Description

Technical expert with experience over 20 years in IT/OT/Cyber Security, a comprehensive knowledge of Computer Information System Security, System Administration and Network Operations, Datacenter Operations and Project- Management. Extensive knowledge in the areas of system security, vulnerability scanning, penetration testing, risk assessment and cyber security analysis. Experienced in leadership management over 10 years with a team up to 25 members, project coordination and system implementation of Government systems, telecommunication and complex, secured computer networks. Security clearance (German Ü2/Ü3) is possible, if needed. Highly organized team player with the ability to effectively manage project milestones and project delivery. International work and leadership experience.

Industry field of expertise

Languages

German
Native or bilingual
English
Fluent

Workplace preferences

Can work on-site

Boostedt (up to 50km), Federal Republic of Germany (up to 50km)

Jung Security GmbH
Geschäftsführer & Gesellschafter / CEO
DIGITAL AND IT
August 2022 - Today (3 years and 9 months)
Boostedt, Germany
CIO and CISO as a Service
Offensive Security services (Penetration Testing, Vulnerability Scanning and Red Teaming)
Support in ISO 27001 ISMS & IEC 62443 topics (Gap and risk analysis, policy handling, documentation, stakeholder management, improvement, ...)
Security Operations
IT-/OT- and Cybersecurity Projects
Penetration Testing CISO ISO 27001 Lead Auditor Offensive Security IT-Security
Nordex Energy SE & Co. KG
Senior OT Cyber Security Specialist
ENERGY AND UTILITIES
October 2021 - November 2022 (1 year and 2 months)
Hamburg, Germany
- Professional management and responsibility for Global Cyber Security of a 4 FTE Cyber Security team in Service, Germany
- Lead a virtual team and coordinate project activies i.e. ISO 27001 ISMS / IEC 62443
- Stakeholder management
- Preparation for ISO/IEC recertification and ensure compliance with ISO/IEC standards and other Governmental/Legal regulations
- Planning, implementation and further development of OT Cyber Security strategies for Security Incident and Event Management, Monitoring, Patch-/Update- and Vulnerability Management
- Perform security assessment on Windows/Linux operating system, and VMware, Citrix + Microsoft Hyper-V environments

- Investigate new and emerging security threats against internal/external Network Infrastructure and interconnected systems
- Coordination, identification and analyses of Cyber Security incidents and development of countermeasures
- Ensuring the operation of an "attack detection system" (SzA / Systeme zur

Angriffserkennung im Bereich OT und IT-Infrastruktur) in accordance with EnWG and BSIG
- Implementation and maintaining infrastructure with Cisco Firewalls, HP Aruba, Fortigate Firewalls/Switches, PaloAlto, Sonicwall, Checkpoint, FireEye EX/NX/HX, Barracuda and in combination with Azure Security functions (M365 Defender, Sentinel, etc).

- Optimization of network segments and vWAN segments to/from Microsoft Azure into internal infrastructure areas
- Optimization of Microsoft Azure Security plattform (Azure E5 Security, Microsoft Defender for Security, Azure Sentinel (SIEM/SOAR), Azure Monitor Logs, Azure Dev/Test Labs, Azure Active Directory (AAD)/Entra ID, Conditional Access, MFA/2FA)
- Development of processes, methods and tools to detect anomalies
- Blackbox- & White-box penetration tests

- Security validation and verification (SVV3+4) acc. IEC 62443

- Led complex IT/OT projects in critical infrastructure (KRITIS) with a focus on stringent security and compliance requirements
PenTest Incident Management Cyber Security Strategy Security Operations Center (SOC) Management
Nordex SE
IT Security Specialist / Information Security Officer
ENERGY AND UTILITIES
January 2019 - September 2021 (2 years and 9 months)
Hamburg, Germany
- Planning, implementation and further development of IT security systems
- Standardization of network schemes/designs in the IT and OT wind energy sector
- Lead a virtual team and coordinate project activies i.e. ISO 27001 ISMS / IEC 62443
- Design, modeling, implementation and documentation of information security management systems (ISMS management, guidelines, processes and procedures) according to ISO 27001, KRITIS and BSI Grundschutz/BSI Grundschutzkompendium

- Ensuring the operation of an "attack detection system" (SzA / Systeme zur
Angriffserkennung im Bereich OT und IT-Infrastruktur) in accordance with EnWG and BSIG
- Coordination and analysis of incoming security incident reports
- Establishment of a Computer Emergency Response Team
- Blackbox- & White-box penetration tests
- Security validation and verification (according to SVV1-4) acc. IEC 62443
- Project management
- Implementation and coordination of security recommendations based on non-conformities in the area of LAN/WAN, SCADA, IT & OT Wind turbine systems and encryption
- Design/modeling of IT security networks zones & systems including automated vulnerability analysis/scans
- Management and administration of IT security systems to detect malware/ransomware and anomalies in network and web/mail traffic
- Implementation and maintaining infrastructure
- Optimization of network segments and vWAN segments
- Optimization of Microsoft Azure Security plattform (Azure E5 Security, Microsoft Defender for Security, Azure Sentinel (SIEM/SOAR), Azure Monitor Logs, Azure Dev/Test Labs, Azure Active Directory (AAD)/Entra ID, Conditional Access, MFA/2FA)
- Regular audits (On-premise IT/OT, Azure)
- Application Management & Security Compliance

- Led complex IT/OT projects in critical infrastructure (KRITIS)
- Coordinated cross-functional teams and ensured timely, on-budget project delivery
ISO 27001 Lead Auditor IEC 62443 Full Stack Developer Pentester KRITIS