Do you suspect you have suffered a breach but do not know what to do now or even where to start? Are you trying to make sense of data gathered through vulnerability scanning, logs, or other sources?
I can help!
As a professional information security analyst with many years of experience and clients ranging in size from 10 employees and few endpoints to more than 25.000 employees and thousands of endpoints, I know what to look for and how to interpret various sources. I will help you determine what to focus on and what to leave aside. I have a strong background in IT architecture and the inner workings of operating systems. I am used to reading (malware) source code, working with indicators of compromise and design my own working malware for trainings. I am well versed in reading network traffic and used to working with big data analysis tools when looking for the needle in the haystack. Years of experience have given me a solid background when it comes to creating actionable reports and statistics.
You are looking to design a secure system, need someone to provide consultancy on information security policies or technical security knowledge? Are you looking for reasonable and actionable security measures? You need or want to fulfil regulatory requirements like the GDPR/DSGVO?
Or are you unsure how to securely deploy your (cloud) solution and maybe even unsure whether to move to the cloud at all?
Having struggled to find reasonable and actionable consultancy in information security topics myself, I know which measures can actually be achieved and how. I have a university background not only in information security and cryptography, but also in business administration, which helps me in determining whether measures make sense or not from both a security and a business perspective. Through my studies on the management of IT-Services I have a well-founded knowledge of various architectural models of IT solutions and their benefits and weaknesses. My strong understanding of the security in cloud solutions is attested by a CCSK (Certificate of Cloud Security Knowledge).
You want to keep your employees up to date on the latest trends in security or how to identify the various threats today's IT environments throw at them. You need your IT department to brush up on information security topics like cryptography or the GDPR/DSGVO? You need an information security related speaker to show live hacking at one of your events?
I have held a large number of trainings for different audience groups - from end-users to programmers - have held talks at conventions with 100+ attendees and am a guest lecturer at the University of Innsbruck on topics of information security.
I write custom malware and phishing mails on a regular basis to show customers and their users how modern threats work and what to look for.
I have always been interested in computers, programming and security. Within my studies of Business Informatics, which I finished with a Magister degree, I focused on Software-Engineering, Service Engineering and Management and IT-Security. During my studies I also worked as an assistant at the institute of Database and Knowledge Engineering, helping students understand both the basics and advanced topics of modern database environments.
I have done security and software development related worked for critical infrastructure providers, large wholesalers, companies in luxury goods, tax consultants, ski resorts, large bakery chains, IT cloud providers, large printing companies, IT consultancies and many other fields.
IT is a large part of my life, and IT-Security my passion.