Deployment as an Incident Manager following a hacking attack. Investigating vulnerabilities, sources of errors, and potential further attack vectors. Developing an enhanced emergency concept and backup strategy plan to mitigate future attacks. Planning and hardening additional system components with the operations team as technical security lead. Planning of PenTests and vulnerability management with Qualys.
Software Used:
- SQL
- Linux and Windows Server
- Cisco, WatchGuard
- Active Directory, DNS, DHCP, etc.
- QUALYS
- Bitdefender AV
Technical Project Manager for the Establishment of an External SOC/SIEM in the LBS Bank Group
- Selection and integration of the external SOC service provider
- Development of use cases
- Splunk SIEM Installation and integration / Forwarder Installation
- Creation of processes in the banking environment in accordance with BAIT requirements
- Technical development and adaptation of additional use cases
- Integration of bank-specific applications (OS Plus, bit-MaRisk, SAP, etc.)
- Integration of technical infrastructure (Active Directory, DNS, telecommunications, Sophos Antivirus, Cisco VPN, Citrix, etc.)
- Central point of contact for all IT security incidents
- Incident Manager for IT security incidents
- Evaluation/analysis of incoming SOC incidents with operations
- Further development of processes and use cases / technical design
- Provider management of the SOC service provider
- Development of incident response plans for emergency planning in emergency management and creation of playbooks for SOC/Operational Teams
- Improvement of operational security through regular meetings, reports, SLA Tracking etc., on the current SOC threat landscape
- Intensive collaboration with operational Teams as an interface to the SOC
- Improvement of processes in the area of penetration testing and vulnerability management
- Coordination, preparation, and follow-up of pen-test findings, Audit Findings and vulnerabilities
- Consulting on improving IT security strategy / best practices
- Evaluation / Consulting from new Security-Tools
- Member of the Bank emergency Board / Incident Management
- Development of a SIEM solution for the OT (Operational Technology) sector
- Current state analysis (IST Analysis)
- Technical planning and coordination
- Design of a SOC SIEM structure for OT systems
- Consolidation planning for multiple SIEM systems (international)
- Project Lead for the Part ?SPLUNK SIEM for OT?
Supporting the Global Defense Team as Security Analyst for Operational Technology (OT) networks with Qualys.
Analyse / Testing OT Components (S7, Roboter etc)
Supporting Stakeholder with Qualys
Supporting different projects
Onboard location (OT) into Qualys for Vulnerability scanning
Creating special Option Profiles (Lifecycle) for OT Components
Implement a Vulnerability Management for Operational Technology (OT) networks with Qualys as Pre-Project Lead for > 20 locations.
1) Analyse of current environment, technologies and Stakeholder.
2) Build up a project plan with Milestones, capacity planning, cost calculation
3) Kickoff the first locations and start onboarding
4) Create a Community with Stakeholders to create Option Profiles for OT
Period Client/sector Company size
01.04.2021 ?25.07.2021 SEPAGO > 200 employees
Position
Senior Security Expert
Responsibilities
Process implementation and customer onboarding for "SOC as a Service" (Security Operations Center).
Working as Security Expert / Incident Manager for the SOC, evaluation of existing processes.
Products:
AZURE, Microsoft Defender für Endpoint, Microsoft Defender ATP
Period Client/sector Company size
01.01.2016 – today AXA Group Operation > 100.000 employees
Position
01.01.2016: Senior Security Analyst & 01.11.2020: Vulnerability Management Expert
Responsibilities
Remediation and coordinating of Pen Test findings (global/local) and Audit tracking. Reporting of findings and incidents to AXA Management and solver departments. Coordination and supporting incoming requests to operational resolver groups and supporting them with security requirements according to AXA Security Guidelines and deep technical knowledge.
Regional Manager (Northern Europe Region) for DETACK epas (Enterprise Password Assessment), appliance administration incl. maintenance and central reporting for password quality reports.
Primary Tasks and responsibilities:
Security support for Sub-Tasks:
Tools:
Period Client/sector Company size
01.07.2015 – 31.12.2015 AXA Konzern AG > 100.000 employees
Position
Senior Security Analyst / Pen Test coordinator
Responsibilities
Pen Test coordination (internal application) and Group Reporting for the Group Pen Test Campaign 2015. Planning and setup Pen Tests with external providers, provider management and assessment of risks. Detailed preparation and debriefing with stakeholders and support with deep technical knowledge in the remediation phase. Perform lessons learned workshops after pen test activities. Preparation of Management escalations and Risk Letters for findings with high risk or high priority, communication from findings to SOC, external providers or to AXA Tech.
