ISO 2700x, KRITIS + Audits Informattionssicherheit/IT+OT-Security, KRITIS/Auditierung Penetration Tests IT-Systemprüfung, Governance + Compliance
Aktualisiert am 16.10.2024
Profil
Freiberufler / Selbstständiger
Remote-Arbeit
Verfügbar ab: 16.10.2024
Verfügbar zu: 100%
davon vor Ort: 50%
IT-Sicherheitsarchitektur
Penetrationstest
ISO 27001
Auditor
KRITIS
VPN
Firewall
IEC 62443
OT-Security
Internet of Things
ISMS
IT-Security
Penetrationstest
Informationssicherheit
Infrastruktur
Anforderungsanalyse
Vulnerability
Microsoft
Linux
Cloud
Mac
German
Muttersprache
English
Fortgeschritten

Einsatzorte

Einsatzorte

Hamburg (+50km) Kiel (+50km) Lübeck (+50km) Heide (+50km)
Deutschland

Remote - weltweit möglich.
Regional aktuell auf Hamburg, Schleswig-Holstein, Niedersachen und Mecklenburg Vorpommern beschränkt, basierend auf Relevanz, Dauer und Aufgabenhorizont.

möglich

Projekte

Projekte

10 Monate
2023-12 - heute

Ensuring compliance with the IT security catalog

IT-Manager
IT-Manager
  • Ensuring compliance with the IT security catalog in accordance with Section 11 (1a) of the Energy Industry Act
  • Securing critical infrastructures in accordance with BSIG Section 8a (KRITIS) in general
  • Ensuring the operation of an "attack detection system" (SzA) in accordance with EnWG and BSIG
  • Coordination of services and third-party companies that provide work and services for the operation maintenance and repair of the LNG terminals
  • responsible for the quality assurance, control and further development of the entire IT/OT and communication infrastructure
  • control and monitoring systems for the gas send-out of the FSRU, the high-pressure loading arms in the jetty pipeline and the gas transfer station, the commercial IT systems with an internet connection for rolling planning
  • responsible of systems for handling LNG cargos and the systems for onward transportation of natural gas as well as the commercial systems are also part of the area of responsibility
  • Managing all internal and external system services
LNG / Gas Energy Industry
1 Jahr
2023-10 - heute

Risk management for KRITIS relevant assets

CISO / ext ISB
CISO / ext ISB
  • Organization and implementation of the management review at regular intervals
  • Organization and execution of internal, external and certification audits as well as monitoring and continuation of the audit program, moderation and support
  • Delegation or own execution of activities within the ISMS (after consultation with with management)
  • Document management of the ISMS document collection, e.g. updating and control of new documents
  • Training of employees regarding information security
  • Implementation of measures (annex, findings, technical requirements according to BSI norms, BSI KritisV, IT-SiKat § 11 Absatz 1b EnWG, ISO 27001, ISO 27019, etc. ).
  • Implementation of regulatory requirements
  • Monitoring and consulting of the changing regulatory environment
Offshore Energy Industry
1 Jahr 11 Monate
2022-11 - heute

Military project

IT Security Engineer
IT Security Engineer
  • Establishment of an analysis of the technical and professional BSI (Federal Office of  Information Security) requirements and specification of the military security catalog for IT-Security
  • Implementation of measures for hardening systems and application according to DISA  STIGs, CIS, FBI, CIA, BSI, CERTBw, DEUmilSAA, NATO, NIST, and others guidelines
  • Establishment of an analysis of the network and their network requirements
  • Establishment of vulnerability remediation concepts for the network with focus to harden  network security components
  • Setting up the virtualized cluster server systems (virtualization platform Microsoft Hyper-V)  of new networks on Debian Linux
  • Configuration of Cisco firewalls using Ansible scripts
  • Execution of system tests and documentation
  • Elimination of errors according to previously created concepts
  • Creation of detailed technical documentation
  • Installation and configuration of Microsoft Windows 10/11 endpoints in Bare-Metal and  virtual environments (VMware ESXi & VMware Workstation) with secured hardened profiles  based on requirements
  • Installation and configuration of Red Hat Enterprise Linux server and maintainer terminals  with secured profiles according to OpenSCAP and DISA STIGs
  • Hardening of Red Hat Enterprise Linux Server and Workstations based on OpenSCAP and  DISA STIGs
  • Maintain and configuration of Red Hat Enterprise Linux Satellite Server, Foreman proxy and  Ansible playbooks and roles in a GIT controlled environment
  • Implementation secured configuration for HP switches
  • Configuration of secured profiles for ICS switches, type Belden Hirschmann BOBCAT and  MOXA switches
  • Hardening of BIOS / UEFI firmware
  • Providing multiple Information Security Awareness Trainings based of ISO 27001 and IEC  62443 for different team members and project members
  • White-box penetration tests (Nessus Pro and Metasploit with own developed scripts and  exploits), OWASP TOP 10 checks and vulnerability scans with Nessus Professional/Burp Suite Pro on IT/OT/ICS hardware              
Thales Deutschland - Kiel
2 Jahre 2 Monate
2022-08 - heute

Found and start a new business with the scope of all IT- and Security services

Founder / CEO
Founder / CEO

on Request
Boostedt
1 Jahr 2 Monate
2021-10 - 2022-11

Professional management

Senior OT Cyber Security Specialist Service
Senior OT Cyber Security Specialist Service
  • Professional management and responsibility for Global Cyber Security of a 4 FTE Cyber Security team in Service, Germany

  • Lead a virtual team and coordinate project activies i.e. ISO 27001 ISMS / IEC 62443

  • Stakeholder management according to compliance requirements and opportunities for improvement

  • Preparation for ISO/IEC recertification and ensure compliance with ISO/IEC standards and other Governmental/Legal regulations

  • Planning, implementation and further development of OT Cyber Security strategies for Security Incident and Event Management, Monitoring, Patch-/Update- and Vulnerability Management

  • Architecture and conception of network zones for implementation acc. IEC 62443 certification

  • Perform security assessment on Windows/Linux operating system, and VMware, Citrix and Microsoft Hyper-V environments

  • Investigate new and emerging security threats against internal/external Network Infrastructure and interconnected systems

  • Coordination, identification and analyses of Cyber Security incidents and development of countermeasures

