CISSP,CCSP,CISA,TISO,CISO,Information Security Project Advisor/Architect

EXPERT-User

Deutsch
nicht angegeben
auf Anfrage
20.03.2017
Deutschland
Nähe des Wohnortes

Kurzvorstellung

IT Erfahrung seit 1980 bereits während der Schulzeit
Consulting Erfahrung seit 1993
IT Security seit 1997
Interkulturelle Kompetenz durch multinat. Projekte

Ich biete

IT, Entwicklung
IT Sicherheit (allg.)
16 Jahre , 2 Monate Erfahrung

Projekt- & Berufserfahrung

Tätigkeitsbeschreibung

Fachliche Beratung zur Einführung einer 2 Faktor Authentisierung in Portalen, Verteilte Authentisierung mit Hilfe von OAuth/OpenIDConnect mit Anbindung an das Mobile Device Integrationsinterface. Review und Fortschreibung der Sicherheitskonzepte. Architekturberatung zu Themen wie Virtualisierung, Microservices, Security & Activity Monitoring.

Eingesetzte Qualifikationen

Netzwerk-Sicherheit, CISA (Certified Information Systems Auditor), Enterprise Service Bus (ESB), Cloud Computing, Certified Information Systems Security Professional (CISSP)

Kommentar des Kunden

Diese Referenz ist unbestätigt

Tätigkeitsbeschreibung

Neubewertung und fachliche Unterstützung bei der Erstellung und Erweiterung eines Sicherheitskonzepts für virtual firewall und load balancer Services, welche als Bausteine für Cloud basierte DP/DHL Services dienen sollen. Erstellt wurden dabei eine initiale Risikobewertung, eine Thread Modellierung nach der STRIDE Methodik, ein angepasster Maßnahmenkatalog mit den entsprechenden Kontrollanforderungen zur Mitigierung der identifizierten Risiken, sowie die Restrisikobewertung mit Empfehlungen.


Eingesetzte Qualifikationen

IT Sicherheit (allg.), Firewalls, Sicherheitskonzept, Management (allg.), Risikomanagement

Kommentar des Kunden

Diese Referenz ist unbestätigt

Tätigkeitsbeschreibung

Fachliche Beratung und Review der Agentur für die Erstellung von Security Awareness e-learning Material zur Schulung von Mitarbeitern zu den Themen Informationsklassifizierung und sicheren Umgang mit Patientendaten.


Eingesetzte Qualifikationen

IT Sicherheit (allg.), IT-Beratung (allg.), Schulung / Training (IT), Schulung / Coaching (allg.), E-Learning

Kommentar des Kunden

Diese Referenz ist unbestätigt

Tätigkeitsbeschreibung

Supporting the banks 3 lines of defence (3LoD) initiative with Information Security and technical expertise. Advisory during assessments and identification of possible inter- divisional issues (e.g. Identity & Access Management, Security Monitoring, Security Architecture) for reducing duplicate efforts and raising awareness across divisions.

Eingesetzte Qualifikationen

IT Sicherheit (allg.), Informationssicherheit, Management (allg.), Risikomanagement

Kommentar des Kunden

Diese Referenz ist unbestätigt

Tätigkeitsbeschreibung

Tasks:

Interim Senior Security Specialist & Advisor for a newly acquired BT customer in the logistics field. Successful preparation of a highly time sensitive ISMS framework adaption and BIA. Advisory on general security architecture, governance, compliance & risk relevant questions for all offered services in the contract scope.
Direct peer for Teamlead Customer Business Continuity/Security.



Eingesetzte Qualifikationen

BSI-Standards, IT Sicherheit (allg.), IT-Governance, Architektur (allg.), Dienstleistung (allg.), Logistik (Allg.)

Kommentar des Kunden

Diese Referenz ist unbestätigt

Tätigkeitsbeschreibung


Project suffered management and organizational change, duties unclear and ended according to contract with MTA starting on December 17th . 2015.


Eingesetzte Qualifikationen

IT Sicherheit (allg.), Architektur (allg.)

Kommentar des Kunden

Diese Referenz ist unbestätigt

Tätigkeitsbeschreibung

Senior Security Architect responsible for design of the Administrative Minimal Rights for Vendors (AMR4V) technical stack.

