Security Architect / Security Consultant / System Architect

Security architect and consultant with particular experience in IOT/OT and EV, EVSE automotive but also IT, ML, automation and robotics, RED and NIS2 directives.

• Compliance management
• Corporate Security
• Cyber Security
• Internet of Things (IoT)
• Kryptographie
• Penetrationstest
• Security Architektur
• Solution Architektur
• System Architektur
• Systems Engineering

- Help with NIS2 and RED directives in IOT and related industries.
Services Offered
● System Architecture Assessment: Conduct thorough reviews of existing or planned systems to identify security vulnerabilities, resilience issues, operational risks, bottlenecks, and areas of cost inefficiency.
● System Architecture Consulting: Expertly identify requirements, assess risks, and recommend technology stacks and platforms tailored to specific business needs.
● Security Risk Assessment: Evaluating the security of systems, products, and business processes.
● Resilience Assessment, ethical hacking and penetration testing: Ensuring the robustness of IT/OT/IoT systems against attacks and malfunction.
● Product Design Advice & Treat Modelling: Consulting on EV/EVSE, security and national standards and secure product design.
● Training, Consulting, and Support for Leads and CTOs: Provide expert coaching on information security, system design, and business processes to enhance the skills of Leads and CTOs.
● Roadmap Development: Prioritising solutions for system and process improvements.
● Security Architecture Integration: Implementing security concepts into business processes.
● Training & Consulting: Deliver specialised coaching to engineering teams on information
security, security testing, secure coding practices, and system implementation, aimed at
bolstering their technical proficiency and safeguarding projects.
● Compliance and Best Practices Analysis: Reviewing adherence to industry standards and
best practices.

Core Competencies
● Risk Assessment & Threat Modelling: Masterful in identifying design and technical vulnerabilities, and in fortifying systems against cyber threats.
● Process Improvement: Skilled in streamlining IT/IoT/manufacturing and security processes for cost reduction and enhanced efficiency.
● System Architecture: Experienced in designing scalable, efficient, maintainable and secure systems based on standards and best engineering and security practises.
● Team Development & Leadership: Experienced in building and leading teams of security experts.
● Security Analysis, Preparedness, Penetration tests and Ethical Hacking: Proficient in evaluating security postures and preparing for evolving challenges.
● Secure SDLC & Software Design and Development: Experienced software and system architect with extensive hands-on expertise in Python, JavaScript, and TypeScript.
How I Help
● Risk and Damage Assessment: Evaluating risks and current business processes and assets to assess potential damage.
● Targeted Security Assessments: Conducting thorough assessments to identify and address security vulnerabilities.
● Threat Minimization: Identifying and reducing financial and reputational damage from security threats.
● Information Leak Prevention: Minimising the risks of valuable information leakage.
● Team Mentoring: Fostering cohesive teams and robust cybersecurity practices.
● Cost Reduction: Streamlining IT and security processes to reduce costs.
● Development Security Preparedness: Training developers to maintain robust information
systems security.
● Security Posture Improvement: Enhancing the ability to respond to cybersecurity threats.
● Framework Creation: Establishing frameworks for secure process and project
implementation.
● System Architecture Development: Expertly design and redesign systems within IT/OT and
IoT domains, extensively utilising microservices, containerization, and virtualization to enhance critical system factors.
Additionally:
Programming with TypeScript/JS, Python, C#, and C/C++, PHP, Rust. Familiar with Java, Go ecosystems.
Currently not focusing but have a broad experience with web and API applications security and development, servers security and configuration, secOps, SecDevOps.
Familiar with Machine Learning (ML), big data, blockchain, AI, and Machine Vision. Experienced with AWS and GCP clouds.

found in profile qualification
- Assessment of the architecture and associated risks of systems, products (both hardware and software) and business processes, both existing and in the design and implementation phase;
- Assessment of information security and resilience of IT / OT / IoT systems;
- Assessment of the resilience of individual system components and devices against attacks;
- Advice on product design with respect to EV/EVSE standards such as ISO 15118, OCPP, ISO/SAE 21434:2021;
- Evaluation of the preparedness and response quality of enterprise information security teams;
- Analysing, developing and prioritising roadmaps and technical solutions aimed at correcting deficiencies in company systems and processes;
- Preparing and integrating security architecture shift-left and purple teaming concepts into business processes;
- Developing and assisting (including through trusted partners) in the deployment of information security solutions;
- Training and coaching internal departments on information security and threat response;
- Consulting on IoT and IT security topics, including applied cryptography, PKI, system design and system architecture, business process security and business structure;
- Review and analysis of gaps against industry and product standards, directives such as IEC 62443, EN 303 645, PCI-DSS, GDPR, NIST 800-171, ISO 27001;
- Review and analysis of following best practices such as OWASP, SANS, NIST-800, MITRE ATT&CK, GSMA;
- DevSecOps services and CI/CD design;
- Hands-on consulting in technology stacks based on C#, C/C++, Rust, Python, TypeScript/JS for IOT, security testing and test automation, data resilience and data mining, AI, ML, robotics.