M.A. (Cambridge), ISSAP, CCSP, CISSP
 | Information Systems Security Architecture Professional (ISSAP) (2023) |
 | Certified Cloud Security Professional (CCSP) (2023) |
 | Certified Information Systems Security Professional (CISSP) (2013) |
 | Sun Certified Enterprise Architect (SCEA) (2008) |
| Sun Certified Java Developer (2001) |
| M.A. Linguistics, Trinity College Cambridge: Double first-class honours (1998) |
| Security-related | BSI Grundschutz; Business continuity; Certificates; Compliance; Cryptography; Data protection; DevSecOps; Disaster recovery; Encryption; GDPR/DSGVO; IAM; ISO standards; ISMS; Key management; Legal requirements; Network security; NIST; PKI; Risk management; Security engineering; Security policies; Threat analysis |
| Concepts | Application architecture; Big Data; Data lake; DevOps; Distributed systems; EAI; ETL; Integration; Messaging; Stakeholder management |
| Programming languages (ordered by experience) | Python; Java; SQL; JEE; Bash; Cython; Javascript; C |
| Cloud providers | Azure; AWS; GCP |
| General technologies and frameworks | Ansible; Cassandra; Docker; Hadoop; Kafka; Kubernetes; MongoDB; MySQL; PostgreSQL; RabbitMQ |
| Operating systems | Unix; Linux; Ubuntu; macOS |
| NLP-related | Deep learning; GPU processing; Haystack; Hugging Face; Large Language Models (LLM); Machine learning; Natural language processing (NLP); Neural networks; OpenSearch; Prompt engineering; PyTorch; Retrieval-Augmented Generation (RAG); Spacy |
| It’s not the drivers, it’s the road: A plea for secure-by-default infrastructure software, (ISC)2 Magazine, 2022 |
| Quanten-Computing: Zukunftstechnologie mit stark eingeschränktem Einsatzfeld, iX Developer, 2020 |
| KI-gestützte Textanalyse beim Releasemanagement, Softwareforen Leipzig, 2019 |
| Qualitätsfördernde Softwareentwicklungspraktiken, msg systems ag, 2019 |
| Censor Robots: Using AI to Redact Confidential Information, (ISC)2 Secure Summit, London, 2019 |
| GraphQL and Event-Driven Architectures, Bundesagentur für Arbeit, 2018 |
| Cybertwists: Hacking and Cyberattacks Explained, CreateSpace, 2018 |
| Die Blockchain jenseits des Hypes, com! Magazin, 2017 |
| Securing the Enterprise with Blockchain: Uses Beyond the Hype, (ISC)2 Secure Summit, London, 2017 |
| Big Data protection with stable anonymisation, (ISC)2 Secure Summit, Dublin, 2016 |
| Big Data und Datenschutz: Überwindung der Gegensätze mit der stabilen Anonymisierung, (ISC)2 Secure Summit, Dublin, 2016 |
| Freelance (from 03/2023) | Designed and built a solution to extract text from PDFs and Microsoft Office documents | AI |
| Explosion AI, Berlin (11/2021 — 02/2023) | Developed a due diligence process for assessing the creditworthiness of potential consulting clients | AI |
| Designed and maintained open-source libraries | AI | |
| Managed the development and deployment of a distributed application on AWS | AI | |
| msg systems ag, Munich (02/2014 — 01/2021) | Developed a permissioned blockchain strategy focussing on Hyperledger Fabric, and wrote and held training courses to introduce it | Telco |
| Designed and developed an application with a Microsoft Word/PowerPoint plugin to recognise confidential text passages in internal documents and to remove them prior to external publication | Automotive | |
| Designed a pseudonymisation architecture for a big data lake | Automotive | |
| Adapted existing security policies for use in an agile AI setting | Automotive | |
| Designed and developed algorithms and systems to detect anomalous wording in contract proposals | Insurance | |
| Developed guidelines for adding SaaS products to the enterprise federated identity system | Automotive | |
| Wrote training materials on cryptography | Consulting | |
| Served on a committee that classified new technology trends and put together presentations to advise the rest of the 8000-person business on them | Consulting | |
| 1&1, Karlsruhe (08/2009 — 01/2014) | Wrote and managed a roadmap for a new user management service landscape for the brands GMX, web.de and 1&1 ensuring high availability across multiple continents | Telco |
| Identified and tracked OKRs to improve the security of the GMX and web.de portals | Telco | |
| Built up and managed a distributed team responsible for static source-code analysis and penetration testing | Telco | |
| BayernLB, Munich (12/2005 — 07/2009) | Wrote middleware software to ensure the integrity of financial transactions | Banking |
| Definiens AG, Munich (06/2001 — 11/2005) | Designed and developed information extraction software | AI |
| Worked together with lawyers to write a patent that was awarded in the US | AI | |
| John Lewis Partnership, London (09/1998 — 02/2001) | IT trainee programme | Retail |
