07.08.2024 aktualisiert
100 % verfügbar
IT-Sicherheit, Risiko-Management, Auditing, Compliance, Datenschutz
Berlin, Deutschland
Deutschland
Master of Information TechnologySkills
2020: Successfully completed ISO/IEC 27001 compliance within 7 months and moved organisational processes and procedures from CMM 0-1 to CMM 2-3.
2022: Completed an ISO 27001:2013 implementation for an international client.
Currently ISMS ISO 27001 implementor lead, CISO and Senior Cyber Risk Consultant.
---
Information Security
ISO27001, TISAX Certification process
ISMS Management
Security awareneness training
Policies, Procedures, Guidelines
GRC (Governance, Risk, Compliance)
Networking (VLAN, Firewalls, VPNs, etc)
Access Control and Access Management
Cloud / Google, AWS - EC2, Cloudwatch
SIEM (Elastic, Logstash, Kibana, etc) and logging
Splunk and logging
Penetration Test and Vulnerability Management
Secure Systems Engineering principles
ISO 27001 Lead Implementor
Knowledge in ISO 27001
Knowledge of GDPR
---
Networking:
CompTIA Network+ Certification (until February 2021)
Secure file transfer protocols (SFTP, FTPS, FTP, WebDAV for Sharepoint)
---
Auditing/Compliance - Log Collection and SIEM (Security Information and Events Management):
Secure log collection and log management concepts in relation to information security.
Secure file transfer concepts for auditing and compliance
Integrations with Rapid 7 InsightIDR, Splunk, ELK (Elastic Search, Logstash, Kibana, Beats), ArcSight, QRadar
GPG13, FIPS 140-2, HIPAA, ISO series, file integrity monitoring.
---
Technical Writing and Documentation:
Working with developers to create usable documentation aimed at a technical audience
Development of articles, whitepapers, blog posts, video scripts, and other content
Documentation tools - RST, Sphinx, adoc
Writing of a SIEM and log collection eBook
SOPs
---
Windows and Linux administration:
Windows Server administration
Windows log collection including IIS, Event Log, ETW, Windows DNS Server, Registry Monitoring, Active Directory
Windows log collection and hardening
Linux log collection and hardening
---
Project Management Tools:
Version Control – Git, Gitlab, Github
Tools – Mattermost, Slack, IRC, Trello, Kanban
Concepts – Scrum, Agile
Ability to work remotely with teams and in an international environment
---
QA/Technical Support tools such as:
OS - Windows, Linux, MacOS, ChromeOS
Remote monitoring and troubleshooting tools – ScreenConnect, TeamViewer
Software testing and QA (manual)
2022: Completed an ISO 27001:2013 implementation for an international client.
Currently ISMS ISO 27001 implementor lead, CISO and Senior Cyber Risk Consultant.
---
Information Security
ISO27001, TISAX Certification process
ISMS Management
Security awareneness training
Policies, Procedures, Guidelines
GRC (Governance, Risk, Compliance)
Networking (VLAN, Firewalls, VPNs, etc)
Access Control and Access Management
Cloud / Google, AWS - EC2, Cloudwatch
SIEM (Elastic, Logstash, Kibana, etc) and logging
Splunk and logging
Penetration Test and Vulnerability Management
Secure Systems Engineering principles
ISO 27001 Lead Implementor
Knowledge in ISO 27001
Knowledge of GDPR
---
Networking:
CompTIA Network+ Certification (until February 2021)
Secure file transfer protocols (SFTP, FTPS, FTP, WebDAV for Sharepoint)
---
Auditing/Compliance - Log Collection and SIEM (Security Information and Events Management):
Secure log collection and log management concepts in relation to information security.
Secure file transfer concepts for auditing and compliance
Integrations with Rapid 7 InsightIDR, Splunk, ELK (Elastic Search, Logstash, Kibana, Beats), ArcSight, QRadar
GPG13, FIPS 140-2, HIPAA, ISO series, file integrity monitoring.
---
Technical Writing and Documentation:
Working with developers to create usable documentation aimed at a technical audience
Development of articles, whitepapers, blog posts, video scripts, and other content
Documentation tools - RST, Sphinx, adoc
Writing of a SIEM and log collection eBook
SOPs
---
Windows and Linux administration:
Windows Server administration
Windows log collection including IIS, Event Log, ETW, Windows DNS Server, Registry Monitoring, Active Directory
Windows log collection and hardening
Linux log collection and hardening
---
Project Management Tools:
Version Control – Git, Gitlab, Github
Tools – Mattermost, Slack, IRC, Trello, Kanban
Concepts – Scrum, Agile
Ability to work remotely with teams and in an international environment
---
QA/Technical Support tools such as:
OS - Windows, Linux, MacOS, ChromeOS
Remote monitoring and troubleshooting tools – ScreenConnect, TeamViewer
Software testing and QA (manual)
Sprachen
DeutschgutEnglischMuttersprache
Projekthistorie
* Protected systems by defining access privileges, control structures and resources in line with GDPR/DSVGO requirements.
* Developed mitigation strategies and controls to reduce overall risk.
* Coordinated and performed information security inspections, tests and reviews.
* Define and refine the cyber incident response plan, BCP and DRP.
* Led the internal and external Information Security compliance audits and assessments
* Participate in deployment of security technologies and program enhancements across endpoints and networks.
* Develop, maintain information security management framework (ISMS) according to ISO27001 standards.
* Define, refine and maintain information security policies and procedures.
* Perform technical assessments and triage security testing results.
* Develop the physical security policy, and procedures.
* Develop and manage information security and privacy awareness program.
* Conduct hardware and software implementations and updates for information systems.
* Ensure information security risk controls are implemented and appropriately monitored throughout systems lifecycle.
* Implement and manage endpoint security.
* Monitored reports, systems, logs and alerted for suspicious activity.
* Developed mitigation strategies and controls to reduce overall risk.
* Coordinated and performed information security inspections, tests and reviews.
* Define and refine the cyber incident response plan, BCP and DRP.
* Led the internal and external Information Security compliance audits and assessments
* Participate in deployment of security technologies and program enhancements across endpoints and networks.
* Develop, maintain information security management framework (ISMS) according to ISO27001 standards.
* Define, refine and maintain information security policies and procedures.
* Perform technical assessments and triage security testing results.
* Develop the physical security policy, and procedures.
* Develop and manage information security and privacy awareness program.
* Conduct hardware and software implementations and updates for information systems.
* Ensure information security risk controls are implemented and appropriately monitored throughout systems lifecycle.
* Implement and manage endpoint security.
* Monitored reports, systems, logs and alerted for suspicious activity.