Michael Fontner

Trailblazer of clarity. Harbinger of change | Vision -​> Strategy -​> Tactics -​> op excellence | First effectiveness, then efficiency | The human factor | Creating Interdivisional cooperation & High Performance teams |

Schwanau, Baden-Württemberg, Germany

About

Security is about reducing or negating effects of unwanted behavior to sth. or someone. People “behave”! Tech doesn’t! Therefore -> IT-Sec == 90% people 10% tools! (If that!) That said -> Every effective practitioner of Security IS, by definition, a change agent. I lead change. In IT and basically every other BU as well, as they’re working with IT. With clarity and decisive action I create change in humans and environments to bring both closer to a more secure, effective and frictionless way of working which then also fosters synergies and creates a culture of trust and excellence. All I did and learned so far is the foundation of what I’m doing today. Nowadays I help companies to transform into a more secure, less fragile entity, by providing clarity, vision, strategy, leadership and effectiveness. One might call it a Clear Information Strategy Officer. 🙃

Experience

  • Head of global IT Security at Herrenknecht AG
    Feb 2023 - Present · 3 yrs 6 mos

    Lead of IT-Security team. Responsible for Information Security. Participation in the data protection comittee & support of the data security officer. Responsible for all IT-Security processes and practises in Classic IT, OT, Mobile, Cloud and Development. Reporting to C-Level. Responsible for budget, planning and execution.

  • Senior Cloud Application Security Specialist at SAP
    May 2021 - Feb 2023 · 1 yr 10 mos

    Test of the IKMS for SAP Hana. Evaluation, implementation and, in alignment with SAP Global Security, of Hadolint into the CI/CD of SAP-Hana for developers.

  • GRENKE AG (4 yrs 11 mos)
    • IT-Security Engineer - Application Security Manager
      Apr 2020 - May 2021 · 1 yr 2 mos

      Implementing a Secure Software Development Life Cycle in a regulated environment; Process Owner Pentest; Process Owner SonarQube; Agile Security QA; Security testing; SAST, DAST, IAST. ISO-27001 auditor; Risk assesment & security concepts; BIA; Threat modelling; OWASP Top 10 / API Top10; Splunk & Splunk ES.

    • Security-QA / Application Security Management
      Jul 2019 - Apr 2020 · 10 mos

      Bringing Security into QA in a regulated environment. ISO27001 provisional Lead Auditor, Building Secure Processes. Establish Best Practise for QA & Secure Coding. Train / sensitize people for Security. BSI Grundschutz, MARisk, ISO27001, Security Regulations. SecureCoding Best Practises. Kali Linux, OWASP Introducing: SonarQube, SecureCodeWarriors,

    • Agile QA professional lead
      Jul 2016 - Sep 2019 · 3 yrs 3 mos

      Driving agile transformation from QA perspective. SCRUM. Establishing best practise for QA. Automate regression testing. Tools: Postman, PACT, Selenium (no more), - UI-Path (to automate legacy), TFS, PowerShell, C# and JS. React-FW with Enzyme and Snapshot.

  • Software Test Engineer at 1&1 Internet Development SRL
    Dec 2013 - Jun 2016 · 2 yrs 7 mos

    Agile environment. Kanban. All possible testing activities. Inhouse QA consulting. Usage of Tools like SonarQube, Jira, Java, Git, gerrit etc. Defining security test for DE-Mail. QA from security perspective as well.

  • Workflow-Manager at Meyle+Müller GmbH+Co. KG
    Jan 2011 - Nov 2013 · 2 yrs 11 mos