Senior Security and Privacy Manager mainly in Automotive Sector (ISO/SAE 21434)
Aktualisiert am 20.06.2024
Profil
Freiberufler / Selbstständiger
Remote-Arbeit
Verfügbar ab: 30.06.2024
Verfügbar zu: 100%
davon vor Ort: 15%
TARA
Security Concept
ISO/SAE 21434
German
UNIcert II (equivalent to B2)
English
Publications
Arabic
Mother Tongue

Einsatzorte

Einsatzorte

Deutschland, Schweiz, Österreich
möglich

Projekte

Projekte

2022 - today: Driver Assistance


Role: Security & Privacy Manager

Customer: Continental Engineering Services, Frankfurt, Germany


Tasks:

  • Internal and external representative of all Security & Privacy aspects of automotive projects. Responsible for the communication and coordination with suppliers and internal/external customers.
  • Analyze customer requirements, develop architectural specifications, and design security mechanisms. Responsible for the modeling, definition, and alignment of security requirements with internal and external stakeholders. Supports all domains in Security & Privacy activities.
  • Create and maintain Security & Privacy work products and artifacts (such as TARA, Requirements, Architecture, Security Concept, and Security Case) according to ISO/SAE 21434. Responsible for supporting hardware and software teams in the realization of security requirements.
  • Responsible for performing threat and vulnerability analyses and risk assessments.
  • Responsible for initiating, planning, and supporting Security & Privacy assessment and testing.
  • Responsible for defining and coordinating Security & Privacy for production and key provisioning.
  • Participate in the development/refinement of the CES internal security process based on the relevant standards and regulations.
  • Provide Security & Privacy training to new PSPMs as well as other employees.
  • Assist in building company?s internal penetration testing team.

Projects:
  • Driver Assistance: ADAS system including a forward facing long range radar, and a windscreen mounted multi-function camera.
  • Power Electronics: High Voltage (HV) inverter for controlling the e-machine in electrified vehicles.
  • Vehicle Dynamics: Two-channel Anti-lock Brake System (ABS).

2020 - today: Assisted in supervising of Ph.D., Master and Bacherlor students


Role: Postdoc, CISPA

Customer: Helmholtz Center for Information Security, Saarbrücken, Germany


Tasks:

  • Worked in the System Security research group at CISPA ? Helmholtz Center for Information on exploring security problems in the area of microarchitectural attacks and defences.
  • Assisted in supervising of Ph.D., Master and Bacherlor students.

2014 - 2019: various solutions for securing low-end embedded devices in large (IoT) networks


Role: Research Assistant

Customer: Technical University of Darmstadt, Darmstadt, Germany


Tasks:

  • Worked for Professor Ahmad-Reza Sadeghi on securing low-end embedded devices.
  • Designed, implemented, evaluated, and published various solutions for securing low-end embedded devices in large (IoT) networks.

2014 - 2019: Organized the seminar and the lab


Role: Teaching Assistant

Customer: Technical University of Darmstadt, Darmstadt, Germany


Tasks:

  • Was a teaching assistant for the seminar titled ?System and IoT Security?, the lab titled ?Practical Lab on System and IoT Security?, and the courses titled ?Embedded System Security? and ?Secure, Trusted and Trustworthy Computing?.
  • Organized the seminar and the lab.
  • Provided research topics and programming assignments in the area of embedded security. Supervised and assisted students to complete their assignments and gain knowledge on the security and privacy aspects of embedded systems.
  • Made the slides for the lectures.
  • Held weekly review sessions and office hours.
  • Wrote and graded assignments.
  • Proctored and graded exams.