  • Project management with the scope of different Information Security related Cloud- and Onpremise applications and systems

  • Implementation of ISO 27001/IEC 62443 policies, guidelines and processes

  • Development of processes, methods and tools to detect anomalies

  • Implementation and maintaining infrastructure with Cisco Firewalls, HP Aruba, Fortigate Firewalls/Switches, Sonicwall, Checkpoint and FireEye EX/NX/HX

  • Optimization of network segments and vWAN segments to/from Microsoft Azure into internal infrastructure areas

  • Performing Penetration Tests against IT / OT Infrastructure with the scope of Web application, databases, hardware and mobile devices

Nordex Energy SE & Co. KG, Hamburg
2 Jahre 10 Monate
2019-01 - 2021-10

Planning, implementation and further development of IT security systems

IT-Security Specialist & Information Security Officer
IT-Security Specialist & Information Security Officer
  • Planning, implementation and further development of IT security systems and operational mentoring systems (SIEM, SOC monitoring) and improvement of automatic reports

  • Standardization of network schemes/designs in the IT and OT wind energy sector

  • Lead a virtual team and coordinate project activies i.e. ISO 27001 ISMS / IEC 62443

  • Stakeholder management according to compliance requirements and opportunities for improvement

  • Preparation for ISO/IEC recertification and ensure compliance with ISO/IEC standards and other Governmental/Legal regulations

  • Design, modeling, implementation and documentation of information security management systems (ISMS management, guidelines, processes and procedures) according to ISO 27001, KRITIS and BSI Grundschutz

  • Coordination and analysis of incoming security incident reports

  • Establishment of a Computer Emergency Response Team and be first contact to IT related security incidents and Penetration tests

  • Project management with the scope of different Information Security related Cloud- and On-premise applications and systems

  • Implementation and coordination of security recommendations based on non-conformities in the area of LAN/WAN, SCADA, IT & OT Wind turbine systems and encryption

  • Design/modeling of IT security networks zones & systems including automated vulnerability analysis/scans

  • Management and administration of IT security systems to detect malware/ransomware and anomalies in network and web/mail traffic

  • Implementation and maintaining infrastructure with Cisco Firewalls, HP Aruba, Fortigate Firewalls/Switches, Sonicwall, Checkpoint and FireEye EX/NX/HX

  • Optimization of network segments and vWAN segments to/from Microsoft Azure into internal infrastructure areas

  • Establishment and execution of regular audits in the context of ISO 27001

  • Establishment of regular Microsoft Active Directory audits


Achievements:

  • Successful company certification according to ISO 27001 in 2019

  • Establishment of an extended security concept within the scope of IT security training courses

  • Project planning and implementation of penetration tests in the energy sector

  • Certification as TÜV Rheinland Information Security Officer (ISO)

  • Additional examination KRITIS topic of "Additional test procedure competence for § 8a BSIG" incl. IT-SIG and BSI-KritisV

Nordex SE, Hamburg
1 Jahr 2 Monate
2017-11 - 2018-12

Creation of process documentation

IT System Administrator
IT System Administrator
  • Creation of process documentation and documentation standards in IBM DOORS

  • Coordination of IT systems and their security requirements with internal and external customer projects

  • Administration and management of the VMware ESX server farm

  • Configuration of Juniper switches (EX4300/EX4550) and firewalls (SRX1500)

  • Installation and optimization of the Windows Active Directory DS infrastructure in customer projects

  • Administration and maintenance of existing Linux servers (Ubuntu/CentOS)

  • Administration of virtualization and deployment environment with CI/CD tool chains under the scope of Linux and Windows deployment servers in Enterprise environments

  • Hardening of Windows and Linux servers and application services

  • Implementation, documentation and testing of operating systems, networks, applications on technical equipment in the field of shipping (defense technology)

  • Planning and execution of penetration tests in customer projects

  • Implementation of vulnerability management, IT/live forensics, security information and event management (SIEM) and firewalling in customer projects

  • Creation of developmental product documents, requirements specifications and software documentation


Archievements:

  • Project support with adherence to deadline targets

  • Establish and improve virtualization & deployment processes including hardening parts and solutions in Military Marine projects

  • Execution of automated penetration tests to increase security in projects

Ratheon Anschütz GmbH, Kiel - Engineering
8 Monate
2017-03 - 2017-10

Global IT Infrastructure

System Engineer
System Engineer
  • 2nd/3rd Level Support

  • Infrastructure project management (project planning, design, implementation)

  • Administration and management of Cisco FirePower (IPS SIEM) and IronPort for e-mail security infrastructure (International wide)

  • Planning, preparation and implementation for VDA/TÜV and ISO 27001 certification

  • Administration and maintenance of Linux servers (RedHat, Ubuntu, Debian, Gentoo)

  • Administration and maintenance of the Shopfloor Management System (SFMS)

  • IT Security monitoring with Nagios/OMD - Check_MK

  • Configuration of Cisco routers, firewalls (ASA & IOS) and switches

  • Installation and optimization of the Active Directory environment

  • Administration of the VMware ESX server farm (based on HP Blade Center)

  • Design/administration and maintenance of the Symantec Backup EXE, Commvault and Veeam backup infrastructure (World Wide)

  • Ticket handling through OTRS / RT ticket system

  • Installation and administration of the MobileIron Mobile Device Management (MDM) global wide

  • Installation/administrate of the patch management environment for Operating systems and applications

  • Establish and developments for automated installation based on Windows Deployment System

  • Migration of Windows NT to next generation Windows Server 2008 R2 and 2012 R2

  • Process documentation and establishing documentation standards


Archievements:

  • Implementation of the security concepts, mobile device management system, patch management environment and automation of software and operating systems deployment

  • Accelerate further Cisco-based network structures in the LAN/WAN area


Motivation to change

Company should be sold to PSA group France. Decision was clear to enter a new path. My skill set and experience in IT security is needed in the market.