Qualys Guard vulnerability management:
Act as supporter for Pen testers with Qualys Guard Scans, Web application Scans and setup circular BlackBox Tests (incl. monitoring) for non critical AXA Web Applications
Period Client/sector Company size
01.10.2013 – 30.06.2015 AXA-Tech > 100.000 employees
Position
Senior Security Analyst / Vulnerability Management
Responsibilities
Global project supporting for Qualys Guard vulnerability management:
Establishment of a new Qualys Guard infrastructure and concept for circular vulnerability scans. Detailed breakdown from the complete AXA Germany and AXA Belgium Network with the restructuring from the existing appliance solution to a virtual environment. Rebuild new Qualys Assets and integrate new processes for deployment and vulnerability scans. Maintenance and central contact for the Qualys environment after the restructure.
Security support for Sub-Projects:
Reporting, tracking and remediation of vulnerabilities, system hardening and patch management
Period Client/sector Company size
01.01.2013 – 31.08.2013 Deutsche Annington Immobilien SE > 4.000 employees
(Heute: Vonovia)
Position
Senior Security Expert
Responsibilities
Establishment of security concepts and processes for the IPO (stock market launch), risk evaluation and coordination Pen Testing.
Products and standards:
Period Client/sector Company size
16.07.2012 – 31.12.2012 Deutsche Telekom AG (ICM, IKS) > 200.000 employees
Position
Senior Security Consultant Data privacy
Responsibilities
Supporting and revision of various EPR Projects (main task: Security/Privacy concepts and compliance, auditing the plausibility of concepts). Approver for authority of compliance and above concepts incl. the SoCs (Statement of Compliance) for Group-wide operational standards. Consulting for network security and infrastructure (security) solutions.
Period Client/sector Company size
01.06.2012 – 15.07.2012 various clients > 1.000 employees
Position
Cloud Strategy / Evaluation for various clients
Responsibilities
Consulting for various clients, evaluation of several cloud infrastructure solutions and IT Security. Consulting for Data Centre strategy and cost optimisation, conception of the effort and feasibility into a full managed service.
Period Client/sector Company size
01.04.2012 – 31.05.2012 SIEMENS ATOS > 200.000 employees
Position
Security Infrastructure coordinator
Responsibilities
Analyse of a large ICT infrastructure environment, reporting of missing ICT functions to the ATOS Board. Creating reports of Security Incident processes in the area MDS (Mobile Device Service) and Endpoint Security.
Period Client/sector Company size
01.07.2011 – 31.03.2012 Telekom Deutschland GmbH > 200,000 employees
Position
Sub-project management / set-up of a private cloud for the Deutsche Telekom Group
Responsibilities
Conceptualisation, integration and interconnection of several cloud infrastructure solutions. Harmonisation of the framework conditions and requirements for the strategic projects from an operational standpoint, with a focus on compliance with Group-wide operational standards. Hand-over of the platforms developed during the project in a stable operating condition.
Primary responsibilities
Products and standards
Period Client/sector Company size
07/2009 – 30.06.2011 T-Systems International (CZ, UK, NL) > 200,000 employees
Position
Security Architect, International Data centre consolidation
Responsibilities
Products and standards
Period Client/sector Company size
10/2008 - 06/2009 SIEMENS > 200,000 employees
Position
Sub-project Management Security
Responsibilities
Sub-project Manager for a SIEMENS carve out project as technical lead
Products and standards
Period Client/sector Company size
04/2008 - 09/2008 DHL > 200,000 employees
Position
Sub-project management Security
Responsibilities
Products and standards
Period Client/sector Company size
08/2007 - 03/2008 DEUTSCHE POST AG > 200,000 employees
Position
Security management auditor for DEUTSCHE POST Management Board
Responsibilities
Products and standards
Security:
Projektleitung und Teilprojektleitung
Juniper Firewalls / SSL VPN Gateway (SA und MAG)
Administration
PenTesting
Schwachstellenmanagement
BSI Grundschutz
Security Konzepte und Audits
PEN-Tests
Qualys
Nessus, OpenVAS, metasploit
Sicherheitshandbuch
Firewall (Juniper, Watchguard, Astaro, Linux), IDS, IPS