The AMR4V project combines two major efforts to effectively fulfil regulatory vendor governance requirements:
1. Preventing,limiting and controlling privileged access to systems.
2. Creating a satisfactory chain of evidence whenever privileged access occurs.
Effectively limiting and controlling the access to an IT Asset relies on the capability to verify the purpose of why a system administrator is requesting access prior to granting access and finally allowing him to proceed.
The decision whether access is granted or denied is based upon verification of change ticket or incident ticket information and status.
The second part is to provide a satisfactory chain of evidence (audit trail) of privileged actions performed on a target system. This chain of evidence is built upon of a mature combination and consolidation of controls and information streams.
Key information streams are:
• Ticket information
• Access profiles aligned to mutually agreed access scenarios (Role based access control – RBAC)
• Security Event Monitoring (ArcSight)
• AMR4V components based Application Security Event Monitoring (ArcSight)
• Session Monitoring and recording
This chain of control and evidence is consulted to fulfil governance functions by performing tasks such as change verification and root cause analyses. It will also answer regulatory requirements regarding ongoing monitoring of vendor arrangements in case evidence for a potential lawsuit or service disruption must be provided. This happens by answering conveniently “who did what, where, when, why”.

Eingesetzte Qualifikationen

IT Sicherheit (allg.)

Kommentar des Kunden

Diese Referenz ist unbestätigt

Tätigkeitsbeschreibung

Senior Security Advisor. TISO (Technical Information Security Officer) GT IT Security for the MITSA/PLITSA and newly integrated PBC environment.
Acting as a focal point for vendor governance. Responsible for supporting and coaching of technical experts of the bank and supervision of the outsourcing partner IBM in the planning and implementation of risk mitigation and audit activities. Duties include coordination of topics such as operational risk management, regulatory driven audits and adherence to technical risk management frameworks in scope (ISO/IEC 27002:2005 derived GSD331, MAS TRM Guidelines etc.) Providing technical expertise and judgement for projects. Supporting the mitigation of risks as the technical focal point (UNIX, networking, PKI). Subject Matter expert for vendor Configuration Sate Monitoring. Project SME for Access Control and Privileged Activity Monitoring. Technical assessment and professional opinion on risk assessments. Support of self-assessments, IT risk analysis in different areas of IT infrastructure in a global context. Active organisation and chairing of communication and cooperation with other areas in GT, Audit Resolution, Group- and Global Audit. Function as a technology specialist with profound experience in the areas of infrastructure - and application security. Support as mediating focal point and technical to business translator for the preparation of reports and presentations for senior IT management.


Eingesetzte Qualifikationen

IT Sicherheit (allg.), UNIX, Projektmanagement (IT), Telekommunikation / Netzwerke (allg.), Management (allg.), Risikomanagement, Outsourcing, Auditor

Kommentar des Kunden

Diese Referenz ist unbestätigt

Tätigkeitsbeschreibung

Transfer of IT services to the state of a „controlled system“ with regard to data protection, security concepts and documentation for integrating with the central identity management for Deutsche Telekom. Coordination of the process involved.
Review, consultation and technical support to multiple divisions in fulfilling the relevant compliance requirements.

Eingesetzte Qualifikationen

Datenschutz, IT Sicherheit (allg.), IT-Beratung (allg.), Management (allg.)

Kommentar des Kunden

Diese Referenz ist unbestätigt

Tätigkeitsbeschreibung

Development and communication of security proposals, procedures, and guidelines for multiple platforms and diverse systems environments throughout the European NatCos.
• Review of developments, assessments, and implementation of security plans, products, and control techniques.
• Investigation and recommendation of appropriate corrective actions for data security incidents.
• Providing project management services on highly complex information/IT security projects and issues.
• Identification of security risks to the organization and ensuring that appropriate data security procedures and products are implemented.
• Maintaining an awareness of corporate security policies and government regulations pertaining to information security.