BRUSS Sealing Systems GmbH, Hoisdorf - Automotive supplier
11 Jahre 3 Monate
2006-01 - 2017-03

Technical and professional personnel management

Department Sergeant and System - & Network Engineer
Department Sergeant and System - & Network Engineer
  • Technical and professional personnel management leading employees up to 10-15 FTEs

  • Optimization of IT processes

  • Cost optimization, negotiation of contracts and vendor relationships

  • Reporting of budgeting in a quarterly review

  • Training of civilian, military and military service employees

  • Planning and contributing to hospital internal IT strategies and external sites

  • Main responsible for IT related material, hardware & software

  • Administration and maintenance of Microsoft Windows (NT 4.0 up to 2012 R2) and Linux based operating systems (RedHat, Debian, SuSE)

  • Administration and optimization of Microsoft Windows AD domains

  • Hardening of Windows and Linux server systems and applications according to BSI, CERTBundeswehr, Best Practices and NIST, as well as other internal guidelines to best practices

  • Configuration and maintenance of appliances like Cisco Firewalls (ASA, PIX), routers & switches, Enterasys Networks core switches and Checkpoint firewalls

  • Administration and optimization of Lotus Domino Server from version 4 to 8.5.3

  • Installation and administration of VMware ESX server farms

  • Responsibility to BCM acc. Backup and Recovery ArcServ Backup and IBM TSM

  • Configuration/administration and maintenance of the Symantec security environment, Sophos SafeGuard environment (UTM, Endpoint Protection, SafeGuard Easy)

  • Wi-Fi design and planning, installation and administration of the Cisco WLC environment to secure hospital networks

  • Creation of process documentation and documentation standards

  • Customer site visits (planning, troubleshooting and remediation)


Archievements

  • Implementation of security concepts to state-of-the-art security configurations and systems

  • Implementation of IT-Security training

  • Extensive experience on the Internet provider side (routing, switching) with support from external companies

  • Planning and implementation of the in-house telephone system to VOIP in cooperation with external service providers

  • Implementation of external properties and companies to the VPN network of the Federal Armed Forces Hospital Hamburg

  • Establishment of automation solutions for operating systems and applications

  • Establishment of an internal patch management system

  • Migration of all client systems from Microsoft Windows NT/2000/XP to latest Microsoft Windows 7/10

  • Establishment of a time recording system in cooperation with external service providers


Motivation to change

Time based contract of 12 years ended on March 1, 2017. IT and Security skills are in high demand in the private market economy; gaining new experience and overcoming challenges

Federal Armed Forces ? Military Hospital, own Datacenter, Hamburg
3 Monate
2001-07 - 2001-09

Design and programming of websites

Training IT system merchant and Information electronics technician
Training IT system merchant and Information electronics technician
  • Sales team member 

  • Design and programming of websites 

  • Installation, configuration of IT supported computer systems 

  • Installation and setup of TV based satellite connections 

  • Support of the in-house IT

Lorenzen Team, Regional specialized dealer for electronics
5 Monate
2001-03 - 2001-07

data order input department

IT-System Administrator
IT-System Administrator
  • Team member in the data order input department 

  • Entry of customer orders/cancellations into the inventory control system 

  • Checking of customer orders based on automated scripts 

  • Supporting in-house IT 


Motivation of change

Direct offer from a recruiting firm to prove yourself in a different role and start an apprenticeship in IT.

Markisen Spettmann GmbH, Neumünster
10 Monate
2000-05 - 2001-02

Military defense service

  • Military defense service for 10-month located in Roth/Bavaria and Kropp/Jagel, SchleswigHolstein, German

Federal Armed Forces, Germany
8 Monate
1999-09 - 2000-04

Sale of hardware and software

IT System Technician & Administrator
IT System Technician & Administrator
  • Up to 09/1999 Company named Comf@ctory, later renamed to Comsystem GmbH, Neumünster, Schleswig-Holstein, Germany 

  • Sale of hardware and software 

  • Setup, configuration and administration of heterogeneous networks 

  • Modifying/Conversion of consumer goods 

  • Installation and modification of electronic components in various devices   


Motivation to change

Federal Republic of Germany drafts me into 10-month military service.

Comf@ctory GmbH
Neumünster

Aus- und Weiterbildung

Aus- und Weiterbildung

2 Jahre 10 Monate
2002-09 - 2005-06

Ausbildung zum Fachinformatiker

Grade: 3, Hard- & Softwarelösungen B. Pommerening, Neumünster und Stadtwerke Kiel AG, Kie
Grade: 3
Hard- & Softwarelösungen B. Pommerening, Neumünster und Stadtwerke Kiel AG, Kie
  • IT Specialist System integration 
  • Focus areas: System analytics / planning / cost optimization 
  • Network Administration for the Energy Control Systems 
  • Planning, Installation and administration of Network-Attached-Storage environments 
  • First- und Second-Level Support Helpdesk 
2 Jahre 10 Monate
2002-09 - 2005-06

Specialized High School ? Economy

Termination due to support my freelancer career, Theodor-Litt-Schule Neumünster
Termination due to support my freelancer career
Theodor-Litt-Schule Neumünster
1 Jahr 11 Monate
1996-08 - 1998-06

Berufliche Schulen Rendsburg ? Wirtschaft und Sozialwirtschaft

Secondary school diploma in Economy / Grade: 2, Theodor-Litt-Schule Neumünster, Two-year business school (Economy)
Secondary school diploma in Economy / Grade: 2
Theodor-Litt-Schule Neumünster, Two-year business school (Economy)
1 Monat
1996-06 - 1996-06

Hauptschule

Grade: 2, Klaus-Groth-Schule, Büdelsdorf
Grade: 2
Klaus-Groth-Schule, Büdelsdorf

Kompetenzen

Kompetenzen

Top-Skills

IT-Sicherheitsarchitektur Penetrationstest ISO 27001 Auditor KRITIS VPN Firewall IEC 62443 OT-Security Internet of Things ISMS IT-Security Penetrationstest Informationssicherheit Infrastruktur Anforderungsanalyse Vulnerability Microsoft Linux Cloud Mac

Schwerpunkte

Interim CISO / CIO
Information Security Management Systems
Penetration Tests including Vulnerability Management
Strategy and standardization IT infrastructure
IT-Infrastructure architecture
Network architecture
Datacenter architecture
Identity and Access Management
Backup- and Disaster Recovery
Personal- and organizational planning datacenter operations

Produkte / Standards / Erfahrungen / Methoden

Profil:

Technical expert with experience over 20 years in IT/OT/Cyber Security, a comprehensive knowledge of Computer Information System Security, System Administration and Network Operations, and Datacenter Operations. Extensive knowledge in the areas of system security, vulnerability scanning, penetration testing, risk assessment and cyber security analysis. Experienced in leadership management over 10 years with a team up to 25 members, project coordination and system implementation of Government systems, telecommunication and larger computer networks. Security clearance (German Ü2/Ü3) is possible, if needed. Highly organized team player with the ability to effectively manage project milestones and project delivery. International work and leadership experience.


