Cybersecurity & AI Governance Consultant (ISO 27001, NIS-2, TISAX, ISO 42001)

10/2023 – 12/2023

SME for Security Architecture in the SAFE landscape performing analyses of security status on ART level and development of security architecture artefacts on Capability, Large Solution and Platform level including:
Analysis of the DevSecOps process in all ARTs of a digitalization department
Identification of decision points for security issues in the DevSecOps process
Analysis of the decision levels in the SAFe framework (products, ARTs, solution, portfolio)
Analysis of decision-making bodies and participants
Alignment of architecture and security artefacts on all levels
Analysis of overlaps between architecture and security artefacts
Identification of decision points for Architecture topics
Analysis of decision levels in the SAFe framework (products, ARTs, solution, portfolio).
Analysis and linking to the Domain Model / Architecture Target Landscape
Depiction of the dependencies between architecture and IT security
Development of security guidelines for architecture, etc.
Creation of result and management presentations

Enterprise Architect (EA), Solution Architektur

4/2023 – 12/2023

Creation and implementation of processes including:
• Analysis of existing policies, security standards and blueprints
• Interviews with different stakeholders to evaluate security status in products to adapt project plan
• Gap analysis
• Adapting of project plan based on risk assessment and gap analysis. Priorizitation by using OWASP Top 10 Cybersecurity risks as a reference
• Support with moving legacy application to cloud (AWS)
• Development of secure coding guidelines, static code analysis and dynamic code analysis by using different tools (SonarQube, BlackDuck, Prisma, …)
• Communication interface between development teams and central cybersecurity (business- and operations side)
• Conducting of workshop to raise awareness on team level and sharpen understanding of responsibilities
• Development of shared responsibilities and RACI-matrix
• Improvement of security standards and blueprints including feedback loops from development teams and central cybersecurity
• Plan and implementation of suitable knowledge management
• Roll-out of new standards, processes and blueprints and enabling of development teams for following topics (excerpt):
o User Access Management
o Vulnerability Management
o Incident Management
o Asset Management
o Hardening
o Backup & Recovery
o Patch Management
o Logging and Monitoring
o Data protection
• Presentation of results on management level to raise awareness about security status

Access Management, Amazon Web Services (AWS), Back up / Recovery, Benutzerverwaltung, Berechtigungskonzept, Cloud (allg.), Cyber Security, Incident-Management, Projektleitung / Teamleitung (IT), Prozessmanagement

10/2022 – 6/2023

Lead GDPR taskforce including coordinating teams, preparing and conducting workshops, preparing management decisions and providing checklists and best practices to teams including:
• Analysis of existing material and guidelines from central security
• Gap analysis
• Design and conduction of management workshops to raise awareness for GDPR
• Set up of a roadmap to be compliant with GDPR requirements before Go-Live
• Design and conduction of workshops on product level to asses GDPR status, clarify open questions, definition of next steps and clarification of (shared) responsibilities
• Creation of documentation blueprints and steps to perform to be able to fulfill:
o RoPA
o TOM
o Retention periods
o Technical requirements
o Data Subject Rights
o Deletion concept
• Analysis of created documentation from products, processing of results, support with steering team discussions and escalation processes

Datenschutz, Projektleitung / Teamleitung (IT)

9/2022 – offen

Reading lectures on specific security topics. Contact person for scientific questions. Proofreader for scientific papers

Cyber Security, Management-Informationssysteme, Enterprise Architect (EA), Ingenieurwissenschaft, Wirtschaftsinformatik

3/2022 – 11/2022

Development and implementation of an ISMS in accordance with TISAX requirements including:
• Assessment of security status and documentation
• Gap analysis
• Processing of TISAX requirements and derivation of necessary steps
• Analysis and editing of security policies
• Implementation of an ISMS in organization
• Creation of processes and documentation
• Readiness assessment
• Audit support

Informationssicherheit

3/2022 – 7/2022

Scrum project manager in science for following projects:
• Smart city project to detect traffic jams and accidents automatically with AI
• Smart railway project to improve time forecast for trains
• Internal railway infrastructure project to replace old and hardcoded codebase with object-oriented programming language and dynamic frontend

Ingenieurwissenschaft, Projektleitung / Teamleitung (IT), Projektmanagement (IT)

1/2022 – 6/2023

Design and implementation of a security strategy as part of a sales process redesign program involving 1.200 employees including:
• Definition of KPI’s and OKR’s
• Implementation and optimization of Quality Gates on platform level
• Recurring awareness sessions for different stakeholders (management, PO’s, security responsibles, …)
• Preparation and conduction of workshops for different purposes and audiences
• Analysis of existing security tools and AWS services
• Alignment of an appropriate security toolchain (BlackDuck, SecHub, Habor, AWS Services, …)
• Central cybersecurity communication and presentation support
• Development of central documentation strategy
• Creation of central documentation for everyone who wants to onboard on platform
• Moderation of regular security guild meeting including management of topics and guest speakers

Cloud (allg.), Amazon Web Services (AWS), Cyber Security, DevOps (allg.), Incident-Management, Programm-Management

3/2021 – 10/2021

Implementation and adaptation of the CyberArk solution to the existing infrastructure to secure privileged access (PAM) including:
• Creation and management of all accounts, safes & platforms of the acceptance environment via PVWA as well as Rest API
• Administration of CyberArk servers on infrastructure & OS level
• Execution of technical acceptance tests
• Monitoring of infrastructure components
• Documentation of processes, components & platforms

Access Management, Benutzerverwaltung, Berechtigungskonzept, Identitätsmanagement

4/2020 – 10/2020

Line support and consulting for Identity & Access implementation requests

Identitätsmanagement