Spam, Monitoring (Nagios, Big Brother, Azeti), Content Security, Proxy Squid
DMZ, Reverse Proxy (Apache, ISA, Forefront Security)
N-Tier / Multi-Tier
Network Access Control (NAC)
Mobile Device Security
PKI
Multi Factor Authentication (RSA, Kobil, VASCO)
Watchguard Firewalls: Core, Peak, Edge
VPN Watchguard SSL Appliance 500 & 1000
Projektleitung / Teilprojektleitung:
Teamleitung
Prince2
Depict
Compass
V Modell
Microsoft Project
Cobit
Cloud Computing:
Konzeption
Technische Umsetzung
Anforderungsmanagement
DSI, SaaS, PaaS, IaaS
vCloud Director, Zimory, VMWare
Service Management / Prozesse:
ITIL Service Management
Prozesse (Design und Implementierung)
Einkauf / Vertragsmanagement / SLA / OLA
Providersteuerung
Netzwerk:
Projektleitung und Teilprojektleitung
Administration
WAN, MPLS, ATM, SDH
Routing und Switching (OSPF, RIP)
VPN / Remote LAN Access, SSL VPN
UMTS, LAN
Cisco, F5, Juniper, Riverbed
VoIP, Asterisk
Datenbanken:
MySQL
MSSQL
Linux:
Administration
SuSE, Redhat, Debian, CentOS
DNS mit Bind, DHCP, Squid, Apache, Samba, Cluster, iptables, Postfix, Sendmail, qmail, Proxy
Scalix, IMAP POP3 SMTP
Shellscript Programmierung
NFS
Microsoft Windows:
Administration
Windows Server
Active Directory (Planung/Aufbau/Installation/Administration)
Exchange 2007
Sharepoint MOS
IIS Webserver
Clusterlösungen
ISA
Cloud
Storagelösungen:
SAN
NAS
NFS
Authentifizierung
OTP Token
Radius Server
PKI
SSO (Single Sign On)
Telefonanlagen:
Siemens Hicom / Hipath
VoIP
Asterisk
Sonstige Produkte und Erfahrungen:
Virtualisierung (VMWare, XEN)
Aufbau Rechenzentrum / Datacenters
Webservices / Portallösungen
Cluster / Hochverfügbarkeitsumgebungen
Internationale Migrationsprojekte / Carve Out bei Großkunden
- Telco / Telekommunikation
- Logistik
- Immobilien
- Herstellung
- Multimedia
- Versicherung
Deployment as an Incident Manager following a hacking attack. Investigating vulnerabilities, sources of errors, and potential further attack vectors. Developing an enhanced emergency concept and backup strategy plan to mitigate future attacks. Planning and hardening additional system components with the operations team as technical security lead. Planning of PenTests and vulnerability management with Qualys.
Software Used:
- SQL
- Linux and Windows Server
- Cisco, WatchGuard
- Active Directory, DNS, DHCP, etc.
- QUALYS
- Bitdefender AV
Technical Project Manager for the Establishment of an External SOC/SIEM in the LBS Bank Group
- Selection and integration of the external SOC service provider
- Development of use cases
- Splunk SIEM Installation and integration / Forwarder Installation
- Creation of processes in the banking environment in accordance with BAIT requirements
- Technical development and adaptation of additional use cases
- Integration of bank-specific applications (OS Plus, bit-MaRisk, SAP, etc.)
- Integration of technical infrastructure (Active Directory, DNS, telecommunications, Sophos Antivirus, Cisco VPN, Citrix, etc.)
- Central point of contact for all IT security incidents
- Incident Manager for IT security incidents
- Evaluation/analysis of incoming SOC incidents with operations
- Further development of processes and use cases / technical design
- Provider management of the SOC service provider
- Development of incident response plans for emergency planning in emergency management and creation of playbooks for SOC/Operational Teams
- Improvement of operational security through regular meetings, reports, SLA Tracking etc., on the current SOC threat landscape
- Intensive collaboration with operational Teams as an interface to the SOC
- Improvement of processes in the area of penetration testing and vulnerability management
- Coordination, preparation, and follow-up of pen-test findings, Audit Findings and vulnerabilities
- Consulting on improving IT security strategy / best practices
- Evaluation / Consulting from new Security-Tools
- Member of the Bank emergency Board / Incident Management
- Development of a SIEM solution for the OT (Operational Technology) sector
- Current state analysis (IST Analysis)
- Technical planning and coordination
- Design of a SOC SIEM structure for OT systems
- Consolidation planning for multiple SIEM systems (international)
- Project Lead for the Part ?SPLUNK SIEM for OT?
Supporting the Global Defense Team as Security Analyst for Operational Technology (OT) networks with Qualys.