Virtualization

Microsoft Hyper-V and Microsoft Terminal Server solutions, VirtualBox, VMware ESXi, VMware Horizen, VMware Workstation, Parallels Desktop, VDI, Citrix Hypervisor, QEMU and Proxmox


LAMP System

Linux, Apache, MySQL/MariaDB, PHP


Development

Bash Scripting, Basic, Delphi, Pascal, C++, HTML with PHP and CSS, JavaScript, Hudson/ Jenkins/ Puppet/ Chef/ Ansible/ Vagrant/ Chocolate Git/ Tortoise SVN


Cloud

Amazon AWS/MWS, Google Workspace/GCP, Microsoft Azure, Hetzner


Scripting

Bash, Batch, Python, Ruby, AutoIT, VBS, Powershell


Mailing

sendmail, postfix, AmaViS, SpamAssasin, clamAV, policy-weight, sqlgrey Exchange 5.5 / 2000 / 2003 / 2007 / 2010 / 2013 / 2016


Web Servers

Apache, Nginx, Microsoft IIS, Varnish, Lighttpd Plesk, ISPConfig, Webmin


Cryptographic

Microsoft PKI, easyCA, GnuPG, PGP and S/MIME


VPN

Cisco VPN Anyconnect, OpenVPN, WireGuard, FortiNet VPN


Else

Active Directory, DNS, FileServices, WSUS, WDS, SCCM, SCOM, Radius, RRAS, OpenLDAP, , IPtables, BIND9, ProFTPd, Nagios (OMD+Check_MK), Squid2+3, TFTP/PXE, DHCPd, dnsmasq, Asterisk, Plesk, Shopfloor Management Systems (SFMS), Hospital Information Systems (KIS), Laboratory Information Systems (LIS/LIMS), Radiology Information System (RIS), Mikrotik RouterBoard, nmap, tcpdump, Whireshark, SELinux, Graylog, Sysprep, i-doit, cmdb, Docusnap, Secunia CSI, MobileIron MDM, JDisc, Netflow, OwnCloud, and a lot more.


Penetration Tester / Ethical Hacker

  • Penetration Test (Art): Networks, Applications, Operating Systems, Mobile, Web & Wireless
  • Vulnerability scanning: automatic or manual triggered
  • Bugs hunting: Reverse engineering & code review
  • Applications: Knowledge about Linux distributions, Open source & commercial applications, Frameworks


Environments:

  • > 14.000 User
  • > 2.500 Applications
  • high complexity
  • very high security standards / requirements
  • worldwide connected locations


Architecture:

  • Network LAN and WAN
  • Datacenter
  • Identity and Access Management
  • Cloud Infrastructures (Microsoft Azure, Google Cloud Platform and Amazon AWS/MWS)
  • Infrastructure setups with other Cloud providers like Strato, Hetzner, Telekom, and others
  • ISMS implementation for ISO 27001 needs  


Security:

  • Network Security based on firewall designs and -implementing for high security needs,
  • SIEM: Splunk Enterprise, LogRythm and IBM QRadar
  • Web Application Firewalls (Palo Alto, FortiWeb, Azure WAF, ?)
  • FireEye EX (E-Mail), NX (Network) and HX (Host) security
  • Cisco, Sonicwall and Checkpoint Firewalls
  • Squid Proxy (2, 3), FortiGate Proxy, HAproxy
  • Wireshark, tshark, 

 

Firewall:

Cisco ASA, FortiGate, CheckPoint, WatchGuard, SonicWall, Ubiquiti, IPtables and other   


Monitoring:

Paessler PRTG, OMD, Nagios, Check_MK, NetFlow, Icinga, Zabbix, Prometheus, Microsoft SCOM  


Penetration Testing:

Network, Applications, Operating System, Mobile, Web- & Wireless testing plus vulnerability research  


Vulnerability scanning:

Greenbone GSA / OpenVAS, Tenable Nessus Pro/Expert, Burp Suite Pro, Metasploit, Nmap, Acunetix, HCL AppScan, Qualys VMDR, GFI Languard and a lot more 


Automation:

Hudson, Jenkins, Puppet, Chef, Ansible, Vagrant, Chocolate, Bash, PowerShell, Git/Tortoise SVN, Microsoft SCCM, Microsoft Intune/Autopilot, Microsoft Windows Deployment Services, Secunia CSI, Sysprep, WSUS, Microsoft SCOM, Microsoft Intune


DNS:

external DNS servers, BIND9, dnsmasq


VPN/Remote:

Cisco Anyconnect, Forticlient, OpenVPN/WireGuard, IPsec, Microsoft RRAS 


Voice/Mobile:

Asterisk, VOIP, MobileIron MDM, BlackBerry Server, Cisco Jabber


Documentation:

Omnitracker, i-Doit, CMDB, Docusnap, JDisc 


Others:

  • Shopfloor Management Systems (SFMS)
  • Laboratory Information Systems (LIS/LIMS)
  • Radiology Information System (RIS)
  • Hospital Information Systems (KIS)
  • OpenLDAP
  • Radius Servers
  • Mikrotik Routerboards 


Praktika

1994 - 1994

Role: Schülerpraktikum

Customer: Ing. Büro M. Karp, Königs Wusterhausen


Tasks:

  • Learning area Office technology
  • Installation of SAT-Communications facilities
  • Installation and configuration of Office computers with Microsoft Windows 3.x
  • Installation and configuration of Computer networks with Microsoft Windows 3.x

Betriebssysteme

Apple Mac OS X
Linux
Red Hat, CentOS, Debian, SuSE Linux, Ubuntu, Mint, Gentoo
Microsoft Server
starts with NT / 2000 up to current Server 2022
Microsoft Windows
3.x / 9.x up to Windows 11
Unix
HP UX / Solaris
SELinux variants

