Skills
SSL / TLS
IT Security
IPSec
IT-Support
2nd & 3rd Level Support
Active Directory
Network-Security
Demilitarized Zone (DMZ)
Information Security
Windows 10
VPN (Virtual Private Network)
TCP/IP
SAP Security (SNC)
IT-Governance
SSH (Secure Shell)
SQL
IT Security
IPSec
IT-Support
2nd & 3rd Level Support
Active Directory
Network-Security
Demilitarized Zone (DMZ)
Information Security
Windows 10
VPN (Virtual Private Network)
TCP/IP
SAP Security (SNC)
IT-Governance
SSH (Secure Shell)
SQL
Projekthistorie
5/2017 – 12/2018 BASF SE
PKI Solution Architect
- Analyzing PKI enabled Application requirements in regards to PKI components (CAs, OCSP, Active Directory, Smart Card, HSM SafeNet, Windows 10, TPM)
- Translating architecture in a Technical Design Document
- Implementation Coordination
- Environment with 120,000 Users
- Project Management
3/2018 – 9/2018 KfW Bank
PKI Consultant
Tasks:
- Involved in PKI product/component selection
- Advise on PKI architectural topics
- Product Evaluation
- Cooperation in PKI-Process Definition
- Cooperation in CP/CPS definition
- Cooperation in PKI architecture redesign
5/2017 – 2/2018 adidas AG
PKI Expert for SHA-1 to SHA-2 Migration
- PKI Migration Coordination
- Change Management
- Migration plan definition
- Support for PKI Application Migration (Windows/MacOS, Mobile Device, VPN Gateway, Load balancer, Venafi Trust Protection Platform for SSL certificate management, SafeNet HSM)
- Creating PKI Process and Operation Guidance
10/2016 – 12/2017 Frankfurt Exposition and Trading Fair GmbH
PKI Architect
Design and Implementation of a new PKI infrastructure and migration of existing services into the new Public Key Infrastructure.
The migration concept has been written by me and was reviewed by a third party, which approved it.
3/2016 – 12/2016 Commerzbank AG
IT Security Specialist Encryption
The project "Encryption" was initiated following an audit by the Federal Financial Supervisory Authority (BaFin).
Scope of the project was to enforce the use of state-of-the-art encryption algorithms to secure communication channels between applications and datacenters.
Task:
- Analysis and support in implementing requested security protocol
- Risk, effort, cost estimation and tracking of tasks
- Implementation Review
Individual task description:
- Is-Situation analysis: Reviewing application of concern with
respect of interfaces in use and implementation of current
cryptography protocols
- Support by evaluating alternative implementation option, where required
- Technical coordination with stakeholders and support by evaluating effort required for SSL/TLS implementation
- Supervision and tracking of tasks (SSL/TLS Configuration, Cipher-Suites, Web Server configuration, HTTP-Protocol)
- Advise/Recommendation for Proposal toward Management of Program IT-Governance
Individual Skills:
- Expert knowledge in cryptography protocol (SSL/TLS; Cipher-Suites; SSH; IPSec; VPN etc...)
- Good knowledge of state-of-the-art encryption method and technology
- Experience in project coordination
Must-have Qualification:
- Encryption (SSL;TLS)
- IT Governance
- HTTP
- Project Management;
- IT Security
7/2015 – 2/2016 Deutsche Bank AG
Tech. Experte in Cyber Security Engineering / dbSmartcard & dbFSE (DB File Serve
Techn. Expert for 3rd Level Support in CISO Department - PKI:
- PKI
- Smartcards
- Encryption
- Access Management
- Database Know How (DB2, SQL, Host)
- IT-Compliance
- Digital Certificate
- SafeGuard LAN Crypt
12/2014 – 1/2015 Messe Frankfurt
PKI Consultant
Concept design for a Public Key Infrastructure migration:
- PKI Design
- Root CA
- Sub CA
- OCSP/CRL
- HSM
- CP/CPS
- Review of PKI enabled applications
- Migration: Single-Sign-On for SAP Secure Login Backend-System
11/2014 – 12/2014 Bundesrepublik Deutschland Finanz Agentur GmbH
PKI Specialist for NAC Troubleshooting
802.1x Authentication troubleshooting in LAN for NAC (Network Access Control):
Task:
- NAC Server Policy Analysis
- RADIUS Server Configuration Analysis
- PKI Implementation review
- Configuration review and correction of Network Group Policy for 802.1x Authentication
10/2014 – 6/2015 Arvato System GmbH
PKI Expert
Customer support in project elektronic Health Card, supervised by Gematik (Gesellschaft für Telematikanwendungen der Gesundheitskarte mbH). Following tasks was scope of project:
- Technical implementation of requirements for the operation of a complex Public Key Infrastructure (PKI). This included the integration and configuration of several CVC and Root-CAs as well as several Hardware Security Modules (HSMs).