Analyse / Testing OT Components (S7, Roboter etc)
Supporting Stakeholder with Qualys
Supporting different projects
Onboard location (OT) into Qualys for Vulnerability scanning
Creating special Option Profiles (Lifecycle) for OT Components
Implement a Vulnerability Management for Operational Technology (OT) networks with Qualys as Pre-Project Lead for > 20 locations.
1) Analyse of current environment, technologies and Stakeholder.
2) Build up a project plan with Milestones, capacity planning, cost calculation
3) Kickoff the first locations and start onboarding
4) Create a Community with Stakeholders to create Option Profiles for OT
Period Client/sector Company size
01.04.2021 ?25.07.2021 SEPAGO > 200 employees
Position
Senior Security Expert
Responsibilities
Process implementation and customer onboarding for "SOC as a Service" (Security Operations Center).
Working as Security Expert / Incident Manager for the SOC, evaluation of existing processes.
Products:
AZURE, Microsoft Defender für Endpoint, Microsoft Defender ATP
Period Client/sector Company size
01.01.2016 – today AXA Group Operation > 100.000 employees
Position
01.01.2016: Senior Security Analyst & 01.11.2020: Vulnerability Management Expert
Responsibilities
Remediation and coordinating of Pen Test findings (global/local) and Audit tracking. Reporting of findings and incidents to AXA Management and solver departments. Coordination and supporting incoming requests to operational resolver groups and supporting them with security requirements according to AXA Security Guidelines and deep technical knowledge.
Regional Manager (Northern Europe Region) for DETACK epas (Enterprise Password Assessment), appliance administration incl. maintenance and central reporting for password quality reports.
Primary Tasks and responsibilities:
Security support for Sub-Tasks:
Tools:
Period Client/sector Company size
01.07.2015 – 31.12.2015 AXA Konzern AG > 100.000 employees
Position
Senior Security Analyst / Pen Test coordinator
Responsibilities
Pen Test coordination (internal application) and Group Reporting for the Group Pen Test Campaign 2015. Planning and setup Pen Tests with external providers, provider management and assessment of risks. Detailed preparation and debriefing with stakeholders and support with deep technical knowledge in the remediation phase. Perform lessons learned workshops after pen test activities. Preparation of Management escalations and Risk Letters for findings with high risk or high priority, communication from findings to SOC, external providers or to AXA Tech.
Qualys Guard vulnerability management:
Act as supporter for Pen testers with Qualys Guard Scans, Web application Scans and setup circular BlackBox Tests (incl. monitoring) for non critical AXA Web Applications
Period Client/sector Company size
01.10.2013 – 30.06.2015 AXA-Tech > 100.000 employees
Position
Senior Security Analyst / Vulnerability Management
Responsibilities
Global project supporting for Qualys Guard vulnerability management:
Establishment of a new Qualys Guard infrastructure and concept for circular vulnerability scans. Detailed breakdown from the complete AXA Germany and AXA Belgium Network with the restructuring from the existing appliance solution to a virtual environment. Rebuild new Qualys Assets and integrate new processes for deployment and vulnerability scans. Maintenance and central contact for the Qualys environment after the restructure.
Security support for Sub-Projects:
Reporting, tracking and remediation of vulnerabilities, system hardening and patch management
Period Client/sector Company size
01.01.2013 – 31.08.2013 Deutsche Annington Immobilien SE > 4.000 employees
(Heute: Vonovia)
Position
Senior Security Expert
Responsibilities
Establishment of security concepts and processes for the IPO (stock market launch), risk evaluation and coordination Pen Testing.
Products and standards:
Period Client/sector Company size
16.07.2012 – 31.12.2012 Deutsche Telekom AG (ICM, IKS) > 200.000 employees
Position
Senior Security Consultant Data privacy
Responsibilities
Supporting and revision of various EPR Projects (main task: Security/Privacy concepts and compliance, auditing the plausibility of concepts). Approver for authority of compliance and above concepts incl. the SoCs (Statement of Compliance) for Group-wide operational standards. Consulting for network security and infrastructure (security) solutions.
Period Client/sector Company size
01.06.2012 – 15.07.2012 various clients > 1.000 employees
Position
Cloud Strategy / Evaluation for various clients
Responsibilities
Consulting for various clients, evaluation of several cloud infrastructure solutions and IT Security. Consulting for Data Centre strategy and cost optimisation, conception of the effort and feasibility into a full managed service.
