Germany
I’m passionate about securing digital environments, combining my expertise in system and network security with cloud DevOps to create robust, scalable solutions. With a focus on threat detection and secure infrastructure design, I ensure that both on-premises and cloud systems are optimized and protected.
▪ Led end-to-end security architecture programme for AWS and Kubernetes infrastructure, coordinating delivery across engineering, DevOps, and compliance stakeholders. ▪ Owned DevSecOps programme: defined roadmap, tracked milestones, and coordinated CI/CD security automation and vulnerability management workstreams. ▪ Led threat assessments and risk management processes, producing risk registers and coordinating remediation plans with engineering and product teams. ▪ Established security standards and policies; managed cross-team adoption and tracked alignment progress against SOC 2 control objectives. ▪ Ran structured security review and threat modelling for new features and third-party integrations — single point of coordination between product, legal, and security. ▪ Managed security tooling programme (vulnerability scanning, secrets management, compliance monitoring) — vendor selection, onboarding, and ongoing delivery. ▪ Managed Bug Bounty programme end-to-end: triage coordination, response SLAs, and remediation delivery with engineering teams. ▪ Cloudflare WAF/CDN administration; coordinated rollout of security policies across platform teams.
• Architect and implement secure, scalable cloud infrastructure across AWS and other platforms, ensuring high availability and compliance. • Enhance network security by designing and deploying comprehensive security controls tailored to cloud environments. • Build and maintain secure CI/CD pipelines, integrating automated security checks, vulnerability scans, and compliance gates to safeguard code deployments. • Manage and secure Kubernetes environments, ensuring container security, access control, and compliance with security best practices. • Collaborate with penetration testers to identify, assess, and remediate vulnerabilities, continuously improving the security posture of cloud infrastructure. • Execute incident response efforts, coordinating detection, containment, and recovery from security incidents, ensuring minimal impact. • Promote a security-first culture within DevOps, embedding security into every stage of the software development lifecycle (SDLC). • Deploy and manage cloud security tools for real-time monitoring, threat detection, and proactive incident response. • Strengthen access controls in cloud environments, ensuring robust role-based access and enforcing least-privilege principles. • Automate infrastructure tasks with Terraform, Python, and Bash, driving efficiency, scalability, and improved security. • Optimize DevOps workflows with infrastructure as code (IaC), enhancing scalability and resilience while ensuring security best practices. • Design and manage a data platform with strong governance, ensuring data protection and compliance with industry regulations. • Develop, enforce, and update comprehensive security policies across cloud operations, ensuring alignment with industry standards and regulatory requirements.
• Design and improve infrastructure and platform security on AWS, ensuring both scalability and resilience. • Perform threat analysis and implement security controls while enhancing overall platform architecture. • Lead networking design and enforce best practices for the Core Data Platform, focusing on both performance and security. • Strengthen resilience and security for critical tools like Kafka and Snowflake in the data ingestion pipeline. • Manage and optimize CI/CD pipelines (GitHub Actions, Octopus Deploy, Spacelift) with a focus on security, efficiency, and automation. • Define and implement standards and strategies for the Core Data Platform, balancing security and operational needs. • Assist team members with DevOps and infrastructure tasks, ensuring secure and efficient solutions. • Develop and implement new processes to enhance both scalability and security across the platform. • Use Terraform to securely integrate new platform features, ensuring compliance with infrastructure standards. • Conduct PoCs for new tools and designs, evaluating their security, resilience, and suitability for the platform.
• Led platform strategy for large-scale AWS landing zone deployments, focusing on scalability, resilience, and security. • Conducted threat analysis on the cloud platform, identifying and mitigating security risks. • Implemented Secure Development Lifecycle (SDLC) for the landing zone, ensuring security best practices. • Designed and deployed complex AWS solutions, balancing operational efficiency and security. • Managed cloud network architecture, ensuring robust, scalable, and secure systems. • Mentored engineers, fostering a collaborative DevOps culture. • Developed and managed Kubernetes systems, ensuring scalability and security. • Administered a multi-tenant Elastic Cloud deployment, optimizing performance and security. • Developed processes to enhance platform scalability and security. • Integrated features using Terraform, ensuring security compliance. • Automated tasks using Python and Bash scripting for enhanced efficiency. • Led PoC evaluations for new tools, assessing performance, security, and scalability. • Led network security initiatives, including firewall configurations, WAF implementation, and best practices. • Conducted threat analysis on the landing zone and observability platforms, identifying vulnerabilities. • Collaborated with security architecture teams to design and implement cloud security best practices.