Eingesetzte Qualifikationen

PCI-DSS, IT Sicherheit (allg.), Betriebssysteme (allg.), Projektmanagement (IT), Telekommunikation / Netzwerke (allg.), IT-Beratung (allg.), Management (allg.), Auditor

Kommentar des Kunden

Diese Referenz ist unbestätigt

Tätigkeitsbeschreibung

Direct support of the Senior IT Security Advisor (CISO). High Level design proposal of an infrastructure for secure remote access of ESCB members as well as non ESCB supporting 3rd parties to ECB IT ressources with a strong focus on traceability (WHO did WHAT WHEN and WHY). Creation and review of IT Security Policies, technical specifications and guidelines within the ECB with a strong focus on a realisable framework. Market analytics of various tools and products such as Password Safe, Secure Deletion and removable media control, Password Vaulting and Audit. Creation of Audit Scripts to enable the ECB to permanently assess KPIs and compliance of UNIX systems to the security specification. Technical advisor for an ECB Certificate Authority deployment based on OpenCA now OpenXPKI and handling of upcoming external (ESCB) certificate requests. Creation of an ECB Certificate Practise Statement Proposal. Support of the ECB Be@ware E-Learning Programme (review, amendments). Supporting the creation of an RFP for a SCORM/AICC compatible E-Learning Framework and authoring tool.

Eingesetzte Qualifikationen

IT Sicherheit (allg.), Informationssicherheit, IT-Beratung (allg.), Management (allg.), E-Learning

Kommentar des Kunden

Diese Referenz ist unbestätigt

Tätigkeitsbeschreibung

Direct technical and organizational support of the Chief information Security Officer (CISO). Evaluation of IT projects regarding security, examination of security concepts and architectures of third party contributors. Technical and organizational support during the introduction of an extensive and complex Vulnerability management process.
Evaluation and introduction of a collaboration platform possibly based on Wiki technology.

Eingesetzte Qualifikationen

IT Sicherheit (allg.), Informationssicherheit, IT-Beratung (allg.), Management (allg.), Auditor

Kommentar des Kunden

Diese Referenz ist unbestätigt

Tätigkeitsbeschreibung

Support of Audit Resolution Project Management. Coordination and active support with Audit Issue Closure Management. Supportive expertise as security specialist and IT architect. Expertise support with the establishment of a security monitoring framework. Active support of an enhanced Audit/Resolution/ Closure Management workflow to support "business as usual" handover to the bank. Interface between internal Audit Team and Issue owners (Director Level). Expertise point of contact for assignees. Expertise support for management reporting.


Eingesetzte Qualifikationen

IT Sicherheit (allg.), IT-Governance, IT-Beratung (allg.), Auditor

Kommentar des Kunden

Diese Referenz ist unbestätigt

Tätigkeitsbeschreibung

Tasks:
Supporting invitations to tender in context of the german electronic health card with a clear focus on an acceptable level of security during the implementation of an embedded midddleware system. Reviewing and commenting the implementation of the card management system, the PKI and mass production processes. Main focus is protection of privacy, clean and tamper proof audit trail as well as technical measures to ensure availability, integrity, non repudiation and confidentiality. Local „security enangelist“


Eingesetzte Qualifikationen

IT Sicherheit (allg.), Architektur (allg.), Management (allg.), Auditor

Kommentar des Kunden

Diese Referenz ist unbestätigt

Tätigkeitsbeschreibung

Tasks:
Planning and engineering of several projects in the public sector as technical Project Manager. Advisory and design of an out-of-band management solution to enhance the quality of service with a clear focus on security.


Eingesetzte Qualifikationen

IT Sicherheit (allg.)

Kommentar des Kunden

Diese Referenz ist unbestätigt

Tätigkeitsbeschreibung

Tasks:
Project definition, consolidation, requirements evaluation, design, implementation and documentation of a secure mobile computing platform (VPN). Supervising consultancy for the network refactoring project in terms of general network and system security (evaluation of an 802.1x based authentication infrastructure, centrally managed endpoint security policy enforcement and reporting). Establishment of an incident response process in close cooperation with the IT support division.
Introduction of OSSIM for consolidated incident reporting and alerting. Assisting the organisation with the preparation for a BS 7799 audit planned for 2005 based on experience with the german „IT Grundschutzhandbuch“.


Eingesetzte Qualifikationen

IT Sicherheit (allg.), Telekommunikation / Netzwerke (allg.), VPN (Virtual Private Network), IT-Beratung (allg.)

Kommentar des Kunden

Diese Referenz ist unbestätigt

Tätigkeitsbeschreibung

Tasks:
Senior Consultant Networks & Security
Writing and presentation of an expertise regarding VLAN security in Cisco environments. Professional judgement and consultancy of a network design proposal for a high secure server farm to process credit card data where all customers have to be strictly seperated. Further project details are confidential and may not be disclosed without the customers written consent.


Eingesetzte Qualifikationen

IT Sicherheit (allg.), Telekommunikation / Netzwerke (allg.), VLAN (Virtual Local Area Network), IT-Beratung (allg.)

