Schlagwörter
Skills
- ISMS ISO 27001 Lead Auditor
- TISAX, NIS2, BSI IT-Grundschutz, DORA, BAIT, BSIG KRITIS
- CISO & ISB
- Application Security OWASP
- Secure Development Lifecycle (SDL)
- Cloud Security
- DevSecOps
- Secure CI/CD Pipeline
- Vulnerability and Patch Management
- Bug Bounty Program
- Data Loss Prevention
- Informationssicherheit
- Sicherheitsmanagement
- Schwachstellenbewertung
- Zugriffssteuerung
- Sicherheitsmaßnahmen
- Unternehmenssicherheit
- Enterprise Risk Management
- Incident Management
- Penetration Testing
- Betriebliches Kontinuitätsmanagement
- Informationssicherheitsmanagement
- Cloud-Computing
- Microsoft Azure
- Amazon Web Services (AWS)
- Android
- iOS
- Team Lead
- Incident Response
- Sicherheitsberatung
- Information Security Management System (ISMS)
- Business Impact Analysis
- Application Security
- Cloud Security
- ISMS Lead Auditor nach ISO 27001
- BSI IT-Grundschutz
- TISAX
- Threat Modeling
- Business Continuity Management
- Compliance
- Security Development Lifecycle
- ISO 27034
- TISAX
- Forensic
- KRITIS
- Security Code Review
- Container Security
- Kubernetes
- Mobile Security
- ISO 22301
- Identity and Access Management (IAM)
- Risk Analysis
- DevSecOps
- Awareness
- Security Information and Event Management (SIEM)
- Code-Review
- Google Cloud
Projekthistorie
Zertifikate
Zusätzliche Prüfverfahrens-Kompetenz für § 8a (3) BSIG
ISACA
2022
Betrieblicher Datenschutzbeauftragter (IHK)
IHK
2021
ISO 27001 Lead Auditor
TÜV Rheinland
2019
Reisebereitschaft
Weltweit verfügbar
Sonstige Angaben
- Senior Manager - Information Security Consulting - CISO - ISO 27001 Lead Auditor - B3S Auditor - BSI IT-Grundschutz - KHZG Establishing information security is like conducting an orchestra.
Book Author – Cloud Security in AWS & Azure
Talks about #kritis, #security, #ransomware, #cyberattack, and #cybersecurity
Top Information Security Skills
Application &
Infrastructure Security
Patch & Vulnerability Management • Penetration Testing • OWASP M/ASVS & MSTG • Security Development Lifecycle • Threat Modeling • Threat Analysis • DevSecOps • DAST • Keys & Secrets Management • Static Source Code Analysis • CWE • Dependency-Checks • Container-Scanning • Bug Bounty Program • SIEM • Security Monitoring • CIS-Benchmarks & Compliance • ISO 27034 • Container • Kubernetes • OpenShift • Secure CI/CD Pipeline • Mobile Security • IoT Security • Web Application & API • Secure Architecture • Deployment Hardening • Logging, Monitoring & Alerting • SIEM & SOAR • SOC – Security Operation Center as a Service • EDR • NDR • oAuth2 • Zero Trust • Endpoint Security • Mobile Device Management • WAF
Information Security Management & Data Privacy
Interim CISO & DPO • ISO 27001 Lead Auditor • BSI IT-Grundschutz • BAIT • SO2 • TISAX • KRITIS • B3S • GDPR • DSGVO • HIPAA • Governance • Program & Project Management • Strategy • Concept • Business Impact Analysis • ISMS Audit & Gap Analysis • Certification • Data Classification – Risks, Requirements and Controls • Data Loss Prevention (DLP) • Asset Management • Risk Assessment • KPIs • IAM • Monitoring • Compliance • Intern Reviews • Operation • Incident Response • Security Awareness • Phishing Campaign • Business Continuity Management System • Disaster Recovery Process • Supplier Relationship Security: Information Security Requirements for Suppliers, Hosting, Software and Hardware as well as for Outsourcing Software Development
Risk Management & Threat Modeling
