Who am I?
I am an amateur photographer, a software engineer and an information security specialist. I studied computer science, specialised to distributed systems and security at the Friedrich-Alexander University Erlangen-Nuremberg. At Siemens, I secure IT systems and introduce the security into pipelines.
What have I done in the past?
I believe my compulsatory military service in 2009, right after my A-levels, influenced a lot of my later decisions. I was really lucky that I served in an active group that plotted training events against divisions that are going to war zones the next month. Most of the times we were in the field, waiting for an attack to happen, to attack other bases or to hunt enemy tanks. As much as I liked the dense “Teamgeist” we established there, I knew that this life is not the one I want for me.
In 2010 I started my studies for applied informatics in a smaller university near Halle / Saale. During the Bachelor I did some research on networking and spoofing techniques. The content of the most lectures were business oriented - so I was only able to get more into the field of information security by self studying.
In October 2013 I started my Master at the FAU Erlangen-Nuremberg and the complexity and diversity of the available courses overwhelmed me. I only had a blurry understanding of the direction I wanted to approach. I started introduction courses into InfoSec and Distributed Systems. The technical detail of those courses was astonishing - so during the mid of my Masters, after courses like Information Security, Virtual Machines, Cloud Technologies and many others, I wanted to keep on studying forever.
That idealism changed after 10 month of in depth Linux Kernel development where I created an kernel encryption module which makes use of an, at that time, poorly documented CPU extension. I saw that the deep technical work is somehow fascinating, but in the end not that rewarding. Therefore I focused on entering the enterprise InfoSec world - which succeeded in Summer 2016.
My first station in the IT graduate program at Siemens was located in a business support InfoSec department. All in all we were responsible for the security of different factories and development teams. In a really interesting project we tried to map ISO27001 controls to DevOps processes, which sparked my interest in the DevOps world.
In the second year of the graduate program I was supporting another division. During that time I gained more security knowledge by studying for and taking the CISSP and CCSP exams. Being in another division it became clear that the problems are still the same. IT has no budget, must outsource everything to low cost countries and nobody has time for security.
Currently I am actively driving the implementation of security standards and processes in a customer services development team. We try to adopt DevOps methodologies wherever possible to generate as much insights from the data that is send to us by our trains. We experience first hand how it feels when you try to do fancy data science in a world where you deliver products that have a 30 year lifespan, running governmental approved software. Say agile one more time.