IT/OT/IoT Cybersecurity Consultant / Developer / DevSecOps

1/2024 – 9/2024

- Developed the first compliance management software for IoT manufacturers to prepare of EU cybersecurity regulations (RED DA, CRA). Implemented automated security testing for the standard ETSI EN 303 645 & technical documentation generation.
- Proficient with CI/CD tooling, GitHub Actions, Linux server administration, containers development and orchestration (Docker), DevSecOps practices (eg, SAST tooling, container vuln. scanner)
- Solid development and software engineering skills: development in JavaScript, Python and Bash, API development & testing (Postman), configuration of proxies (Nginx), databases (MongoDB, PostgreSQL, SQLite3)

DevOps (allg.), Docker, Internet of Things (IoT), JavaScript, Mongodb, Nginx, Python, Representational State Transfer (REST), Test Automation, Ubuntu

5/2022 – 10/2023

In this position as a Senior Security Analyst at a global testing laboratory, I worked with international IoT manufacturers and performed security evaluations of their devices/products against security standards (e.g. ETSI EN 303 645, IEC 62443-4-2, ISO 21434, UL2900-2-x). I supported manufacturers to prepare for certification (IEC 62443-4-2), and also advised them on cybersecurity regulations (EU RED DA, the EU MDR, and the UK PSTI).

I played an active role in the global regulatory and standardization efforts. I contributed to the draft of the standards for the RED DA (EN 18031). I was also the Task Force leader of the TIC Council's Working Group on Artificial Intelligence testing.

Compliance management, Cyber Security, Ethical Hacking, Internet of Things (IoT), Penetrationstest

4/2017 – 3/2022

Conducted security research on automotive, development of intrusion detection systems for CAN bus.

Conducted vulnerability research on medical IoT devices. Found new vulnerabilities in devices, reported them to manufacturer.

Forschung & Entwicklung, Cyber Security, Internet of Things (IoT), Automotive Electronics