Kommentar des Kunden

Diese Referenz ist unbestätigt

Tätigkeitsbeschreibung

Tasks:
Consultancy during the introduction of a PKI/Bridge CA and Novell eDirectory for all partner airlines of the group. The Directory is to serve as a container to centrally store and manage user data, certificates and credentials. RBAC (role based access control) to applications from different airlines is handled by Novell iChain as secure gatekeeper accessing the directory to retrieve user data and credentials. Supported the introduction of a baseline Security Policy and adjustment of the IT infrastructure to meet the prior defined rules. Setup and administration of LINUX based firewalls (iptables) as well as Checkpoint NG on NOKIA hardware (IP530). Supported operation team with general network design (Cisco environment) regarding security. Introduction of a service monitoring tool (NAGIOS) to enhance service availability by in-time problem notification of administrators.


Eingesetzte Qualifikationen

Access, Hardware Entwicklung, Check Point (allg.), Cisco Firewalls, IT Sicherheit (allg.), Firewalls, Linux (Kernel), SAP Beratung (allg.), Nagios, IT-Support (allg.), Telekommunikation / Netzwerke (allg.), IT-Beratung (allg.), Design (allg.), Adobe InDesign, Bridge

Kommentar des Kunden

Diese Referenz ist unbestätigt

Tätigkeitsbeschreibung

Tasks:
Introduction of a PKI (Public key Infrastructure) for safe RBAC to backend systems in the B2B (selling) and B2C Internet portal of an international insurance company. VPN Re- Design with integration of the existing Utimaco based infrastructure. Technical consulting (mainly IPSEC usage on Cisco equipment) for the LAN/WAN Re-Design Project. Supported the CSO and IT security personnel by adapting the IT security policy to a new VPN and LAN/WAN infrastructure. Designed and implemented an export and import interface for the user administration database to the Radius LDAP backend in the VPN environment written in Perl and bash. Created a tool for mass updating Cisco routers via ISDN written with the expect tool from TCL specially tailored to the customers demands. Designed and implemented the new VPN infrastructure based on a highly scalable dial up infrastructure. Created a Perl written accounting tool allowing to check the provider bills against an own radius accounting.
Wrote a complete operating documentation for the VPN and PKI. Introduced the CRICKET grapher based on rrdtool to allow graphical analyses of network traffic. Attended and supported technical discussions between ISP and customer.


Eingesetzte Qualifikationen

IT Sicherheit (allg.), IPSec, Perl, TCL/TK, Bash (Shell), IT-Support (allg.), Router / Gateways, Telekommunikation / Netzwerke (allg.), VPN (Virtual Private Network), LAN, ISP (Internet Service Provider), ISDN, Internet / Intranet

Kommentar des Kunden

Diese Referenz ist unbestätigt

Tätigkeitsbeschreibung

Tasks:
Intrudoced Linux as a new operating system to a leading EC/Creditcard billing provider (Part of Dt. Telekom). Established and supported a Net900 Micro Payment system based on Linux and Postgres DB. Net900 was positioned as payment follow-up system of VTX in the market. System administration, design and implementation of a platform independent backup concept with AMANDA. Consultation in questions of system and network security (Checkpoint FW1, Linux based solutions). Support of internal coworkers with Cisco Router/Switches as well as Internet generally. Design and implementation of a multi-location mail system based on Postfix MTA running on Linux. Training of coworkers and computer centre personnel in terms of a baseline security policy. Writing/reviewing technical documentation.


Eingesetzte Qualifikationen

PostgresSQL, Netzwerk-Sicherheit, Check Point (allg.), IT Sicherheit (allg.), Betriebssysteme (allg.), postfix, IT-Support (allg.), Router / Gateways, Back up / Recovery, Router, Telekommunikation / Netzwerke (allg.), Cisco Router, Internet / Intranet, IT-Beratung (allg.)

