Cyber Security Architect

4/2017 – 12/2019

found in reference description 0
Lead architect for design and build of Office 365 / modern app cloud security; design of new IAM strategy based on Microsoft Identity platform
Client: international manufacturer of sports articles with HQ in Herzogenaurach (DAX)
- Design, PoC and introduction for multi-vendor conditional access for trusted managed devices to Office 365 (40.000 users: corporate iOS, macOS and Windows 7/10 devices) based on VMware Identity Manager, ADFS, Azure AD Premium, SCCM/GPO, JAMF Pro and VMware Workspace ONE UEM  user story presented on Microsoft Identity Customer Onsite Event London, 2019
- Development of global IAM roadmap & strategy (“IAM solution guide”) based on Microsoft Identity platform: design and piloting of secure app integration blueprints, includes secure and VPN-free access to on-prem web services
- Development of B2B strategy (access for external users to corporate apps) and support of Microsoft Teams PoC
- Design and preparation of global Azure MFA user enrollment (40.000 users)
- Strategy development of secure IAM for retail users on shared iOS devices
- Customer representation in regularly Microsoft Identity Onsite Events in London with the Microsoft Identity engineering team lead by Alex Simons

- Design, implementation and introduction of password less “MobileSSO” for Office 365 and other cloud services based on VMware Workspace ONE (Identity Manager) for corporate iOS devices (30.000 devices); pilot of “MobileSSO” for Android Enterprise
- Solution design and integration of Azure MFA for Citrix Web Frontend, Atlassian Jira/Confluence and other web-based services (secured by F5 BigIP)
- Design and implementation of MobileSSO for legacy Kerberos-based on-premises web services based on F5 BigIP APM
- Design and PoC of conditional access for macOS based on JAMF/Intune integration/Azure AD Premium
- PoC of Azure AD based SAML-Integration of Atlassian tools (Crowd, Jira and Confluence) incl. B2B support
- Design and PoC of Android Enterprise for corporate devices / BYOD, managed by VMware WSONE UEM
- PoC security key authentication to Azure AD (FIDO2, incl. Hybrid Azure AD Join)
- Design strategy to eliminate legacy auth to Office 365 services, build reports to monitor progress (Azure Log Analytics, Power BI)

Projektmanagement (IT), System Architektur, Microsoft Office 365

3/2015 – 3/2017

Lead Architect for design and build of international Enterprise Mobility Services “powered by AirWatch”
Client: Insurance, international, HQ Munich (DAX)
- Analyze mobile use cases and operation models (COBO/COPE/BYOD)
- Evaluate mobile platforms iOS, Android und Windows 10 Mobile for use cases
- Develop evaluation criterias and shortlist EMM solution
- Installation PoCs with VMware AirWatch, Good Dynamics and Citrix XenMobile
- Design & implementation of AirWatch system for 40.000 iOS devices
- Security concepts COBO/COPE/BYOD for iOS, Android & W10M
- Design of S/MIME gateway (in cooperation with VMware), implementation of automatic deployment and management of user certificates through self-service portal
- Implementation of certificate-based authentication to Exchange 2007/2013 ActiveSync (KCD)
- Implementation of cert-based SSO to Intranet services
- Mobile access to VDI (Citrix XenApps)
- Design of load balanced environment/HA (sizing for 40.000 devices)
- Design of AirWatch migration to new datacenter
- data leakage prevention concept for mobile usage of Office 365
- Performing AirWatch upgrades up to version 9.0.1 and training of international operations team
- Blueprint of MobileSSO for iOS based on VMware Identity Manager

Projektmanagement (IT), System Architektur, Vmware, Microsoft Office 365