2011 - 2013: Held multiple exercise sessions weekly


Role: Teaching Assistan

Customer: University of Saarland - Saarbrücken, Saarland, Germany


Tasks:

  • Was a teaching assistant for: ?Methods of?Artificial Intelligence?, and ?Database Systems?.
  • Held multiple exercise sessions weekly (with up to 60 students).
  • Gave lectures while the instructors are out of town.
  • Wrote and graded assignments.
  • Proctored and graded exams

Aus- und Weiterbildung

Aus- und Weiterbildung

2014 - 2019

Technical University of Darmstadt, Darmstadt, Germany

Ph.D., Computer Security


2010 - 2013

University of Saarland - Saarbücken, Saarland, Germany

M.Sc., Computer Science


2009 - 2010

Lebanese University, Beirut, Lebanon

Master I, Computer Science


2007 - 2010

Lebanese University, Beirut, Lebanon

B.Sc., Business Administration, Lebanese University, Beirut, Lebanon


2006 - 2009

Lebanese University, Beirut, Lebanon

B.Sc., Computer Science


Relevant Coursework / Training

Continental Engineering Services (CES), Frankfurt
  • Project Management 8 hrs / Online / CES
  • Security & Privacy Management / ISO 21434 264 hrs / Hybrid / clockworkX
  • Security & Privacy Management Standard 6 hrs / Online / CES
  • Automotive SPICE 8 hrs / Online / CES
  • Secure Software Development Life Cycle 4 hrs / Online / CES
  • Security Testing 6 hrs / Online / CES
  • Security Risk Analysis 4 hrs / Online / CES
  • Threat Analysis & Risk Assessment (TARA) 36 hrs / Online / CES
  • Security in Production 42 hrs / Hybrid / CES
  • Automotive Information & Cybersecurity 2 hrs / Online / CES
  • Automotive Cybersecurity Standards and Regulations 4 hrs / Online / CES
  • Data Protection and Cybersecurity 6 hrs / Online / CES
  • Privacy and Data Protection in Automotive 2 hrs / Online / CES
  • Requirements Management 8 hrs / Online / CES
  • Quality Management, Knowledge Management 8 hrs / Online / CES
  • Diversity Management 2 hrs / Online / CES
  • Talent Management 2 hrs / Online / CES
  • Autonomous Mobility and Safety 8 hrs / Online / CES
  • Introduction to Functional Safety 12 hrs / Online / CES
  • Vehicle Networking and Information 8 hrs / Online / CES
  • Sensitivity Labeling 2 hrs / Online / CES
  • Classification of Information 2 hrs / Online / CES
  • Secure Hardware Components 12 hrs / Online / CES
  • Secure Boot 12 hrs / Online / CES
  • Secure Software Updates 16 hrs / Online / CES
  • Over the Air Updates

Kompetenzen

Kompetenzen

Top-Skills

TARA Security Concept ISO/SAE 21434

Produkte / Standards / Erfahrungen / Methoden

Programming Experience

  • Postdoc: 
    • Designed and implemented a fuzzing framework that enables discovering hidden hardware leakage channels. Also, implemented multiple proof of concept side-channel attacks based on novel leakage channels identified by the framework.
  • Ph.D. 
    • Designed and implemented an integrity verification solution for an important German automobile manufacturer. Designed and implemented a resilient attestation protocol for autonomous drones. Designed and implemented a swarm attestation demo on a network of Intel Galileo boards.
  • M.Sc. 
    • Completed a project connecting android phones to sensors through I2C bus. Implemented a database management system with its different layers using Java. Designed and implemented an indoor positioning system for android phones in Java.
  • B.Sc. 
    • Designed and implemented the required database and user interface for the ?Lebanese Parliament Election Program? using VB.NET/ADO.NET/SQL 2005.
  • Others 
    • Many mini projects in different courses.


Technical Experience

Extremely Proficient With

  • Languages
    • C, C++, Java, Android Java, JavaScript, VB.Net, Assembly.
  • Technologies 
    • Medini Analyze, DOORS, IMS, Git, Apache Subversion, Jira, Access, Microsoft Office,Latex, Photoshop, Visual Studio, Eclipse, Netbeans, .NET, Windows, Ubuntu, Kali Linux, OSX.
Have Experience With
  • Languages 
    • C#, Matlab, HTML, CSS, Lisp, Prolog.
  • Technologies 
    • Nmap, Burp Suite, Metasploit, OWASP, John the Ripper, NIST & SANS Incident Frameworks, MySQL, SQL Server.
  • Standards
    • ISO/SAE 21434, ISO 15118, ISO/FDIS 24089, ISO/IEC 29147, ISO/IEC 27001, ASPICE, UNECE R155 R156 R157 WP29, GDPR