Datenbanken

MySQL
MariaDB
Microsoft MSSQL
PostgreSQL
IBM Rational DOORS
Graylog

Branchen

Branchen

  • Automotive
  • Militär
  • Behörden
  • Energiewirtschaft
  • Gesundheit
  • Musik / Record
  • Finanzen

Einsatzorte

Einsatzorte

Hamburg (+50km) Kiel (+50km) Lübeck (+50km) Heide (+50km)
Deutschland

Remote - weltweit möglich.
Regional aktuell auf Hamburg, Schleswig-Holstein, Niedersachen und Mecklenburg Vorpommern beschränkt, basierend auf Relevanz, Dauer und Aufgabenhorizont.

möglich

Projekte

Projekte

10 Monate
2023-12 - heute

Ensuring compliance with the IT security catalog

IT-Manager
IT-Manager
  • Ensuring compliance with the IT security catalog in accordance with Section 11 (1a) of the Energy Industry Act
  • Securing critical infrastructures in accordance with BSIG Section 8a (KRITIS) in general
  • Ensuring the operation of an "attack detection system" (SzA) in accordance with EnWG and BSIG
  • Coordination of services and third-party companies that provide work and services for the operation maintenance and repair of the LNG terminals
  • responsible for the quality assurance, control and further development of the entire IT/OT and communication infrastructure
  • control and monitoring systems for the gas send-out of the FSRU, the high-pressure loading arms in the jetty pipeline and the gas transfer station, the commercial IT systems with an internet connection for rolling planning
  • responsible of systems for handling LNG cargos and the systems for onward transportation of natural gas as well as the commercial systems are also part of the area of responsibility
  • Managing all internal and external system services
LNG / Gas Energy Industry
1 Jahr
2023-10 - heute

Risk management for KRITIS relevant assets

CISO / ext ISB
CISO / ext ISB
  • Organization and implementation of the management review at regular intervals
  • Organization and execution of internal, external and certification audits as well as monitoring and continuation of the audit program, moderation and support
  • Delegation or own execution of activities within the ISMS (after consultation with with management)
  • Document management of the ISMS document collection, e.g. updating and control of new documents
  • Training of employees regarding information security
  • Implementation of measures (annex, findings, technical requirements according to BSI norms, BSI KritisV, IT-SiKat § 11 Absatz 1b EnWG, ISO 27001, ISO 27019, etc. ).
  • Implementation of regulatory requirements
  • Monitoring and consulting of the changing regulatory environment
Offshore Energy Industry
1 Jahr 11 Monate
2022-11 - heute

Military project

IT Security Engineer
IT Security Engineer
  • Establishment of an analysis of the technical and professional BSI (Federal Office of  Information Security) requirements and specification of the military security catalog for IT-Security
  • Implementation of measures for hardening systems and application according to DISA  STIGs, CIS, FBI, CIA, BSI, CERTBw, DEUmilSAA, NATO, NIST, and others guidelines
  • Establishment of an analysis of the network and their network requirements
  • Establishment of vulnerability remediation concepts for the network with focus to harden  network security components
  • Setting up the virtualized cluster server systems (virtualization platform Microsoft Hyper-V)  of new networks on Debian Linux
  • Configuration of Cisco firewalls using Ansible scripts
  • Execution of system tests and documentation
  • Elimination of errors according to previously created concepts
  • Creation of detailed technical documentation
  • Installation and configuration of Microsoft Windows 10/11 endpoints in Bare-Metal and  virtual environments (VMware ESXi & VMware Workstation) with secured hardened profiles  based on requirements
  • Installation and configuration of Red Hat Enterprise Linux server and maintainer terminals  with secured profiles according to OpenSCAP and DISA STIGs
  • Hardening of Red Hat Enterprise Linux Server and Workstations based on OpenSCAP and  DISA STIGs
  • Maintain and configuration of Red Hat Enterprise Linux Satellite Server, Foreman proxy and  Ansible playbooks and roles in a GIT controlled environment
  • Implementation secured configuration for HP switches
  • Configuration of secured profiles for ICS switches, type Belden Hirschmann BOBCAT and  MOXA switches
  • Hardening of BIOS / UEFI firmware
  • Providing multiple Information Security Awareness Trainings based of ISO 27001 and IEC  62443 for different team members and project members
  • White-box penetration tests (Nessus Pro and Metasploit with own developed scripts and  exploits), OWASP TOP 10 checks and vulnerability scans with Nessus Professional/Burp Suite Pro on IT/OT/ICS hardware              
Thales Deutschland - Kiel
2 Jahre 2 Monate
2022-08 - heute

Found and start a new business with the scope of all IT- and Security services

Founder / CEO
Founder / CEO

on Request
Boostedt
1 Jahr 2 Monate
2021-10 - 2022-11

Professional management

Senior OT Cyber Security Specialist Service
Senior OT Cyber Security Specialist Service
  • Professional management and responsibility for Global Cyber Security of a 4 FTE Cyber Security team in Service, Germany

  • Lead a virtual team and coordinate project activies i.e. ISO 27001 ISMS / IEC 62443

  • Stakeholder management according to compliance requirements and opportunities for improvement

  • Preparation for ISO/IEC recertification and ensure compliance with ISO/IEC standards and other Governmental/Legal regulations

  • Planning, implementation and further development of OT Cyber Security strategies for Security Incident and Event Management, Monitoring, Patch-/Update- and Vulnerability Management

  • Architecture and conception of network zones for implementation acc. IEC 62443 certification

  • Perform security assessment on Windows/Linux operating system, and VMware, Citrix and Microsoft Hyper-V environments

  • Investigate new and emerging security threats against internal/external Network Infrastructure and interconnected systems

  • Coordination, identification and analyses of Cyber Security incidents and development of countermeasures

  • Project management with the scope of different Information Security related Cloud- and Onpremise applications and systems

  • Implementation of ISO 27001/IEC 62443 policies, guidelines and processes

  • Development of processes, methods and tools to detect anomalies

  • Implementation and maintaining infrastructure with Cisco Firewalls, HP Aruba, Fortigate Firewalls/Switches, Sonicwall, Checkpoint and FireEye EX/NX/HX

  • Optimization of network segments and vWAN segments to/from Microsoft Azure into internal infrastructure areas

  • Performing Penetration Tests against IT / OT Infrastructure with the scope of Web application, databases, hardware and mobile devices

