IT/OT/IoT Cybersecurity Consultant / Developer / DevSecOps

1/2024 – 6/2024

- Developed the first compliance management software for IoT manufacturers to prepare of EU cybersecurity regulations (RED DA, CRA). Implemented automated security testing for the standard ETSI EN 303 645 & technical documentation generation.
- Proficient with CI/CD tooling, GitHub Actions, Linux server administration, containers development and orchestration (Docker), DevSecOps practices (eg, SAST tooling, container vuln. scanner)
- Solid development and software engineering skills: development in JavaScript, Python and Bash, API development & testing (Postman), configuration of proxies (Nginx), databases (MongoDB, PostgreSQL, SQLite3)

Testautomatisierung, DevOps (allg.), Docker, Internet of Things (IoT), JavaScript, MongoDB, NginX, Python, Representational State Transfer (REST), Ubuntu

5/2022 – 10/2023

In this position as a Senior Security Analyst at a global testing laboratory, I worked with international IoT manufacturers and performed security evaluations of their devices/products against security standards (e.g. ETSI EN 303 645, IEC 62443-4-2, ISO 21434, UL2900-2-x). I supported manufacturers to prepare for certification (IEC 62443-4-2), and also advised them on cybersecurity regulations (EU RED DA, the EU MDR, and the UK PSTI).

I played an active role in the global regulatory and standardization efforts. I contributed to the draft of the standards for the RED DA (EN 18031). I was also the Task Force leader of the TIC Council's Working Group on Artificial Intelligence testing.

Compliance management, Cyber Security, Ethical Hacking, Internet of Things (IoT), Penetrationstest