• Developed secure, scalable AWS landing zone solutions aligned with security policies and compliance requirements. • Managed DNS via Route 53, ensuring secure routing in line with security policies. • Administered Palo Alto firewalls, enhancing network protection through policy-driven improvements. • Led AWS networking design, ensuring secure, compliant networks. • Provided security-focused guidance for AWS and on-prem networking, ensuring policy compliance. • Developed processes to improve platform scalability and security, adhering to best practices. • Integrated new platform features using Terraform, ensuring security compliance. • Automated tasks using Python and Bash, maintaining security in all workflows. • Administered and advised on WAF technologies (F5, AWS), enforcing policies to prevent application-layer attacks.
• Monitor and secure the Corporate WAN (IOS-XR, IOS-XE, MPLS, BGP, OSPF, VPN), ensuring network security and resilience. • Manage and implement security changes for firewalls (Firepower, Juniper), protecting against threats and vulnerabilities. • Lead the secure implementation of wireless, SDA, and ISE infrastructure, ensuring robust access control. • Secure cloud connectivity to AWS and Azure via Equinix Cloud Exchange and Azure ExpressRoute. • Design and deploy secure Wireless, DNAC, and ISE solutions with a focus on access controls and security best practices. • Lead disaster planning for WAN, firewalls, and remote access infrastructure, ensuring security and resilience. • Troubleshoot and resolve complex routing, switching, and firewall security incidents. • Maintain and improve core firewalls, wireless, and WAN infrastructure with a focus on disaster recovery readiness. • Collaborate with internal/external teams to enhance network security and communication. • Review third-party performance, recommending improvements to ensure security compliance. • Oversee change approvals to minimize security risks and ensure compliance. • Work with tooling teams to enhance security monitoring and automation.
• Architect, design, and implement secure enterprise networks for clients across various industries, aligning with industry standards such as PCI-DSS and ISO27001. • Conduct security audits and collaborate with penetration testers and Security Architecture teams to identify vulnerabilities, simulate attacks, and improve security posture. • Assist clients in achieving PCI-DSS compliance by designing secure network and system solutions that meet strict regulatory requirements and pass penetration testing. • Guide clients in obtaining and maintaining ISO27001 certification, developing security frameworks and controls. • Work with penetration testers to validate security measures, ensuring vulnerabilities are identified and remediated. • Respond to security incidents, coordinating with teams to mitigate, contain, and analyze threats, and enhancing security architecture based on incident outcomes. • Utilize tools like IDS/IPS, firewalls, SIEM, and DLP to detect and mitigate threats, improving the security architecture in line with incident response and testing results. • Develop incident response plans and conduct exercises to ensure clients’ preparedness for breaches, integrating lessons into the broader security architecture. • Implement secure enterprise networks, focusing on segmentation and defense-in-depth, validated through regular penetration testing and threat monitoring. • Regularly review and update security policies to ensure alignment with PCI-DSS, ISO27001, and GDPR compliance, incorporating feedback from audits and incidents. • Provide security training for client teams, enabling them to follow best practices and address vulnerabilities. • Lead PoCs of security tools, ensuring they meet client-specific needs and align with the overall security architecture. • Work closely with legal and compliance teams to ensure data protection and privacy, advising on secure data handling, encryption, and access controls.
• Architect and secure internal network infrastructures for a major ISP using Cisco and F5 technologies, ensuring high availability and regulatory compliance. • Implement advanced security measures such as firewalls, VPNs, and network segmentation to protect internal systems and customer data. • Collaborate with internal security teams to assess vulnerabilities, applying continuous improvements to strengthen network defenses. • Automate network operations and management tasks using Cisco scripting, improving operational efficiency and maintaining security. • Lead incident response for internal network threats, ensuring rapid containment and recovery with minimal service disruption.
• Design and implement secure, scalable network infrastructures for two major banks using Cisco and F5 technologies, ensuring compliance with industry standards. • Deploy and maintain firewalls, VPNs, and IDS/IPS systems, enhancing network security and protecting critical financial operations. • Collaborate with internal teams and third-party penetration testers to identify and resolve vulnerabilities, continuously improving the banks’ security posture. • Strengthen access controls and automate network management with Cisco scripting and infrastructure as code (IaC) to enhance efficiency and security. • Lead incident response for network threats, ensuring quick detection, containment, and recovery while minimizing impact on banking operations.