26.11.2025 aktualisiert
verifiziert
Premiumkunde
100 % verfügbarInterim CIO/CISO, IT/ICS/OT and Cyber Security Consultant, ISO 27001 Auditor, Pentester
Boostedt, Deutschland
Weltweit
-Skills
IT SecurityCyber securityPenetration TesterThreat IntelligenceCISOLinuxISMSInformationssicherheitSIEMICS/SCADA CybersecuritySecurity Operations Center
With over 20 years of experience in IT/OT and Cyber Security, I bring extensive knowledge and hands-on expertise to my work. As a CISO, CIO, and technical expert, I have successfully implemented numerous projects while supporting organizations across industries such as energy, healthcare, government, and defense. My focus lies in implementing robust security measures, ensuring regulatory compliance, and leading high-performing teams.
My Competencies
• Information Security Management: As a CISO/CIO, I have built and managed ISMS structures compliant with ISO 27001, IEC62443 and other regulations, developed security strategies for various organizations.
• KRITIS and Regulatory Compliance: I have deep expertise in implementing requirements under BSI-KritisV and §8a BSIG, including system hardening based on DISA STIGs, BSI Grundschutz, NIST, CIS and others.
• Architecture and Infrastructure: I design and optimize IT and OT architectures for high-security environments, from network zones and data centers to cloud solutions like Azure, Amazon AWS, and Google Cloud.
• Governance, Risk, and Compliance (GRC): My work includes conducting risk assessments, managing audits, and developing strategies to mitigate risks effectively.
• Penetration Testing and Vulnerability Management: I conduct regular security assessments and tests—both white-box and black-box—using tools like QualysNessus, Burp Suite Pro, Metasploit, and OpenVAS. I also develop custom exploits and automated testing processes for IT, OT, and ICS systems.
• Incident Response and Forensics: I support organizations in identifying and resolving security incidents and conduct thorough analyses to develop sustainable solutions.
Technical Expertise
• Security Solutions: Proficient with Cisco, Palo Alto, and Fortinet firewalls, SIEM tools (e.g., Logrhytm, Wash, ElasticSearch, Splunk), and advanced Web Application Firewalls.
• Operating Systems: Comprehensive knowledge of Linux (RHEL, Debian, SUSE), Windows Server (NT to 2025), and Unix (Solaris, HP-UX).
• Virtualization and Automation: Extensive experience with VMware ESXi, Proxmox, and automation tools like Ansible and Puppet.
• Programming and Scripting: Skilled in Python, Bash, PowerShell, and Ruby, especially for automation and security tool development.
• Databases and Web Technologies: Expertise in SQL databases and web server administration (Apache, Nginx, IIS).
Key Achievements
• KRITIS Certification: Successfully guided organizations in achieving and maintaining KRITIS and ISO 27001 certifications, particularly in the energy sector.
• Global Project Leadership: Managed IT infrastructures supporting over 15,000 users and 3,000 applications, addressing high complexity and security requirements.
• Penetration Testing Innovations: Developed proprietary scripts and methodologies to identify and exploit vulnerabilities in complex IT/OT ecosystems.
• Business Continuity Management (BCM)
Sprachen
DeutschMutterspracheEnglischverhandlungssicher
Projekthistorie
* Ensuring compliance with the IT security catalog in accordance with Section 11 (1a) of the Energy Industry Act
* Securing critical infrastructures in accordance with BSIG Section 8a (KRITIS) in general
* Ensuring the operation of an "attack detection system" (SzA) in accordance with EnWG and BSIG
* Coordination of services and third-party companies that provide work and services for the operation, maintenance and repair of the LNG terminals
* responsible for the quality assurance, control and further development of the entire IT/OT and communication infrastructure
* control and monitoring systems for the gas send-out of the FSRU, the high-pressure loading arms in the jetty pipeline and the gas transfer station, the commercial IT systems with an Internet connection for rolling planning
* responsible of systems for handling LNG cargos and the systems for onward transportation of natural gas as well as the commercial systems are also part of the area of responsibility
* Managing all internal and external system services
* Establishing data analytic exchange for external parties
* Securing critical infrastructures in accordance with BSIG Section 8a (KRITIS) in general
* Ensuring the operation of an "attack detection system" (SzA) in accordance with EnWG and BSIG
* Coordination of services and third-party companies that provide work and services for the operation, maintenance and repair of the LNG terminals
* responsible for the quality assurance, control and further development of the entire IT/OT and communication infrastructure
* control and monitoring systems for the gas send-out of the FSRU, the high-pressure loading arms in the jetty pipeline and the gas transfer station, the commercial IT systems with an Internet connection for rolling planning
* responsible of systems for handling LNG cargos and the systems for onward transportation of natural gas as well as the commercial systems are also part of the area of responsibility
* Managing all internal and external system services
* Establishing data analytic exchange for external parties
Erbringen von IT-Dienstleistungen und IT-Sicherheitsdienstleistungen aller Art
* Establishing and maintaining a comprehensive IT security management system (ISMS) in
accordance with applicable standards (e.g., ISO/IEC 27001, NIST).
* Ensuring the information security of all IT systems and platforms, especially to sensitive data
to members, sections, and partners.
* Advising the management on all matters relating to information security and emerging
technological risks.
* Ensuring compliance with regulatory requirements and standards for IT security.
* Responsibility for IT security-related systems, applications, and services such as vulnerability
scanning, penetration tests, firewalls, IDS/IPS, patch management, forensics,
EDR/XDR/SOAR, SIEM & SOC, PAM, IAM, etc.
* Developing and implementing the security strategy in line with the DAV's goals and values.
* Formulating and maintaining security guidelines, procedures, and standards.
* Creating emergency plans and conducting regular risk analyses.
* Monitoring IT systems and networks for security incidents.
* Management and control of IT security projects.
* Leadership of incident response teams in the event of security incidents.
* Conducting training courses for full-time and volunteer employees on IT security issues.
* Communicating the importance of security measures at all levels of the association.
* Coordinating with external IT service providers and security consultants.
* Assisting in the drafting of contracts with service providers to security requirements.