Computer Science - Saarland University, Saarbrücken

  • Database Systems
  • Artificial Intelligence
  • Cryptography
  • Image Processing and Computer Vision
  • Compiling Theory
  • Data Transmission - Distributed Application
  • Programming
  • Inter Network
  • Multimedia
  • Advanced Operating Systems
  • Image and Video Compression


Computer Science - Lebanese University, Beirut

  • Compiling Theory
  • Information Systems
  • Inter-network
  • Advanced Operating Systems
  • Advanced Object Oriented Programming
  • Artificial Intelligence
  • Distributed Application Programming
  • Computer Science I: General Computing and Introduction
  • Imperative Programming I
  • Computer Architecture I
  • Information System I
  • Logic
  • Commutative Algebra
  • Mathematics for Informatic
  • Graph Theory
  • Computer Architecture II
  • Data Structures
  • Networking I
  • Imperative Programming II
  • Introduction to Web Development
  • Databases I
  • Object Oriented Programming
  • Introduction to Computer Graphics
  • Web Environment and XML
  • Networking II
  • Software Engineering
  • Language Theory
  • Applied Database and Programming
  • Operating System II


Computer Science - Others

  • General Chemistry
  • Basics in Mathematics
  • Linear Algebra I
  • Real Analysis (Functions)
  • Mechanics
  • Electricity & Magnetism
  • Linear Algebra II
  • Sequences and Series
  • Integral Calculus
  • Functions of Several Variables & Vector Functions
  • Combinatory Analysis & Descriptive Statistics
  • Linear Algebra III

Programmiersprachen

C, C++
C#
Java
Android Java
JavaScript
VB.Net
Assembly
Matlab
HTML
CSS
Lisp
Prolog


Branchen

Branchen

Automotive

Einsatzorte

Einsatzorte

Deutschland, Schweiz, Österreich
möglich

Projekte

Projekte

2022 - today: Driver Assistance


Role: Security & Privacy Manager

Customer: Continental Engineering Services, Frankfurt, Germany


Tasks:

  • Internal and external representative of all Security & Privacy aspects of automotive projects. Responsible for the communication and coordination with suppliers and internal/external customers.
  • Analyze customer requirements, develop architectural specifications, and design security mechanisms. Responsible for the modeling, definition, and alignment of security requirements with internal and external stakeholders. Supports all domains in Security & Privacy activities.
  • Create and maintain Security & Privacy work products and artifacts (such as TARA, Requirements, Architecture, Security Concept, and Security Case) according to ISO/SAE 21434. Responsible for supporting hardware and software teams in the realization of security requirements.
  • Responsible for performing threat and vulnerability analyses and risk assessments.
  • Responsible for initiating, planning, and supporting Security & Privacy assessment and testing.
  • Responsible for defining and coordinating Security & Privacy for production and key provisioning.
  • Participate in the development/refinement of the CES internal security process based on the relevant standards and regulations.
  • Provide Security & Privacy training to new PSPMs as well as other employees.
  • Assist in building company?s internal penetration testing team.

Projects:
  • Driver Assistance: ADAS system including a forward facing long range radar, and a windscreen mounted multi-function camera.
  • Power Electronics: High Voltage (HV) inverter for controlling the e-machine in electrified vehicles.
  • Vehicle Dynamics: Two-channel Anti-lock Brake System (ABS).

2020 - today: Assisted in supervising of Ph.D., Master and Bacherlor students


Role: Postdoc, CISPA

Customer: Helmholtz Center for Information Security, Saarbrücken, Germany


Tasks:

  • Worked in the System Security research group at CISPA ? Helmholtz Center for Information on exploring security problems in the area of microarchitectural attacks and defences.
  • Assisted in supervising of Ph.D., Master and Bacherlor students.

