DevSecOps

Embrace the full DevSecOps-toolchain and culture to enhance the security of your cloud and applications.

Checkout my DevSecOps Maturity Model

Projects

DevSecOps-Assessment

Assessment of the current DevOps security status, planning of activities and check of the effectivness.

Web-Security Training

Train developers web threats and how to develop secure code.

Security review of IT systems

Security review of complex IT systems like OAuth, multi factor authentication, cloud platforms, webapplications and mobile applications.

DevSecOps Pipeline

Conception and implementation of vulnerability scanners and vulnerability management.

DevSecOps Workshop

Introduction into cloud security, continuous vulnerability scanning and DevOps culture.

Docker Security Workshop

Conduction of a docker security workshop to show the threats by operating Docker.

Security Check

Quick security check of web applications to identify threats in running applications for common pit falls.

Threat Modeling

Conduction of a structured analysis to identify threats in IT systems.

Workshop Agile Security

Introduction into modern methods to integrate security into the development lifecycle.

Sicherheits-Schulung

Informationssicherheits-Schulung für Mitarbeiter von kleinen bis großen Organisation.

Security Assessment and Management

Assessment of the overall security status, planning of activities and check of the effectivness.

Recent & Upcoming Talks

Patch management and why my containers have been stable for a year
May 14, 2019
Continuous Lifecycle London
Presentation of the OWASP Pins Project
Feb 27, 2019
OWASP Stammtisch Hamburg
Code
Vorstellung der Autorisierungskonzepte in OAuth 2
Oct 18, 2018
Heise DevSec()
Slides
Vorstellung der Autorisierungskonzepte in OAuth 2
Sep 15, 2018
Kieler Open Source und Linux Tage
Slides
Presentation of the DevSecOps Maturity Model
Jun 6, 2018
OWASP Summit
Slides Code
Docker Security Workshops
Jun 16, 2017
OWASP Summit
Slides Code
Hacking-Session für Developer (und Pentester)
Sep 16, 2016
Kieler Open Source und Linux Tage
Slides
Fail Fast, Automation von Sicherheitstests für Webanwendungen
Sep 15, 2016
DiWiSH-Fachgruppe Open Business: 2. Kieler Open Source Business Konferenz
Slides
DevOpsSecurity - Automatisierung von dynamischen Sicherheitsprüfungen
Sep 27, 2015
PHP Unconference
Slides

Experience

 
 
 
 
 
August 2018 – Present
Hamburg, Germany

DevSecOps Consultant

Leading finanz- and insurance software development company (NDA)

  • Development of concepts to integrate security into the development lifecycle
  • Conception and implementation of continuous security tests in the build pipeline
  • Security review of complex IT Systems like OAuth, multi factor authentication, webserver and Java applications
  • Training of internal security experts
 
 
 
 
 
February 2017 – Present
Hamburg, Germany

DevSecOps Consultant

SIGNAL IDUNA Gruppe

  • Development of concepts to integrate security into the development lifecycle
  • Conception and implementation of continuous security tests in the build pipeline
  • Security review of complex IT Systems like OAuth, multi factor authentication, webserver, OpenShift clusters and Java applications
  • Training of internal security experts
 
 
 
 
 
March 2016 – May 2016
Kiel, Germany

Websecurity Consulant

Web Agency (NDA)

  • Automation of static and dynamic security tests in the build pipeline
  • Conduction of security trainings
 
 
 
 
 
January 2016 – June 2016
Kiel, Germany

DevSecOps Consulant

Startup (NDA)

Evaluation and implementation of DevOps strategies to enhance the security of webapplications
 
 
 
 
 
March 2015 – December 2018
Kiel, Germany

CTO

FHUNii Media UG & Co. KG

 
 
 
 
 
August 2014 – November 2014
Hamburg, Germany

Webdeveloper with security background

Iteratec GmbH

  • Evaluation and implementation of dynamic security tests as a prototype for SecureCodeBox.io
 
 
 
 
 
June 2014 – June 2018
Kiel, Germany

Fullstack Developer

Lengalia

  • Development and maintenance of a web vocabulary trainer in PHP and JavaScript
 
 
 
 
 
August 2012 – June 2013
Kiel, Germany

IT-Referent

AStA of the University of Applied Sciences Kiel

Vulentary development of a ‘Rückerstattungssoftware’ with PHP, MySQL and JavaScript
 
 
 
 
 
August 2009 – September 2013
Kiel, Germany

Webdevelopment and system administration (work student)

ennit interactive GmbH

  • Development of hotel booking engines in PHP and JavaScript
  • Administration of webservers like Apache or OpenStreetMap
 
 
 
 
 
February 2006 – June 2010
Kiel, Germany

Qualified IT specialist for system integration

TNG AG (now Ennit AG)

Teaching

 
 
 
 
 
April 2019 – Present
Wedel, Germany

Lecturer for Security in Webapplications

University of Applied Sciences Wedel

  • Conception of the module Security in Webapplications for master students
  • Conduction of the course
 
 
 
 
 
October 2018 – Present
Hamburg, Germany

Conduction of Docker Security Workshops

iteratec GmbH

  • Conduction of one day docker security trainings
 
 
 
 
 
July 2018 – Present
Nürnberg, Germany

Conduction of a DevSecOps Workshop

Leading tax software development company (NDA)

  • Conduction of a two days DevSecOps and Agile Secure Development Lifecycle training for the head of security
 
 
 
 
 
September 2016 – January 2017
Kiel, Germany

Lecturer for IT-Infrastructure

Schleswig-Holstein Business Academy

  • Conception of the module IT-Infrastructure for bachelor students
  • Conduction of the course
  • Conception and implementation of a virtual IT infrastructure with Virtualbox
 
 
 
 
 
June 2014 – September 2017
Kiel, Germany

Lecturer for Security in Webapplications

University of Applied Sciences Kiel

  • Conception of a teaching concept and the module Security in Webapplications for bachelor students
  • Conduction of the course
  • Conception and implementation of a virtual IT infrastructure to learn how to conduct IT security audits

Contact