Risk Analysis • Risk Assessment • Risk Threatment Plan • ISO 27005 • IEC 80001 • Business Impact Analysis • Threat Modeling • STRIDE
Cloud Security
Migration Projects • Posture Management • Identity Protection • Zero Trust • Single-Sign-on • SIEM • Security Audit • Multi-Factor-Authentication • AWS • Azure • Office365 • Licensing • Amazon AWS • IAM • Hardening • Alerting & Reporting • Security & Licensing • CIS Benchmarks • Cloud Conformity
Incident Response & Forensics
Forensics • Crisis Communication • Threat Hunting • IT Fraud • SOC & Threat Intelligence • CEO Fraud • Ransomware • Cryptojacking • Phishing • Log Analysis • Memory Analysis • File System Analysis • SIEM & SOAR • SOC – Security Operation Center as a Service • EDR • NDR • Cloud Forensics • Azure • Office365 • Short-term Security Measures • Long-term Risk Mitigations • Crisis Exercise
Book Author – Cloud Security in AWS & Azure
Talks about #kritis, #security, #ransomware, #cyberattack, and #cybersecurity
Top Information Security Skills
Application &
Infrastructure Security
Patch & Vulnerability Management • Penetration Testing • OWASP M/ASVS & MSTG • Security Development Lifecycle • Threat Modeling • Threat Analysis • DevSecOps • DAST • Keys & Secrets Management • Static Source Code Analysis • CWE • Dependency-Checks • Container-Scanning • Bug Bounty Program • SIEM • Security Monitoring • CIS-Benchmarks & Compliance • ISO 27034 • Container • Kubernetes • OpenShift • Secure CI/CD Pipeline • Mobile Security • IoT Security • Web Application & API • Secure Architecture • Deployment Hardening • Logging, Monitoring & Alerting • SIEM & SOAR • SOC – Security Operation Center as a Service • EDR • NDR • oAuth2 • Zero Trust • Endpoint Security • Mobile Device Management • WAF
Information Security Management & Data Privacy
Interim CISO & DPO • ISO 27001 Lead Auditor • BSI IT-Grundschutz • BAIT • SO2 • TISAX • KRITIS • B3S • GDPR • DSGVO • HIPAA • Governance • Program & Project Management • Strategy • Concept • Business Impact Analysis • ISMS Audit & Gap Analysis • Certification • Data Classification – Risks, Requirements and Controls • Data Loss Prevention (DLP) • Asset Management • Risk Assessment • KPIs • IAM • Monitoring • Compliance • Intern Reviews • Operation • Incident Response • Security Awareness • Phishing Campaign • Business Continuity Management System • Disaster Recovery Process • Supplier Relationship Security: Information Security Requirements for Suppliers, Hosting, Software and Hardware as well as for Outsourcing Software Development
Risk Management & Threat Modeling
Risk Analysis • Risk Assessment • Risk Threatment Plan • ISO 27005 • IEC 80001 • Business Impact Analysis • Threat Modeling • STRIDE
Cloud Security
Migration Projects • Posture Management • Identity Protection • Zero Trust • Single-Sign-on • SIEM • Security Audit • Multi-Factor-Authentication • AWS • Azure • Office365 • Licensing • Amazon AWS • IAM • Hardening • Alerting & Reporting • Security & Licensing • CIS Benchmarks • Cloud Conformity
Incident Response & Forensics
Forensics • Crisis Communication • Threat Hunting • IT Fraud • SOC & Threat Intelligence • CEO Fraud • Ransomware • Cryptojacking • Phishing • Log Analysis • Memory Analysis • File System Analysis • SIEM & SOAR • SOC – Security Operation Center as a Service • EDR • NDR • Cloud Forensics • Azure • Office365 • Short-term Security Measures • Long-term Risk Mitigations • Crisis Exercise