Schwanau, Baden-Württemberg, Germany
Security is about reducing or negating effects of unwanted behavior to sth. or someone. People “behave”! Tech doesn’t! Therefore -> IT-Sec == 90% people 10% tools! (If that!) That said -> Every effective practitioner of Security IS, by definition, a change agent. I lead change. In IT and basically every other BU as well, as they’re working with IT. With clarity and decisive action I create change in humans and environments to bring both closer to a more secure, effective and frictionless way of working which then also fosters synergies and creates a culture of trust and excellence. All I did and learned so far is the foundation of what I’m doing today. Nowadays I help companies to transform into a more secure, less fragile entity, by providing clarity, vision, strategy, leadership and effectiveness. One might call it a Clear Information Strategy Officer. 🙃
Lead of IT-Security team. Responsible for Information Security. Participation in the data protection comittee & support of the data security officer. Responsible for all IT-Security processes and practises in Classic IT, OT, Mobile, Cloud and Development. Reporting to C-Level. Responsible for budget, planning and execution.
Test of the IKMS for SAP Hana. Evaluation, implementation and, in alignment with SAP Global Security, of Hadolint into the CI/CD of SAP-Hana for developers.
Implementing a Secure Software Development Life Cycle in a regulated environment; Process Owner Pentest; Process Owner SonarQube; Agile Security QA; Security testing; SAST, DAST, IAST. ISO-27001 auditor; Risk assesment & security concepts; BIA; Threat modelling; OWASP Top 10 / API Top10; Splunk & Splunk ES.
Bringing Security into QA in a regulated environment. ISO27001 provisional Lead Auditor, Building Secure Processes. Establish Best Practise for QA & Secure Coding. Train / sensitize people for Security. BSI Grundschutz, MARisk, ISO27001, Security Regulations. SecureCoding Best Practises. Kali Linux, OWASP Introducing: SonarQube, SecureCodeWarriors,
Driving agile transformation from QA perspective. SCRUM. Establishing best practise for QA. Automate regression testing. Tools: Postman, PACT, Selenium (no more), - UI-Path (to automate legacy), TFS, PowerShell, C# and JS. React-FW with Enzyme and Snapshot.
Agile environment. Kanban. All possible testing activities. Inhouse QA consulting. Usage of Tools like SonarQube, Jira, Java, Git, gerrit etc. Defining security test for DE-Mail. QA from security perspective as well.