- Process documentation in German language
- Technical advice and support for customer's teams in particular the "Technical Solution Manager" in regard of connectivity of the Public Key Infrastructure with Thales Hardware Security Module (HSM).
- Know-How transfer through workshops:
HSM Concept: Configuration and Operation
10/2011 – 9/2014 SAP AG - Walldorf
PKI Expert
Project: Design, implementation and operation of a Global AD integrated Public Key Infrastructure (PKI) at SAP Headquarter in Walldorf
PKI is a key component for issuing certificate to user, computer and services for Authentication, Encryption, non-repudiation (signature).
Project name: SAP AD integrated Global PKI Implementation
Keywords: IT Security, PKI, Authentication, Active Directory, Single-Sign-On (SSO), Hardware Security Module (HSM), Encryption, OpenSSL, Certificate (X.509), Revocation, Active Directory Certification Authority.
Environment: Windows server 2008 R2 Enterprise, Windows Server 2012 R2 Datacenter, Linux (RHEL, Ubuntu), Monitoring with SCOM (System Center Operation Manager), Thread Management Gateway (TMG), Online Certificate Status Protocol (OCSP), Internet Information Services (IIS), nCipher Hardware Security Module, MS Visio.
Protocols: SSL, TLS, VPN, 802.1X
Cryptography: RSA, nCipher Security World Key Store Provider
Topics:
- Requirements Analysis
- Design of the Global AD integrated Public Key Infrastructure (PKI) at SAP
- Coordinating and Implementing the Global Public Key Infrastructure (PKI) at SAP
Responsibilities:
- Support for User and Application migration to the new Active Directory Domain
- Single Sign-on implementation
- Protect and ensure security on PKI backend
- Hardening
- PowerShell Scripting
- Virtualization: Hyper-V
- Backup / Restore
- Troubleshooting
- PKI Operation
- PKI Policies (CP/CPS)
- PKI Enabled Applications: SSL/TLS, 802.1x,Direct Access, NAP, Code Signing, Virtual Smart Card
- Single Sign-on Operation
- Hardware Security Module (Thales nCipher HSM) Operation
- GPOs Management
- 3rd Level Support according to defined SLA
- Number of employees: 100.000
- ADCS Migration to windows server 2012 Standard
- SAP IT Direct (Incidents/Changes/Problems Management Solution (ITIL))
- Documentation
4/2011 – 9/2011 Fraunhofer Institute for Secure Information Techno
PKI and Crypto analyst
Master Thesis
Project: Design and implementation of an automatic revocation concept for Car-to-X communication.
