• IP Management (conception and planning) for all locations
• Change management
• Supporting the operational unit as 3rd level support (firewalling, network, BlueCoat Proxy SG, reverse proxy (TMG) and F5 load balancers)
• Project lead for cross projects (Juniper SSL VPN migration from device SA4000 to MAG6611, location moves, migration of the anti-virus solution to an external vendor / SaaS)

Products and standards:

• ITSM
• IT Security (Grundschutz, BSI, various security products)
• Juniper, Cisco
• Blue Coat, Squid
• McAfee
• Alcatel-Lucent VitalQIP

Period                                     Client/sector                                         Company size

16.07.2012 – 31.12.2012          Deutsche Telekom AG  (ICM, IKS)        > 200.000 employees

Position

Senior Security Consultant Data privacy

Responsibilities

Supporting and revision of various EPR Projects (main task: Security/Privacy concepts and compliance, auditing the plausibility of concepts). Approver for authority of compliance and above concepts incl. the SoCs (Statement of Compliance) for Group-wide operational standards. Consulting for network security and infrastructure (security) solutions.

Period                                     Client/sector                                         Company size

01.06.2012 – 15.07.2012          various clients                                      > 1.000 employees

Position

Cloud Strategy / Evaluation for various clients

Responsibilities

Consulting for various clients, evaluation of several cloud infrastructure solutions and IT Security. Consulting for Data Centre strategy and cost optimisation, conception of the effort and feasibility into a full managed service.

Period                                     Client/sector                                         Company size

01.04.2012 – 31.05.2012          SIEMENS ATOS                                  > 200.000 employees

Position

Security Infrastructure coordinator

Responsibilities

Analyse of a large ICT infrastructure environment, reporting of missing ICT functions to the ATOS Board. Creating reports of Security Incident processes in the area MDS (Mobile Device Service) and Endpoint Security.

Period                                     Client/sector                                       Company size

01.07.2011 – 31.03.2012          Telekom Deutschland GmbH                > 200,000 employees

Position

Sub-project management / set-up of a private cloud for the Deutsche Telekom Group

Responsibilities

Conceptualisation, integration and interconnection of several cloud infrastructure solutions. Harmonisation of the framework conditions and requirements for the strategic projects from an operational standpoint, with a focus on compliance with Group-wide operational standards. Hand-over of the platforms developed during the project in a stable operating condition.

Primary responsibilities

• Sub-project management in the area of technical implementation
• Reporting, monitoring of milestone achievements and task lists, escalations
• Product selection / comparison of various cloud products
• Conceptualisation of the cloud environment and WAN connectivity (MPLS WAN, cloud design, integration of firewalls)
• Agreement of requirements with the provider
• Drafting of the operating concept
• Design of the client’s network and security solutions
• Conceptualisation of future IT Solution for Telekom Management (LISP, WAN Accelerator)
• Co-ordination and approval with Group Security
• Contract management, SLAs, statements of work / technical specification documents
• Preparation of management-oriented decision point documents
• Preparation for migration, hand-over to the migration team

Products and standards

• Cloud computing (SaaS, PaaS, IaaS, DSI)

• ITSM / ITIL
• Requirements management
• Virtualisation (ESX, vCloud, Zimory, Citrix XenApp)
• Network (LISP, Cisco, Juniper, BlueCoat Systems, Riverbed, F5)

Period                                     Client/sector                                         Company size

07/2009 – 30.06.2011               T-Systems International (CZ, UK, NL)    > 200,000 employees

Position

Security Architect, International Data centre consolidation

Responsibilities

• Migration of an existing data centre environment in the Czech Republic/UK/NL to a German cloud environment
• Conceptualisation of the data centre inter-connectivity / expansion of existing data centre connectivity
• Planning of new VLANs within the overall application structure
• Conceptualisation of firewalls, load balancers, reverse proxy environments
• Conceptualisation of application-specific network environments using AppCom / STS
• Process support for business blueprint / security / migration
• Planning and preparation of changes (firewall, load balancers, monitoring,…)
• Documentation of complex projects
• Decommissioning of legacy data centre connections and firewall systems
• IP connectivity planning (routing, firewall environment, IP address management)

Products and standards

• ITIL
• Baseline security requirements in accordance with Corporate Security Policy
• Cisco, F5, Juniper
• Network (routing, MPLS, ATM, SDH, VPN, DMZ, IPSec, BGP)

• Cloud computing (SaaS/PaaS, ESX, Citrix)

Period                                     Client/sector                                       Company size

10/2008 - 06/2009                    SIEMENS                                            > 200,000 employees

Position

Sub-project Management Security

Responsibilities

Sub-project Manager for a SIEMENS carve out project as technical lead

• Technical team manager on the security team
• Planning and development of a new security infrastructure (60 Firewalls, 4 Proxys etc)
• Categorisation of the IT systems by confidentiality, integrity and availability
• Establishment of security concepts and processes
• Preparation of management-oriented decision point documents
• Drafting the security operation manual
• On-going target/actual comparison
• Selection of the security products
• Planning and deployment of network coupling within the carve out
• Integration of business partners
• Conceptualisation and deployment of the remote LAN access structure
• Planning of a PKI infrastructure
• International roll-out of the firewall systems worldwide
• Firewall administration

Products and standards

• ITIL
• Baselining in accordance with BSI basic IT protection guidelines
• Watchguard firewalls (SSL VPN, IDS, IPS)
• Network (routing, IPSec VPN, DMZ, network coupling, skip areas, NAT zones)
• OTP (VASCO, two-factor authentication)
• Anti-spam (Azeti), proxy with content/Web security
• SAP router
• Monitoring of the security components under NAGIOS
• Servers (virtualisation using VMWare, Windows Server 2003/2008, Linux)
• Microsoft Project

Period                                     Client/sector                                       Company size

04/2008 - 09/2008                    DHL                                                    > 200,000 employees

Position

Sub-project management Security

Responsibilities

• Sub-project management for a Client migration project (6,000 Users)
• In charge of the areas proxies, networks, firewalls, applications
• Supporting service management
• Preparation of security concepts and processes for an external service provider (T-Systems)
• Deactivation of legacy server systems and network landscapes
• Developing global server concepts
• Planning and migration of a proxy cluster (approx. 6,000 users)
• Modification of the security processes
• Preparation of changes (change management)
• Developing a JAVA PAC file for approx. 3,500 workplace systems
• Planning and matching of bandwidth requirements for the MPLS structure
• Matching of DNS and DHCP

Products and standards

• ITIL
• Checkpoint firewalls
• Network (network coupling, NAT zones, routing, MPLS, ATM)
• Citrix
• App-V (former SoftGrid)
• Proxy/Internet: Squid, Finjan Secure Web Gateway (content security)
• Directory services: Active Directory, LDAP
• Microsoft Project

Period                                     Client/sector                                       Company size

08/2007 - 03/2008                    DEUTSCHE POST AG                         > 200,000 employees

Position

Security management auditor for DEUTSCHE POST Management Board

Responsibilities

• Auditing of IT and security projects (ITIL / CoBIT)
• Security management audits at a data centre of a service provider
• Preparing the audit
• Orientation of the control objectives to the corporate structure
• Kick-off, establishing the audit and the audit sphere
• Interviews with the specialist departments
• Weak-point analysis
• Auditing of authorisation processes
• Assessment of risks
• Recommending improvements
• Reporting to the Board

Products and standards

• ITIL
• CoBIT
• Microsoft Office (PowerPoint, Word, Excel)