February 2020 - July 2020

At the beginning of 2020 I had the pleasure to work as SOC Manager a.i (ad interim) in the Security Operation Center of an international technology company. This was one of the engagements (the last one) I received during my time as Senior Security Consultant at ISPIN AG.

The mission was very exciting, thrilling and instructive for me. The team and I had ups and downs during this time, but also a lot of fun working together and we really achieved a lot - not only for the company, but also for ourselves!

Individuals became a team, colleagues became friends and work became passion

When I look back, I don't know who I should be more grateful to....

• the management, which placed its confidence in me and entrusted me with such a responsible and challenging task?

• all my colleagues from the numerous departments, with whom my team and I have been able to master so many challenges and who have worked with us in such an incredibly trusting manner and have always given us the best possible support?

• my team, who always stood behind me 100% and especially in this special time (launch of Covid-19) and despite all the ups and downs, the stress and the growing challenges and changes that we had to overcome together and on which we grew together more and more?

I really don't know!

I think my personal thanks belong to each and every one of them!

So one day I had to leave the office without my laptop, without my files and without my corporate ID, but with huge emotions.

BUT... (no story without a happy ending)!

just a few days later, I received the final confirmation that my application for the open position of "SOC Manager" was accepted by management.

So I resigned from ISPIN AG, I took my vacation and got some rest before I then started on September 1, 2020 as the official "Manager of the Security Operation Center" in this company.

Story on LinkedIn

January  2021 

It was a great honor for me when I was asked by my former company "ISPIN AG" to write a short article for the upcoming European Data Protection Day.

I decided to write a short article on the topic of

"Data protection and security in the cloud".

This article was first published on the ISPIN blog on 28.01.2020.

An extended version of the article can also be found on LinkedIn.

2017

It was a great honor for me when I was asked by my mentor and good friend "Amar Singh", the CEO of Cyber Management Alliance LLC in the UK, if I would become one of the co-authors for the first joint e-book he planned to publish under the Wisdom of Crowds umbrella.

Wisdom of Crowds, also founded by Amar Singh, is based on the simple principle that the wisdom of many surpasses the knowledge of a single or few. The conferences offer a wealth of visionary knowledge and valuable advice through innovative sessions like group brainstorming, crowdsourced guidance and workshops and informative presentations from inspirational industry leaders.

Needless to say, it was a great honor and experience for me to work and write with such a great team of experienced professionals.

Download the GDPR E-book

April 2015 – October 2015

In April 2015, I was asked, if I would like to join a team of 5 QA and Testing experts to oversee the transformation of existing and implementation of new Security Services across a worldwide operating industrial organization from an End-to-End perspective. End-to-End means, in this particular case, to oversee and understand all security services including the whole security organization and how all these fit together (Datacenter, Hosting, Networks, End-User Computing and the whole IT Security Organization)

The aim of the engagement was:

• to ensure that design and implementation is in line with the requirements and expectations of the business
• to drive security testing through the organization
• to oversee and review all security testing activities, to ensure quality and safety in the area of information security services as well as to eliminate False-Positives and to identify any possible False-Negatives

To drive and oversee security testing; it was very important to understand how testing fits into the organizational structure. Together with the security test team, the business and also the service provides, we

• reviewed the IT security requirements
• prepared/reviewed IT security test plans
• prepared/reviewed IT security test cases
• executed IT security tests and measured their effectiveness
• reviewed reported defects, False-Positives, False-Negatives and effectiveness measures
• prepared/reviewed IT security test reports

This was really a great project. I met many fantastic colleagues and other people from all over the world and I am proud that I had the opportunity of being a part of such a great team!

September 2014 – March 2015

In September 2014, I was asked, if I would like to join a team of 10 forensic experts and white hat hacker to investigate in an information security incident, which happened outside Switzerland.
Goal of the investigation was:

• to analyze IT systems
• to identify and take potential evidences
• to deliver facts on what and how it happened
• to determine the data and the value of the information, on which the attackers were finally interested in

We performed all necessary processes and procedures, which were needed, to capture process and investigate the information security incident. Therefore, we obtained and analyzed all related IT systems and digital media as well as information about all user activities on the network. We also evaluated and extracted possible deleted evidences, created a logical assumption about the incident timeline and documented the findings. We collaborated with other computer forensic professionals, security experts and third parties involved.

This was a really great, challenging and exhausting project. I met many fantastic IT colleagues, subject matter experts and also other people from all over the world - which was really great. We have spent a great, long time together in Germany and I am proud that I had the opportunity of being a part of such a great team!