Project name: SIMTD (Sichere Intelligente Mobilität Testfield Deutschland)
Partners: Audi, BMW AG, Daimler, Ford, VW, Opel, Bosch, Continental
Keywords: IT Security, Automotive, PKI, Cryptography
Environment:Windows, Java, UML, MS Visio, Eclipse with gnuPlot Plug-in, LaTeX
Protocols: IEEE 1609.2 Standards, IEEE 802.11p
Cryptography algorithm: RSA, ECDSA, ECIES
API: Bouncy Castle (Cryptography)
Framework: JUnit
Responsibilities:
- Extension of the Public Key Infrastructure (PKI)
- Implementation of the Elliptic Curve Public-Key Cryptography (ECDSA)
- Requirements analysis
- Revocation Concept Design
- Concept Implementation (Java)
- Testing
- Debugging
- Concept Evaluation
- Concept performance optimization
- Documentation
2/2011 – 3/2011 SAP AG–Bensheim, Germany
Quality Assurance Consultant
Project: SAP Netweaver Application Server Test
SAP Netweaver Application Server is a component of the Netweaver solution for SAP products
Protocols: Secure Network Communications (SNC), Secure Socket Layer (SSL), HTTPS
Keywords: IT Security, Single Sign-On, Identity management
Environment: SAP NetWeaver, Windows, Apache Tomcat
Responsibilities:
- Security and Identity Management
- Testing Single Sign-On technologies with SNC and SSL protocols
- Performance check to meet SLA (Service Level Agreements)
- Documentation
6/2007 – 1/2011 SECUDE IT Security GmbH –Darmstadt, Germany
Junior Quality Assurance Engineer (B.Sc. (Uni))
Environment: Windows NT/2000/XP/Vista/7, Bugzilla, OTRS, TestLink, Jira VMWare, Windows Server 2003/2008 R2, CITRIX (XenApp,XenDesktop, XenServer) MS Outlook, Windows embedded standard, PKI, Trust Manager, Smart Card PKCS#11 (JCOP, StarCOS, CardOS), RSA SecurID, Oracle 10g, LDAP, Active Directory Service
Responsibilities:
- Junior QA Manager for software encryption
- Test planning
- Test execution
- Test reporting
- Test automation
- Software Test to meet ISO/IEC 9126 (Functionality, Reliability, Efficiency)
- Specification based testing
- Integration test
- System test
- Regression test
- Smoke test
- Software performance test
- Load test
- Security test
- Ad-hoc test
4/2005 – 9/2011 HRZ (HochshulRechenZentrum - TU Darmstadt)–Darmsta
IT Consultant
Environment: Linux (RHEL, SLES, Ubuntu Server), Mac OS X, Windows NT/2000/XP/Vista/7, Novell, BMC Remedy ARS, OTRS, VMWare, Windows Server 2003/2008, Firewall, IP Network, VPN, XML, Pearl, PHP, JavaScript, CSS, PHPAdmin, AV Program
Protocol: TCP/IP, SSL/TLS, IPSec (AH, ESP), NTLM, Kerberos, RADIUS, EAP, MSCHAPv2
Responsibilities:
- Computer network adviser
- Help-Desk (1st, 2nd, 3rd Level support)
- Solve different problems related to (Wireless) LAN connections (Cisco VPN Client, BigEdge F5, Shrew Soft VPN, WPA2)
- Troubleshooting of Network configuration by different departments within the campus.
- Maintenance of database
- Utilizes strong technical background in troubleshooting system issues
- Maintenance of department PCs
- Support for departmental web page.
- Maintenance and Support
PKI Solution Architect
- Analyzing PKI enabled Application requirements in regards to PKI components (CAs, OCSP, Active Directory, Smart Card, HSM SafeNet, Windows 10, TPM)
- Translating architecture in a Technical Design Document
- Implementation Coordination
- Environment with 120,000 Users
- Project Management
3/2018 – 9/2018 KfW Bank
PKI Consultant
Tasks:
- Involved in PKI product/component selection
- Advise on PKI architectural topics
- Product Evaluation
- Cooperation in PKI-Process Definition
- Cooperation in CP/CPS definition
- Cooperation in PKI architecture redesign
5/2017 – 2/2018 adidas AG
PKI Expert for SHA-1 to SHA-2 Migration
- PKI Migration Coordination
- Change Management
- Migration plan definition
- Support for PKI Application Migration (Windows/MacOS, Mobile Device, VPN Gateway, Load balancer, Venafi Trust Protection Platform for SSL certificate management, SafeNet HSM)
- Creating PKI Process and Operation Guidance
10/2016 – 12/2017 Frankfurt Exposition and Trading Fair GmbH
PKI Architect
Design and Implementation of a new PKI infrastructure and migration of existing services into the new Public Key Infrastructure.
The migration concept has been written by me and was reviewed by a third party, which approved it.
3/2016 – 12/2016 Commerzbank AG
IT Security Specialist Encryption
The project "Encryption" was initiated following an audit by the Federal Financial Supervisory Authority (BaFin).
Scope of the project was to enforce the use of state-of-the-art encryption algorithms to secure communication channels between applications and datacenters.
