Nov 2024 – Present · 1 yr 6 mos

• Electric Sheep, Encrypted Dreams: A Field Guide to Defending Humanity in the Age of Neuro-clouds, Quantum Hackers and Ethical Black Holes
• Beautiful Security - When Science Meets Cybersecurity
• AI Red Teaming - A Practical Guide to Safer AI
• Red Team Evaluation Framework - Sharpening the Spear
• Philosophy.exe - The Techno-Philosophical Toolkit for Modern Minds
• Navigating the Cyber Maze - Insights and Humor on the Digital Frontier

Sep 2023 – Present · 2 yrs 8 mos · Bielefeld, North Rhine-Westphalia, Germany · On-site

Nov 2022 – Present · 3 yrs 6 mos · Deutschland

• Supporting ECSO in the main target: Together for a strong European cyber community
• To support in archiving this goal, ECSO has already established at least 6 Working Groups and 9 initiatives.
• If you are a CISO in Germany and want to join an active group of like-minded CISOs from 27 member states, please do not hesitate to contact me.
• ECSO’s CISOs European Community (CEC)
• CISOs European Community is a place for information security leaders to exchange information, good practices, threat intelligence and to develop common positions of the practitioners in cybersecurity. CISOs already cooperate on a national, regional and sectorial level but often struggle to find peers from the other European countries. ECSO’s role is of a neutral intermediary that will help in conveying unified voice of practitioners towards other stakeholders in cybersecurity.

Jan 2022 – Sep 2023 · 1 yr 8 mos · Germany

• Information Security, Cybersecurity, OT Security

Jan 2021 – Dec 2021 · 11 mos · Germany

• Helping multiple companies with Information and Cybersecurity projects on a CISO level.

Jan 2020 – Dec 2020 · 11 mos · Nürnberg Area, Germany

• Responsible for global information security management system (ISMS) at Schaeffler
• Serving as Head of Information and Cyber Security, developing and implementing policies to support the maintenance of critical business strategies and processes within the organization
• Ensured compliance with Information Security policies (aligned to ISO 2700x series) and dealing with information security compliance requirements to VDA ISA (TISAX)

Nov 2015 – Jan 2020 · 4 yrs 2 mos · Lippstadt

• Responsible for global information security management program at HELLA
• Served as Head of Information Security Organization, developing and implementing policies to support the maintenance of critical IT and data management strategies and processes within the organization
• Provided executive support for the operational objectives of the security awareness program
• Oversaw the creation and maintenance of effective IT security strategies and policies to meet organizational and international standards
• Ensured compliance with IT Security policies and protocols (ISO 2700x series) and dealing with information security compliance to VDA
• Established global Cyber Security Program

Apr 2011 – Oct 2015 · 4 yrs 6 mos · Munich Area, Germany

• Led ICT Security management programs for foreign branches of UniCredit Bank AG in New York City, London, Singapore, Tokyo and Hong Kong
• Served as Team Lead for IT Security Governance and Operations, developing and implementing policies to support the maintenance of critical IT and data management strategies and processes within the organization
• Provided executive support for the operational objectives of the security awareness program
• Managed IT security assessments and investigations to quickly identify and remediate network security risks and potential data risks
• Oversaw the creation and maintenance of effective IT security strategies and policies to meet organizational and international standards
• Ensured compliance with IT Security policies and protocols (ISO 2700x series) including introducing an ISMS, and dealing with compliance issues including FSA, FFIEC, MaRISK, MAS, HKMA
• Delivered IT security consulting and cyber security workshops for major German private banks to develop standardized policies and frameworks for IT governance

Apr 2010 – Apr 2011 · 1 yr · Munich Area, Germany

• Provided oversight and management of the development and integration of IT Security strategies and standards
• Led the development and implementation of IT Security Policies, Guidelines and Standards to maintain comprehensive risk management protocols
• Managed the resolution of security issues and provided operational planning and support for the implementation of medium to large sized security projects
• Supervised the performance of penetration tests for Layer 2 Devices, Web application, Web Services, Wireless LANs, SAP Systems and Networks, established key performance standards and developed critical responses to identified security risks
• Planned and delivered regular IT Audits to ensure that all mission critical processes are consistently implemented
• Organized an interdisciplinary security council to ensure effective communication and dissemination of critical security information within the organization
• Established a computer emergency response team (CERT) to deal with IT security issues and developed IT Security courses and awareness programs to improve organizational network security systems

Mar 2008 – Apr 2010 · 2 yrs 1 mo · London, United Kingdom

• Managed the development and implementation of penetration testing, projects, providing leadership and oversight to team members in ensuring that all operational targets were consistently achieved
• Performed penetration testing for Layer 2 Devices, Web applications, Web Services, Wireless LANs, SAP Systems and Networks to proactively indentify and address potential data management risks
• Led operating system build reviews in Windows and Linux environments to create integrated risk management processes
• Implemented system hardening procedures for Linux, Windows and Solaris systems to meet CISecurity standards
• Led computer emergency response team in delivering rapid and effective resolution to all information security breaches, including serving as acting CERT manager for the European Space Agency
• Served as an external security consultant delivering presentations and recommendations on network security and penetration issues and providing risk management advice
• Produced Request for Penetration, Scope of Work and Statement of Work presentations for international companies, and provided risk management and network security services in Europe, North America and Asia
• Developed and implemented a security awareness program to provide for increased awareness of common network and data security risks within service environments

Nov 2004 – Feb 2008 · 3 yrs 3 mos · Munich Area, Germany

• Managed operational planning and activities for the penetration testing department, providing leadership and direction in the development and implementation of network security protocols
• Developed and facilitated IT Security courses and training on Data Privacy and Security, Cechkpoint, IDS/IPS, Antivirus security, Hacking and Compliance (BSI Grundschutz)
• Served as an external IT Security consultant of medium to large size companies in the areas of network and data risk management and security
• Delivered forensic analyses of IT Systems and performed network penetration testing to identify and solve network security gaps and provide for effective risk management
• Ensured effective critical incident response for computer and network emergencies, providing prompt identification and resolution of all data security breaches