2014 - 2019: various solutions for securing low-end embedded devices in large (IoT) networks


Role: Research Assistant

Customer: Technical University of Darmstadt, Darmstadt, Germany


Tasks:

  • Worked for Professor Ahmad-Reza Sadeghi on securing low-end embedded devices.
  • Designed, implemented, evaluated, and published various solutions for securing low-end embedded devices in large (IoT) networks.

2014 - 2019: Organized the seminar and the lab


Role: Teaching Assistant

Customer: Technical University of Darmstadt, Darmstadt, Germany


Tasks:

  • Was a teaching assistant for the seminar titled ?System and IoT Security?, the lab titled ?Practical Lab on System and IoT Security?, and the courses titled ?Embedded System Security? and ?Secure, Trusted and Trustworthy Computing?.
  • Organized the seminar and the lab.
  • Provided research topics and programming assignments in the area of embedded security. Supervised and assisted students to complete their assignments and gain knowledge on the security and privacy aspects of embedded systems.
  • Made the slides for the lectures.
  • Held weekly review sessions and office hours.
  • Wrote and graded assignments.
  • Proctored and graded exams.

2011 - 2013: Held multiple exercise sessions weekly


Role: Teaching Assistan

Customer: University of Saarland - Saarbrücken, Saarland, Germany


Tasks:

  • Was a teaching assistant for: ?Methods of?Artificial Intelligence?, and ?Database Systems?.
  • Held multiple exercise sessions weekly (with up to 60 students).
  • Gave lectures while the instructors are out of town.
  • Wrote and graded assignments.
  • Proctored and graded exams

Aus- und Weiterbildung

Aus- und Weiterbildung

2014 - 2019

Technical University of Darmstadt, Darmstadt, Germany

Ph.D., Computer Security


2010 - 2013

University of Saarland - Saarbücken, Saarland, Germany

M.Sc., Computer Science


2009 - 2010

Lebanese University, Beirut, Lebanon

Master I, Computer Science


2007 - 2010

Lebanese University, Beirut, Lebanon

B.Sc., Business Administration, Lebanese University, Beirut, Lebanon


2006 - 2009

Lebanese University, Beirut, Lebanon

B.Sc., Computer Science


Relevant Coursework / Training

Continental Engineering Services (CES), Frankfurt
  • Project Management 8 hrs / Online / CES
  • Security & Privacy Management / ISO 21434 264 hrs / Hybrid / clockworkX
  • Security & Privacy Management Standard 6 hrs / Online / CES
  • Automotive SPICE 8 hrs / Online / CES
  • Secure Software Development Life Cycle 4 hrs / Online / CES
  • Security Testing 6 hrs / Online / CES
  • Security Risk Analysis 4 hrs / Online / CES
  • Threat Analysis & Risk Assessment (TARA) 36 hrs / Online / CES
  • Security in Production 42 hrs / Hybrid / CES
  • Automotive Information & Cybersecurity 2 hrs / Online / CES
  • Automotive Cybersecurity Standards and Regulations 4 hrs / Online / CES
  • Data Protection and Cybersecurity 6 hrs / Online / CES
  • Privacy and Data Protection in Automotive 2 hrs / Online / CES
  • Requirements Management 8 hrs / Online / CES
  • Quality Management, Knowledge Management 8 hrs / Online / CES
  • Diversity Management 2 hrs / Online / CES
  • Talent Management 2 hrs / Online / CES
  • Autonomous Mobility and Safety 8 hrs / Online / CES
  • Introduction to Functional Safety 12 hrs / Online / CES
  • Vehicle Networking and Information 8 hrs / Online / CES
  • Sensitivity Labeling 2 hrs / Online / CES
  • Classification of Information 2 hrs / Online / CES
  • Secure Hardware Components 12 hrs / Online / CES
  • Secure Boot 12 hrs / Online / CES
  • Secure Software Updates 16 hrs / Online / CES
  • Over the Air Updates

