Senior Cybersecurity Consultant

10/2023 – 12/2023

SME for Security Architecture in the SAFE landscape performing analyses of security status on ART level and development of security architecture artefacts on Capability, Large Solution and Platform level including:
Analysis of the DevSecOps process in all ARTs of a digitalization department
Identification of decision points for security issues in the DevSecOps process
Analysis of the decision levels in the SAFe framework (products, ARTs, solution, portfolio)
Analysis of decision-making bodies and participants
Alignment of architecture and security artefacts on all levels
Analysis of overlaps between architecture and security artefacts
Identification of decision points for Architecture topics
Analysis of decision levels in the SAFe framework (products, ARTs, solution, portfolio).
Analysis and linking to the Domain Model / Architecture Target Landscape
Depiction of the dependencies between architecture and IT security
Development of security guidelines for architecture, etc.
Creation of result and management presentations

Enterprise Architect (EA), Solution Architektur

4/2023 – 12/2023

Creation and implementation of processes including:
• Analysis of existing policies, security standards and blueprints
• Interviews with different stakeholders to evaluate security status in products to adapt project plan
• Gap analysis
• Adapting of project plan based on risk assessment and gap analysis. Priorizitation by using OWASP Top 10 Cybersecurity risks as a reference
• Support with moving legacy application to cloud (AWS)
• Development of secure coding guidelines, static code analysis and dynamic code analysis by using different tools (SonarQube, BlackDuck, Prisma, …)
• Communication interface between development teams and central cybersecurity (business- and operations side)
• Conducting of workshop to raise awareness on team level and sharpen understanding of responsibilities
• Development of shared responsibilities and RACI-matrix
• Improvement of security standards and blueprints including feedback loops from development teams and central cybersecurity
• Plan and implementation of suitable knowledge management
• Roll-out of new standards, processes and blueprints and enabling of development teams for following topics (excerpt):
o User Access Management
o Vulnerability Management
o Incident Management
o Asset Management
o Hardening
o Backup & Recovery
o Patch Management
o Logging and Monitoring
o Data protection
• Presentation of results on management level to raise awareness about security status

Access Management, Amazon Web Services (AWS), Back up / Recovery, Benutzerverwaltung, Berechtigungskonzept, Cloud (allg.), Cyber Security, Incident-Management, Projektleitung / Teamleitung (IT), Prozessmanagement

10/2022 – 6/2023

Lead GDPR taskforce including coordinating teams, preparing and conducting workshops, preparing management decisions and providing checklists and best practices to teams including:
• Analysis of existing material and guidelines from central security
• Gap analysis
• Design and conduction of management workshops to raise awareness for GDPR
• Set up of a roadmap to be compliant with GDPR requirements before Go-Live
• Design and conduction of workshops on product level to asses GDPR status, clarify open questions, definition of next steps and clarification of (shared) responsibilities
• Creation of documentation blueprints and steps to perform to be able to fulfill:
o RoPA
o TOM
o Retention periods
o Technical requirements
o Data Subject Rights
o Deletion concept
• Analysis of created documentation from products, processing of results, support with steering team discussions and escalation processes

Datenschutz, Projektleitung / Teamleitung (IT)