Ingolstadt, Bavaria, Germany
As a strategic and business-oriented Cyber Security Executive (CISO), I specialize in building, leading, and scaling global security programs from the ground up in highly regulated and technologically complex industries, including aviation, finance, and critical infrastructure. I have a proven track record of translating complex technical and regulatory requirements (EASA/FAA, NIS2, GDPR, PCI-DSS) into actionable, business-enabling strategies. By aligning security initiatives with executive-level objectives, I transform security from a cost center into a driver of innovation, product integrity, and customer trust. My core expertise lies in: - 𝐄𝐱𝐞𝐜𝐮𝐭𝐢𝐯𝐞 𝐋𝐞𝐚𝐝𝐞𝐫𝐬𝐡𝐢𝐩 & 𝐒𝐭𝐫𝐚𝐭𝐞𝐠𝐲: Architecting enterprise-wide security vision, building and mentoring high-performance global teams, and managing multi-million euro budgets with a focus on ROI, achieving significant cost savings (40-60%) through strategic vendor negotiations. - 𝐌𝐨𝐝𝐞𝐫𝐧 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐀𝐫𝐜𝐡𝐢𝐭𝐞𝐜𝐭𝐮𝐫𝐞: Designing and implementing robust security frameworks across multi-cloud (AWS, GCP, Azure), SaaS, OT/ICS, and enterprise environments, with deep expertise in Zero Trust, Identity Governance (IGA), DevSecOps, and Secure Service Edge (SSE). - 𝐆𝐨𝐯𝐞𝐫𝐧𝐚𝐧𝐜𝐞, 𝐑𝐢𝐬𝐤 & 𝐂𝐨𝐦𝐩𝐥𝐢𝐚𝐧𝐜𝐞 (𝐆𝐑𝐂): Steering complex regulatory landscapes to ensure compliance while enabling business agility. Expert in developing policies, standards, and automated compliance solutions that withstand rigorous audits. - 𝐓𝐞𝐜𝐡𝐧𝐢𝐜𝐚𝐥 & 𝐎𝐩𝐞𝐫𝐚𝐭𝐢𝐨𝐧𝐚𝐥 𝐄𝐱𝐜𝐞𝐥𝐥𝐞𝐧𝐜𝐞: Leading hands-on execution of critical projects, from company-wide FIDO2 rollouts and network re-architecture for 1000+ sites to establishing state-of-the-art threat hunting and vulnerability management programs. I am passionate about creating resilient security cultures that empower organizations to innovate safely and confidently.
Retained as a trusted advisor to define security strategy and drive execution for organizations lacking specialized internal capacity. Bridged the gap between high-level planning and hands-on implementation to solve complex security challenges. • Authored and implemented cybersecurity strategies for clients in highly regulated (finance - DORA & PSD2) and industrial (construction) environments. • Led program execution and provided deep technical expertise to deliver critical security projects on time. • Acted as an interim/fractional leader and subject matter expert, maturing client security posture and enabling them to meet business and regulatory demands. • Public speaking engagements and or moderation of Sessions • Supporting Private Equity and Venture Capitals in Due Diligence and M&A's
As the company's first CISO, established the global cybersecurity strategy and program from the ground up. Built and led a distributed team to secure SaaS products, aviation systems (aircraft/manufacturing), and enterprise IT. Managed a multi-million Euro budget and steered the company through complex regulatory landscapes (EASA/FAA, GDPR, CRA). • Architected a zero-trust identity program, deploying FIDO2 MFA and an IGA platform to strengthen and automate access controls. • Achieved 40-60% cost savings on security tooling through strategic vendor negotiations. • Led a global network transformation, implementing an SSE solution for global rollout and a secure OT architecture (IEC 62443). • Embedded secure coding and threat modeling into the SDLC for SaaS and safety-critical aircraft systems (ED-202A), satisfying aviation and cyber resiliency regulations. • Drastically improved security posture by implementing 100% EDR coverage, best-in-class email security, and reducing critical patching times to below 24 hours. • Integrated physical security (CCTV, Access Control) with Cloud identity systems for unified threat monitoring and response.
Led all cybersecurity functions for Germany within a highly regulated nuclear energy sector. Served as a primary strategic advisor to the WW CISO, shaping global security policy and leading high-stakes engagements with national regulators, customers, and auditors. • OT/ICS Security Leadership: Pioneered the OT/ICS security strategy for critical nuclear infrastructure. Led formal evaluations of industrial security platforms (e.g., Dragos, Claroty, Defender for IoT) and directed offensive security testing against safety-critical components to validate resilience. • Global Strategic Influence: Directly influenced global security investment and policy by translating complex technical risks into actionable, budget-neutral roadmaps for the WW CISO, securing both legacy and modern cloud environments. • Architecture Modernization: Directed the modernization of enterprise security architecture, implementing a zero-trust model for web application delivery (WAF, TLS enforcement) and driving the strategic validation of a Secure Access Service Edge (SASE) framework. • High-Stakes Governance & Compliance: Led all security workstreams for ISO 27001 certification and successfully represented the company in rigorous regulatory and customer audits, demonstrating compliance and ensuring continued operational trust.