Kompetenzen

Kompetenzen

Top-Skills

TARA Security Concept ISO/SAE 21434

Produkte / Standards / Erfahrungen / Methoden

Programming Experience

  • Postdoc: 
    • Designed and implemented a fuzzing framework that enables discovering hidden hardware leakage channels. Also, implemented multiple proof of concept side-channel attacks based on novel leakage channels identified by the framework.
  • Ph.D. 
    • Designed and implemented an integrity verification solution for an important German automobile manufacturer. Designed and implemented a resilient attestation protocol for autonomous drones. Designed and implemented a swarm attestation demo on a network of Intel Galileo boards.
  • M.Sc. 
    • Completed a project connecting android phones to sensors through I2C bus. Implemented a database management system with its different layers using Java. Designed and implemented an indoor positioning system for android phones in Java.
  • B.Sc. 
    • Designed and implemented the required database and user interface for the ?Lebanese Parliament Election Program? using VB.NET/ADO.NET/SQL 2005.
  • Others 
    • Many mini projects in different courses.


Technical Experience

Extremely Proficient With

  • Languages
    • C, C++, Java, Android Java, JavaScript, VB.Net, Assembly.
  • Technologies 
    • Medini Analyze, DOORS, IMS, Git, Apache Subversion, Jira, Access, Microsoft Office,Latex, Photoshop, Visual Studio, Eclipse, Netbeans, .NET, Windows, Ubuntu, Kali Linux, OSX.
Have Experience With
  • Languages 
    • C#, Matlab, HTML, CSS, Lisp, Prolog.
  • Technologies 
    • Nmap, Burp Suite, Metasploit, OWASP, John the Ripper, NIST & SANS Incident Frameworks, MySQL, SQL Server.
  • Standards
    • ISO/SAE 21434, ISO 15118, ISO/FDIS 24089, ISO/IEC 29147, ISO/IEC 27001, ASPICE, UNECE R155 R156 R157 WP29, GDPR


Computer Science - Saarland University, Saarbrücken

  • Database Systems
  • Artificial Intelligence
  • Cryptography
  • Image Processing and Computer Vision
  • Compiling Theory
  • Data Transmission - Distributed Application
  • Programming
  • Inter Network
  • Multimedia
  • Advanced Operating Systems
  • Image and Video Compression


Computer Science - Lebanese University, Beirut

  • Compiling Theory
  • Information Systems
  • Inter-network
  • Advanced Operating Systems
  • Advanced Object Oriented Programming
  • Artificial Intelligence
  • Distributed Application Programming
  • Computer Science I: General Computing and Introduction
  • Imperative Programming I
  • Computer Architecture I
  • Information System I
  • Logic
  • Commutative Algebra
  • Mathematics for Informatic
  • Graph Theory
  • Computer Architecture II
  • Data Structures
  • Networking I
  • Imperative Programming II
  • Introduction to Web Development
  • Databases I
  • Object Oriented Programming
  • Introduction to Computer Graphics
  • Web Environment and XML
  • Networking II
  • Software Engineering
  • Language Theory
  • Applied Database and Programming
  • Operating System II


Computer Science - Others

  • General Chemistry
  • Basics in Mathematics
  • Linear Algebra I
  • Real Analysis (Functions)
  • Mechanics
  • Electricity & Magnetism
  • Linear Algebra II
  • Sequences and Series
  • Integral Calculus
  • Functions of Several Variables & Vector Functions
  • Combinatory Analysis & Descriptive Statistics
  • Linear Algebra III

Programmiersprachen

C, C++
C#
Java
Android Java
JavaScript
VB.Net
Assembly
Matlab
HTML
CSS
Lisp
Prolog


Branchen

Branchen

Automotive

Vertrauen Sie auf Randstad

Im Bereich Freelancing
Im Bereich Arbeitnehmerüberlassung / Personalvermittlung

Fragen?

Rufen Sie uns an +49 89 500316-300 oder schreiben Sie uns:

Das Freelancer-Portal

Direktester geht's nicht! Ganz einfach Freelancer finden und direkt Kontakt aufnehmen.