Task:
- Analysis and support in implementing requested security protocol
- Risk, effort, cost estimation and tracking of tasks
- Implementation Review
Individual task description:
- Is-Situation analysis: Reviewing application of concern with
respect of interfaces in use and implementation of current
cryptography protocols
- Support by evaluating alternative implementation option, where required
- Technical coordination with stakeholders and support by evaluating effort required for SSL/TLS implementation
- Supervision and tracking of tasks (SSL/TLS Configuration, Cipher-Suites, Web Server configuration, HTTP-Protocol)
- Advise/Recommendation for Proposal toward Management of Program IT-Governance
Individual Skills:
- Expert knowledge in cryptography protocol (SSL/TLS; Cipher-Suites; SSH; IPSec; VPN etc...)
- Good knowledge of state-of-the-art encryption method and technology
- Experience in project coordination
Must-have Qualification:
- Encryption (SSL;TLS)
- IT Governance
- HTTP
- Project Management;
- IT Security
7/2015 – 2/2016 Deutsche Bank AG
Tech. Experte in Cyber Security Engineering / dbSmartcard & dbFSE (DB File Serve
Techn. Expert for 3rd Level Support in CISO Department - PKI:
- PKI
- Smartcards
- Encryption
- Access Management
- Database Know How (DB2, SQL, Host)
- IT-Compliance
- Digital Certificate
- SafeGuard LAN Crypt
12/2014 – 1/2015 Messe Frankfurt
PKI Consultant
Concept design for a Public Key Infrastructure migration:
- PKI Design
- Root CA
- Sub CA
- OCSP/CRL
- HSM
- CP/CPS
- Review of PKI enabled applications
- Migration: Single-Sign-On for SAP Secure Login Backend-System
11/2014 – 12/2014 Bundesrepublik Deutschland Finanz Agentur GmbH
PKI Specialist for NAC Troubleshooting
802.1x Authentication troubleshooting in LAN for NAC (Network Access Control):
Task:
- NAC Server Policy Analysis
- RADIUS Server Configuration Analysis
- PKI Implementation review
- Configuration review and correction of Network Group Policy for 802.1x Authentication
10/2014 – 6/2015 Arvato System GmbH
PKI Expert
Customer support in project elektronic Health Card, supervised by Gematik (Gesellschaft für Telematikanwendungen der Gesundheitskarte mbH). Following tasks was scope of project:
- Technical implementation of requirements for the operation of a complex Public Key Infrastructure (PKI). This included the integration and configuration of several CVC and Root-CAs as well as several Hardware Security Modules (HSMs).
- Process documentation in German language
- Technical advice and support for customer's teams in particular the "Technical Solution Manager" in regard of connectivity of the Public Key Infrastructure with Thales Hardware Security Module (HSM).
- Know-How transfer through workshops:
HSM Concept: Configuration and Operation
10/2011 – 9/2014 SAP AG - Walldorf
PKI Expert
Project: Design, implementation and operation of a Global AD integrated Public Key Infrastructure (PKI) at SAP Headquarter in Walldorf
PKI is a key component for issuing certificate to user, computer and services for Authentication, Encryption, non-repudiation (signature).
Project name: SAP AD integrated Global PKI Implementation
Keywords: IT Security, PKI, Authentication, Active Directory, Single-Sign-On (SSO), Hardware Security Module (HSM), Encryption, OpenSSL, Certificate (X.509), Revocation, Active Directory Certification Authority.
Environment: Windows server 2008 R2 Enterprise, Windows Server 2012 R2 Datacenter, Linux (RHEL, Ubuntu), Monitoring with SCOM (System Center Operation Manager), Thread Management Gateway (TMG), Online Certificate Status Protocol (OCSP), Internet Information Services (IIS), nCipher Hardware Security Module, MS Visio.
Protocols: SSL, TLS, VPN, 802.1X
Cryptography: RSA, nCipher Security World Key Store Provider
Topics:
- Requirements Analysis
- Design of the Global AD integrated Public Key Infrastructure (PKI) at SAP
- Coordinating and Implementing the Global Public Key Infrastructure (PKI) at SAP
Responsibilities:
- Support for User and Application migration to the new Active Directory Domain
- Single Sign-on implementation
- Protect and ensure security on PKI backend
- Hardening
- PowerShell Scripting
- Virtualization: Hyper-V
- Backup / Restore
- Troubleshooting
- PKI Operation
- PKI Policies (CP/CPS)
- PKI Enabled Applications: SSL/TLS, 802.1x,Direct Access, NAP, Code Signing, Virtual Smart Card
- Single Sign-on Operation
- Hardware Security Module (Thales nCipher HSM) Operation
- GPOs Management
- 3rd Level Support according to defined SLA
- Number of employees: 100.000
- ADCS Migration to windows server 2012 Standard
- SAP IT Direct (Incidents/Changes/Problems Management Solution (ITIL))
- Documentation
4/2011 – 9/2011 Fraunhofer Institute for Secure Information Techno
PKI and Crypto analyst
Master Thesis
Project: Design and implementation of an automatic revocation concept for Car-to-X communication.