Period Client/sector Company size
01.04.2012 – 31.05.2012 SIEMENS ATOS > 200.000 employees
Position
Security Infrastructure coordinator
Responsibilities
Analyse of a large ICT infrastructure environment, reporting of missing ICT functions to the ATOS Board. Creating reports of Security Incident processes in the area MDS (Mobile Device Service) and Endpoint Security.
Period Client/sector Company size
01.07.2011 – 31.03.2012 Telekom Deutschland GmbH > 200,000 employees
Position
Sub-project management / set-up of a private cloud for the Deutsche Telekom Group
Responsibilities
Conceptualisation, integration and interconnection of several cloud infrastructure solutions. Harmonisation of the framework conditions and requirements for the strategic projects from an operational standpoint, with a focus on compliance with Group-wide operational standards. Hand-over of the platforms developed during the project in a stable operating condition.
Primary responsibilities
Products and standards
Period Client/sector Company size
07/2009 – 30.06.2011 T-Systems International (CZ, UK, NL) > 200,000 employees
Position
Security Architect, International Data centre consolidation
Responsibilities
Products and standards
Period Client/sector Company size
10/2008 - 06/2009 SIEMENS > 200,000 employees
Position
Sub-project Management Security
Responsibilities
Sub-project Manager for a SIEMENS carve out project as technical lead
Products and standards
Period Client/sector Company size
04/2008 - 09/2008 DHL > 200,000 employees
Position
Sub-project management Security
Responsibilities
Products and standards
Period Client/sector Company size
08/2007 - 03/2008 DEUTSCHE POST AG > 200,000 employees
Position
Security management auditor for DEUTSCHE POST Management Board
Responsibilities
Products and standards
Security:
Projektleitung und Teilprojektleitung
Juniper Firewalls / SSL VPN Gateway (SA und MAG)
Administration
PenTesting
Schwachstellenmanagement
BSI Grundschutz
Security Konzepte und Audits
PEN-Tests
Qualys
Nessus, OpenVAS, metasploit
Sicherheitshandbuch
Firewall (Juniper, Watchguard, Astaro, Linux), IDS, IPS
Spam, Monitoring (Nagios, Big Brother, Azeti), Content Security, Proxy Squid
DMZ, Reverse Proxy (Apache, ISA, Forefront Security)
N-Tier / Multi-Tier
Network Access Control (NAC)
Mobile Device Security
PKI
Multi Factor Authentication (RSA, Kobil, VASCO)
Watchguard Firewalls: Core, Peak, Edge
VPN Watchguard SSL Appliance 500 & 1000
Projektleitung / Teilprojektleitung:
Teamleitung
Prince2
Depict
Compass
V Modell
Microsoft Project
Cobit
Cloud Computing:
Konzeption
Technische Umsetzung
Anforderungsmanagement
DSI, SaaS, PaaS, IaaS
vCloud Director, Zimory, VMWare
Service Management / Prozesse:
ITIL Service Management
Prozesse (Design und Implementierung)
Einkauf / Vertragsmanagement / SLA / OLA
Providersteuerung
Netzwerk:
Projektleitung und Teilprojektleitung
Administration
WAN, MPLS, ATM, SDH
Routing und Switching (OSPF, RIP)
VPN / Remote LAN Access, SSL VPN
UMTS, LAN
Cisco, F5, Juniper, Riverbed
VoIP, Asterisk
Datenbanken:
MySQL
MSSQL
Linux:
Administration
SuSE, Redhat, Debian, CentOS
DNS mit Bind, DHCP, Squid, Apache, Samba, Cluster, iptables, Postfix, Sendmail, qmail, Proxy
Scalix, IMAP POP3 SMTP
Shellscript Programmierung
NFS
Microsoft Windows:
Administration
Windows Server
Active Directory (Planung/Aufbau/Installation/Administration)
Exchange 2007
Sharepoint MOS
IIS Webserver
Clusterlösungen
ISA
Cloud
Storagelösungen:
SAN
NAS
NFS
Authentifizierung
OTP Token
Radius Server
PKI
SSO (Single Sign On)
Telefonanlagen:
Siemens Hicom / Hipath
VoIP
Asterisk
Sonstige Produkte und Erfahrungen:
Virtualisierung (VMWare, XEN)
Aufbau Rechenzentrum / Datacenters
Webservices / Portallösungen
Cluster / Hochverfügbarkeitsumgebungen
Internationale Migrationsprojekte / Carve Out bei Großkunden
- Telco / Telekommunikation
- Logistik
- Immobilien
- Herstellung
- Multimedia
- Versicherung