Nordex Energy SE & Co. KG, Hamburg
2 Jahre 10 Monate
2019-01 - 2021-10

Planning, implementation and further development of IT security systems

IT-Security Specialist & Information Security Officer
IT-Security Specialist & Information Security Officer
  • Planning, implementation and further development of IT security systems and operational mentoring systems (SIEM, SOC monitoring) and improvement of automatic reports

  • Standardization of network schemes/designs in the IT and OT wind energy sector

  • Lead a virtual team and coordinate project activies i.e. ISO 27001 ISMS / IEC 62443

  • Stakeholder management according to compliance requirements and opportunities for improvement

  • Preparation for ISO/IEC recertification and ensure compliance with ISO/IEC standards and other Governmental/Legal regulations

  • Design, modeling, implementation and documentation of information security management systems (ISMS management, guidelines, processes and procedures) according to ISO 27001, KRITIS and BSI Grundschutz

  • Coordination and analysis of incoming security incident reports

  • Establishment of a Computer Emergency Response Team and be first contact to IT related security incidents and Penetration tests

  • Project management with the scope of different Information Security related Cloud- and On-premise applications and systems

  • Implementation and coordination of security recommendations based on non-conformities in the area of LAN/WAN, SCADA, IT & OT Wind turbine systems and encryption

  • Design/modeling of IT security networks zones & systems including automated vulnerability analysis/scans

  • Management and administration of IT security systems to detect malware/ransomware and anomalies in network and web/mail traffic

  • Implementation and maintaining infrastructure with Cisco Firewalls, HP Aruba, Fortigate Firewalls/Switches, Sonicwall, Checkpoint and FireEye EX/NX/HX

  • Optimization of network segments and vWAN segments to/from Microsoft Azure into internal infrastructure areas

  • Establishment and execution of regular audits in the context of ISO 27001

  • Establishment of regular Microsoft Active Directory audits


Achievements:

  • Successful company certification according to ISO 27001 in 2019

  • Establishment of an extended security concept within the scope of IT security training courses

  • Project planning and implementation of penetration tests in the energy sector

  • Certification as TÜV Rheinland Information Security Officer (ISO)

  • Additional examination KRITIS topic of "Additional test procedure competence for § 8a BSIG" incl. IT-SIG and BSI-KritisV

Nordex SE, Hamburg
1 Jahr 2 Monate
2017-11 - 2018-12

Creation of process documentation

IT System Administrator
IT System Administrator
  • Creation of process documentation and documentation standards in IBM DOORS

  • Coordination of IT systems and their security requirements with internal and external customer projects

  • Administration and management of the VMware ESX server farm

  • Configuration of Juniper switches (EX4300/EX4550) and firewalls (SRX1500)

  • Installation and optimization of the Windows Active Directory DS infrastructure in customer projects

  • Administration and maintenance of existing Linux servers (Ubuntu/CentOS)

  • Administration of virtualization and deployment environment with CI/CD tool chains under the scope of Linux and Windows deployment servers in Enterprise environments

  • Hardening of Windows and Linux servers and application services

  • Implementation, documentation and testing of operating systems, networks, applications on technical equipment in the field of shipping (defense technology)

  • Planning and execution of penetration tests in customer projects

  • Implementation of vulnerability management, IT/live forensics, security information and event management (SIEM) and firewalling in customer projects

  • Creation of developmental product documents, requirements specifications and software documentation


Archievements:

  • Project support with adherence to deadline targets

  • Establish and improve virtualization & deployment processes including hardening parts and solutions in Military Marine projects

  • Execution of automated penetration tests to increase security in projects

Ratheon Anschütz GmbH, Kiel - Engineering
8 Monate
2017-03 - 2017-10

Global IT Infrastructure

System Engineer
System Engineer
  • 2nd/3rd Level Support

  • Infrastructure project management (project planning, design, implementation)

  • Administration and management of Cisco FirePower (IPS SIEM) and IronPort for e-mail security infrastructure (International wide)

  • Planning, preparation and implementation for VDA/TÜV and ISO 27001 certification

  • Administration and maintenance of Linux servers (RedHat, Ubuntu, Debian, Gentoo)

  • Administration and maintenance of the Shopfloor Management System (SFMS)

  • IT Security monitoring with Nagios/OMD - Check_MK

  • Configuration of Cisco routers, firewalls (ASA & IOS) and switches

  • Installation and optimization of the Active Directory environment

  • Administration of the VMware ESX server farm (based on HP Blade Center)

  • Design/administration and maintenance of the Symantec Backup EXE, Commvault and Veeam backup infrastructure (World Wide)

  • Ticket handling through OTRS / RT ticket system

  • Installation and administration of the MobileIron Mobile Device Management (MDM) global wide

  • Installation/administrate of the patch management environment for Operating systems and applications

  • Establish and developments for automated installation based on Windows Deployment System

  • Migration of Windows NT to next generation Windows Server 2008 R2 and 2012 R2

  • Process documentation and establishing documentation standards


Archievements:

  • Implementation of the security concepts, mobile device management system, patch management environment and automation of software and operating systems deployment

  • Accelerate further Cisco-based network structures in the LAN/WAN area


Motivation to change

Company should be sold to PSA group France. Decision was clear to enter a new path. My skill set and experience in IT security is needed in the market.

BRUSS Sealing Systems GmbH, Hoisdorf - Automotive supplier
11 Jahre 3 Monate
2006-01 - 2017-03

Technical and professional personnel management

Department Sergeant and System - & Network Engineer
Department Sergeant and System - & Network Engineer
  • Technical and professional personnel management leading employees up to 10-15 FTEs

  • Optimization of IT processes

  • Cost optimization, negotiation of contracts and vendor relationships

  • Reporting of budgeting in a quarterly review

  • Training of civilian, military and military service employees

  • Planning and contributing to hospital internal IT strategies and external sites

  • Main responsible for IT related material, hardware & software

  • Administration and maintenance of Microsoft Windows (NT 4.0 up to 2012 R2) and Linux based operating systems (RedHat, Debian, SuSE)

  • Administration and optimization of Microsoft Windows AD domains

  • Hardening of Windows and Linux server systems and applications according to BSI, CERTBundeswehr, Best Practices and NIST, as well as other internal guidelines to best practices