Project name: SIMTD (Sichere Intelligente Mobilität Testfield Deutschland)
Partners: Audi, BMW AG, Daimler, Ford, VW, Opel, Bosch, Continental
Keywords: IT Security, Automotive, PKI, Cryptography
Environment:Windows, Java, UML, MS Visio, Eclipse with gnuPlot Plug-in, LaTeX
Protocols: IEEE 1609.2 Standards, IEEE 802.11p
Cryptography algorithm: RSA, ECDSA, ECIES
API: Bouncy Castle (Cryptography)
Framework: JUnit
Responsibilities:
- Extension of the Public Key Infrastructure (PKI)
- Implementation of the Elliptic Curve Public-Key Cryptography (ECDSA)
- Requirements analysis
- Revocation Concept Design
- Concept Implementation (Java)
- Testing
- Debugging
- Concept Evaluation
- Concept performance optimization
- Documentation
2/2011 – 3/2011 SAP AG–Bensheim, Germany
Quality Assurance Consultant
Project: SAP Netweaver Application Server Test
SAP Netweaver Application Server is a component of the Netweaver solution for SAP products
Protocols: Secure Network Communications (SNC), Secure Socket Layer (SSL), HTTPS
Keywords: IT Security, Single Sign-On, Identity management
Environment: SAP NetWeaver, Windows, Apache Tomcat
Responsibilities:
- Security and Identity Management
- Testing Single Sign-On technologies with SNC and SSL protocols
- Performance check to meet SLA (Service Level Agreements)
- Documentation
6/2007 – 1/2011 SECUDE IT Security GmbH –Darmstadt, Germany
Junior Quality Assurance Engineer (B.Sc. (Uni))
Environment: Windows NT/2000/XP/Vista/7, Bugzilla, OTRS, TestLink, Jira VMWare, Windows Server 2003/2008 R2, CITRIX (XenApp,XenDesktop, XenServer) MS Outlook, Windows embedded standard, PKI, Trust Manager, Smart Card PKCS#11 (JCOP, StarCOS, CardOS), RSA SecurID, Oracle 10g, LDAP, Active Directory Service
Responsibilities:
- Junior QA Manager for software encryption
- Test planning
- Test execution
- Test reporting
- Test automation
- Software Test to meet ISO/IEC 9126 (Functionality, Reliability, Efficiency)
- Specification based testing
- Integration test
- System test
- Regression test
- Smoke test
- Software performance test
- Load test
- Security test
- Ad-hoc test
4/2005 – 9/2011 HRZ (HochshulRechenZentrum - TU Darmstadt)–Darmsta
IT Consultant
Environment: Linux (RHEL, SLES, Ubuntu Server), Mac OS X, Windows NT/2000/XP/Vista/7, Novell, BMC Remedy ARS, OTRS, VMWare, Windows Server 2003/2008, Firewall, IP Network, VPN, XML, Pearl, PHP, JavaScript, CSS, PHPAdmin, AV Program
Protocol: TCP/IP, SSL/TLS, IPSec (AH, ESP), NTLM, Kerberos, RADIUS, EAP, MSCHAPv2
Responsibilities:
- Computer network adviser
- Help-Desk (1st, 2nd, 3rd Level support)
- Solve different problems related to (Wireless) LAN connections (Cisco VPN Client, BigEdge F5, Shrew Soft VPN, WPA2)
- Troubleshooting of Network configuration by different departments within the campus.
- Maintenance of database
- Utilizes strong technical background in troubleshooting system issues
- Maintenance of department PCs
- Support for departmental web page.
- Maintenance and Support
Reisebereitschaft
Verfügbar in den Ländern
Deutschland