Kommentar des Kunden

Diese Referenz ist unbestätigt

Tätigkeitsbeschreibung

Tasks:
Conception, co-ordination and realization of a VPN with use of Cryptohard/software to offer high secure Remote Access for approx. 500 agencies, 2000 free brokers and about 600 field representatives. Design and implementation of a basic Utimaco PKI. Design and implementation of a redundant VPN Crypto Gateway with 2 Radware Fireproofs based on Utimaco Safeguard VPN. Defined processes for X.509 certificate distribution. Supported the CIO in the decision process (risk-useability-cost) for a suitable Certificate storage (SmartCard, Harddisk, Diskette or upcoming USB Token). This project was realized as a reference project together with KPN/QWest Germany. Product evaluation for a Web2Host solution in the context of the VPN and inhouse use - Replacement of Attachmate InfoConnect by Attachmate e-Vantage. Support of internal coworkers with the administration/auditing of the Checkpoint/Cisco PIX Firewall systems as well as configuration of Cisco Routers/Switches.
Special feature: Sucessfully implemented a dialout solution for the integration and co- ordination of all specialized divisions and internal/external specialists involved in NOVADATA PRISMA as the tool for the software and inventory data distribution within the VPN. Tight co-operation with NOVADATA, as well as consulting of the Internet/Intranet group and their support in co-operation with the ISP. Direct consulting of the IT managers and the steering committee in questions of network optimization and cost/use analysis.

Eingesetzte Qualifikationen

Check Point (allg.), Cisco Firewalls, Firewalls, Projektassistenz (IT), Router / Gateways, ISP (Internet Service Provider), Internet / Intranet

Kommentar des Kunden

Diese Referenz ist unbestätigt

Zertifikate

CCSP
Februar 2017
eCSI
April 2015
Prince 2 Practitioner
Juli 2010
CISA
Oktober 2006
CISSP
März 2003

Ausbildung

Technischer Assistent Informatik (Ausbildung)
Jahr: 1992
Ort: Karlsruhe

Qualifikationen

Zertifizierung als CISSP (Certified Information System Security Professional)
Zertifizierung als CCSP (Certified Cloud Security Professional)
Zertifizierung als CISA (Certified Information Systems Auditor)
Zertifizierung als Projekt Manager (Prince2 Practitioner)
ITILv2 Foundation

Mein Beratungsansatz gliedert sich in die Bereiche:

IT Governance/Security Management
Technical Risk Consulting (Infrastrukturberatung/Architektur)
Datenschutz (in Partnerschaft mit MDS und der Secianus Partnergesellschaft)
Audit Resolution Support/Expertisen
interdisziplinäres Wissensmanagement und Kollaboration

Technischer Assistent Informatik
EDV Erfahrung seit 1980 bereits während der Schulzeit
Praktische Erfahrung Rechenzentren (Netzwerke, Datenbanken, Operating, AV)
Consulting Erfahrung seit 1993
Interkulturelle Kompetenz durch Mitarbeit in multinational besetzten Projekten
1995 Einstieg beim deutschen Internet Pionier Xlink als Netzwerkspezialist
Schwerpunkt VPN und Informationssicherheit seit 1996
Aufbau und Leitung des Teams Internettechnik der Xlink Consulting Division in Köln ab 1997
Seit 1999 freiberuflicher Senior Security Consultant sowie technischer Projektleiter mit Schwerpunkt Information Security Management & Security Architecture

Über mich

Als externer TISO - (Technical Information Security Officer) bzw. (C)ISO - (Chief) Information Security Officer ) steht das Verstehen Ihrer Umgebung und Ihrer Herausforderungen im Vordergrund. Ein vertrauensvoller und offener Dialog bildet die Basis für flexible und nachhaltige Lösungsansätze im Bereich Informationssicherheit, IT Governance, Risk & Compliance.
Der Status als Externer erlaubt mir in vielen Fällen über die Abteilungsgrenzen hinweg weitgehend politisch unbelastet zu vermitteln und die richtigen Personen zum richtigen Zeitpunkt einzubinden.
Neue Impulse können freigesetzt und Synergien genutzt werden,die sonst im oftmals hektischen Tagesgeschäft häufig ungenutzt bleiben.

Persönliche Daten

Sprache
Deutsch (Muttersprache)
Englisch (Fließend)
Arbeitserlaubnis
Europäische Union
Schweiz
Vereinigte Staaten von Amerika
Berufserfahrung
27 Jahre und 4 Monate (seit 11/1989)
Reisebereitschaft
Nähe des Wohnortes
Home-Office
bei Bedarf möglich
Projektleitung
14 Jahre
Beruflicher Status
Ich bin auf eigene Rechnung in Projekten tätig (Freelancer)

Kontaktdaten

nur registrierte PREMIUM-Mitglieder von Freelance.de können Kontaktdaten einsehen.