  • Configuration and maintenance of appliances like Cisco Firewalls (ASA, PIX), routers & switches, Enterasys Networks core switches and Checkpoint firewalls

  • Administration and optimization of Lotus Domino Server from version 4 to 8.5.3

  • Installation and administration of VMware ESX server farms

  • Responsibility to BCM acc. Backup and Recovery ArcServ Backup and IBM TSM

  • Configuration/administration and maintenance of the Symantec security environment, Sophos SafeGuard environment (UTM, Endpoint Protection, SafeGuard Easy)

  • Wi-Fi design and planning, installation and administration of the Cisco WLC environment to secure hospital networks

  • Creation of process documentation and documentation standards

  • Customer site visits (planning, troubleshooting and remediation)


Archievements

  • Implementation of security concepts to state-of-the-art security configurations and systems

  • Implementation of IT-Security training

  • Extensive experience on the Internet provider side (routing, switching) with support from external companies

  • Planning and implementation of the in-house telephone system to VOIP in cooperation with external service providers

  • Implementation of external properties and companies to the VPN network of the Federal Armed Forces Hospital Hamburg

  • Establishment of automation solutions for operating systems and applications

  • Establishment of an internal patch management system

  • Migration of all client systems from Microsoft Windows NT/2000/XP to latest Microsoft Windows 7/10

  • Establishment of a time recording system in cooperation with external service providers


Motivation to change

Time based contract of 12 years ended on March 1, 2017. IT and Security skills are in high demand in the private market economy; gaining new experience and overcoming challenges

Federal Armed Forces ? Military Hospital, own Datacenter, Hamburg
3 Monate
2001-07 - 2001-09

Design and programming of websites

Training IT system merchant and Information electronics technician
Training IT system merchant and Information electronics technician
  • Sales team member 

  • Design and programming of websites 

  • Installation, configuration of IT supported computer systems 

  • Installation and setup of TV based satellite connections 

  • Support of the in-house IT

Lorenzen Team, Regional specialized dealer for electronics
5 Monate
2001-03 - 2001-07

data order input department

IT-System Administrator
IT-System Administrator
  • Team member in the data order input department 

  • Entry of customer orders/cancellations into the inventory control system 

  • Checking of customer orders based on automated scripts 

  • Supporting in-house IT 


Motivation of change

Direct offer from a recruiting firm to prove yourself in a different role and start an apprenticeship in IT.

Markisen Spettmann GmbH, Neumünster
10 Monate
2000-05 - 2001-02

Military defense service

  • Military defense service for 10-month located in Roth/Bavaria and Kropp/Jagel, SchleswigHolstein, German

Federal Armed Forces, Germany
8 Monate
1999-09 - 2000-04

Sale of hardware and software

IT System Technician & Administrator
IT System Technician & Administrator
  • Up to 09/1999 Company named Comf@ctory, later renamed to Comsystem GmbH, Neumünster, Schleswig-Holstein, Germany 

  • Sale of hardware and software 

  • Setup, configuration and administration of heterogeneous networks 

  • Modifying/Conversion of consumer goods 

  • Installation and modification of electronic components in various devices   


Motivation to change

Federal Republic of Germany drafts me into 10-month military service.

Comf@ctory GmbH
Neumünster

Aus- und Weiterbildung

Aus- und Weiterbildung

2 Jahre 10 Monate
2002-09 - 2005-06

Ausbildung zum Fachinformatiker

Grade: 3, Hard- & Softwarelösungen B. Pommerening, Neumünster und Stadtwerke Kiel AG, Kie
Grade: 3
Hard- & Softwarelösungen B. Pommerening, Neumünster und Stadtwerke Kiel AG, Kie
  • IT Specialist System integration 
  • Focus areas: System analytics / planning / cost optimization 
  • Network Administration for the Energy Control Systems 
  • Planning, Installation and administration of Network-Attached-Storage environments 
  • First- und Second-Level Support Helpdesk 
2 Jahre 10 Monate
2002-09 - 2005-06

Specialized High School ? Economy

Termination due to support my freelancer career, Theodor-Litt-Schule Neumünster
Termination due to support my freelancer career
Theodor-Litt-Schule Neumünster
1 Jahr 11 Monate
1996-08 - 1998-06

Berufliche Schulen Rendsburg ? Wirtschaft und Sozialwirtschaft

Secondary school diploma in Economy / Grade: 2, Theodor-Litt-Schule Neumünster, Two-year business school (Economy)
Secondary school diploma in Economy / Grade: 2
Theodor-Litt-Schule Neumünster, Two-year business school (Economy)
1 Monat
1996-06 - 1996-06

Hauptschule

Grade: 2, Klaus-Groth-Schule, Büdelsdorf
Grade: 2
Klaus-Groth-Schule, Büdelsdorf

Kompetenzen

Kompetenzen

Top-Skills

IT-Sicherheitsarchitektur Penetrationstest ISO 27001 Auditor KRITIS VPN Firewall IEC 62443 OT-Security Internet of Things ISMS IT-Security Penetrationstest Informationssicherheit Infrastruktur Anforderungsanalyse Vulnerability Microsoft Linux Cloud Mac

Schwerpunkte

Interim CISO / CIO
Information Security Management Systems
Penetration Tests including Vulnerability Management
Strategy and standardization IT infrastructure
IT-Infrastructure architecture
Network architecture
Datacenter architecture
Identity and Access Management
Backup- and Disaster Recovery
Personal- and organizational planning datacenter operations

Produkte / Standards / Erfahrungen / Methoden

Profil:

Technical expert with experience over 20 years in IT/OT/Cyber Security, a comprehensive knowledge of Computer Information System Security, System Administration and Network Operations, and Datacenter Operations. Extensive knowledge in the areas of system security, vulnerability scanning, penetration testing, risk assessment and cyber security analysis. Experienced in leadership management over 10 years with a team up to 25 members, project coordination and system implementation of Government systems, telecommunication and larger computer networks. Security clearance (German Ü2/Ü3) is possible, if needed. Highly organized team player with the ability to effectively manage project milestones and project delivery. International work and leadership experience.


Virtualization

Microsoft Hyper-V and Microsoft Terminal Server solutions, VirtualBox, VMware ESXi, VMware Horizen, VMware Workstation, Parallels Desktop, VDI, Citrix Hypervisor, QEMU and Proxmox


LAMP System

Linux, Apache, MySQL/MariaDB, PHP


Development

Bash Scripting, Basic, Delphi, Pascal, C++, HTML with PHP and CSS, JavaScript, Hudson/ Jenkins/ Puppet/ Chef/ Ansible/ Vagrant/ Chocolate Git/ Tortoise SVN


Cloud

Amazon AWS/MWS, Google Workspace/GCP, Microsoft Azure, Hetzner


Scripting

Bash, Batch, Python, Ruby, AutoIT, VBS, Powershell


Mailing

sendmail, postfix, AmaViS, SpamAssasin, clamAV, policy-weight, sqlgrey Exchange 5.5 / 2000 / 2003 / 2007 / 2010 / 2013 / 2016


Web Servers

Apache, Nginx, Microsoft IIS, Varnish, Lighttpd Plesk, ISPConfig, Webmin


Cryptographic

Microsoft PKI, easyCA, GnuPG, PGP and S/MIME


VPN

Cisco VPN Anyconnect, OpenVPN, WireGuard, FortiNet VPN


Else

Active Directory, DNS, FileServices, WSUS, WDS, SCCM, SCOM, Radius, RRAS, OpenLDAP, , IPtables, BIND9, ProFTPd, Nagios (OMD+Check_MK), Squid2+3, TFTP/PXE, DHCPd, dnsmasq, Asterisk, Plesk, Shopfloor Management Systems (SFMS), Hospital Information Systems (KIS), Laboratory Information Systems (LIS/LIMS), Radiology Information System (RIS), Mikrotik RouterBoard, nmap, tcpdump, Whireshark, SELinux, Graylog, Sysprep, i-doit, cmdb, Docusnap, Secunia CSI, MobileIron MDM, JDisc, Netflow, OwnCloud, and a lot more.


Penetration Tester / Ethical Hacker

  • Penetration Test (Art): Networks, Applications, Operating Systems, Mobile, Web & Wireless
  • Vulnerability scanning: automatic or manual triggered
  • Bugs hunting: Reverse engineering & code review
  • Applications: Knowledge about Linux distributions, Open source & commercial applications, Frameworks


Environments:

  • > 14.000 User
  • > 2.500 Applications
  • high complexity
  • very high security standards / requirements
  • worldwide connected locations


Architecture:

  • Network LAN and WAN
  • Datacenter
  • Identity and Access Management
  • Cloud Infrastructures (Microsoft Azure, Google Cloud Platform and Amazon AWS/MWS)
  • Infrastructure setups with other Cloud providers like Strato, Hetzner, Telekom, and others
  • ISMS implementation for ISO 27001 needs  


Security:

  • Network Security based on firewall designs and -implementing for high security needs,
  • SIEM: Splunk Enterprise, LogRythm and IBM QRadar
  • Web Application Firewalls (Palo Alto, FortiWeb, Azure WAF, ?)
  • FireEye EX (E-Mail), NX (Network) and HX (Host) security
  • Cisco, Sonicwall and Checkpoint Firewalls
  • Squid Proxy (2, 3), FortiGate Proxy, HAproxy
  • Wireshark, tshark, 

 

Firewall:

Cisco ASA, FortiGate, CheckPoint, WatchGuard, SonicWall, Ubiquiti, IPtables and other   


Monitoring:

Paessler PRTG, OMD, Nagios, Check_MK, NetFlow, Icinga, Zabbix, Prometheus, Microsoft SCOM  


Penetration Testing:

Network, Applications, Operating System, Mobile, Web- & Wireless testing plus vulnerability research  


Vulnerability scanning:

Greenbone GSA / OpenVAS, Tenable Nessus Pro/Expert, Burp Suite Pro, Metasploit, Nmap, Acunetix, HCL AppScan, Qualys VMDR, GFI Languard and a lot more 


Automation:

Hudson, Jenkins, Puppet, Chef, Ansible, Vagrant, Chocolate, Bash, PowerShell, Git/Tortoise SVN, Microsoft SCCM, Microsoft Intune/Autopilot, Microsoft Windows Deployment Services, Secunia CSI, Sysprep, WSUS, Microsoft SCOM, Microsoft Intune


DNS:

external DNS servers, BIND9, dnsmasq


VPN/Remote:

Cisco Anyconnect, Forticlient, OpenVPN/WireGuard, IPsec, Microsoft RRAS 


Voice/Mobile:

Asterisk, VOIP, MobileIron MDM, BlackBerry Server, Cisco Jabber


Documentation:

Omnitracker, i-Doit, CMDB, Docusnap, JDisc 


Others:

  • Shopfloor Management Systems (SFMS)
  • Laboratory Information Systems (LIS/LIMS)
  • Radiology Information System (RIS)
  • Hospital Information Systems (KIS)
  • OpenLDAP
  • Radius Servers
  • Mikrotik Routerboards 


Praktika

1994 - 1994

Role: Schülerpraktikum

Customer: Ing. Büro M. Karp, Königs Wusterhausen


Tasks:

  • Learning area Office technology
  • Installation of SAT-Communications facilities
  • Installation and configuration of Office computers with Microsoft Windows 3.x
  • Installation and configuration of Computer networks with Microsoft Windows 3.x

Betriebssysteme

Apple Mac OS X
Linux
Red Hat, CentOS, Debian, SuSE Linux, Ubuntu, Mint, Gentoo
Microsoft Server
starts with NT / 2000 up to current Server 2022
Microsoft Windows
3.x / 9.x up to Windows 11
Unix
HP UX / Solaris
SELinux variants

Datenbanken

MySQL
MariaDB
Microsoft MSSQL
PostgreSQL
IBM Rational DOORS
Graylog

Branchen

Branchen

  • Automotive
  • Militär
  • Behörden
  • Energiewirtschaft
  • Gesundheit
  • Musik / Record
  • Finanzen

Vertrauen Sie auf Randstad

Im Bereich Freelancing
Im Bereich Arbeitnehmerüberlassung / Personalvermittlung

Fragen?

Rufen Sie uns an +49 89 500316-300 oder schreiben Sie uns:

Das Freelancer-Portal

Direktester geht's nicht! Ganz einfach Freelancer finden und direkt Kontakt aufnehmen.