M.A. (Cambridge): Double first-class honours, ISSAP, CCSP, CISSP
| Freelance (from 03/2023) | Authored the security concept for a product leveraging LLMs to analyse contract offerings | Insurance |
| Explosion AI, Berlin (11/2021 — 02/2023) | Developed a due diligence process for assessing the creditworthiness of potential consulting clients | AI |
| msg systems ag, Munich (02/2014 — 10/2021) | Developed a permissioned blockchain strategy focussing on Hyperledger Fabric, and wrote and held training courses to introduce it | Telco |
| Designed and developed an application with a Microsoft Word/PowerPoint plugin to recognise confidential text passages in internal documents and to remove them prior to external publication | Automotive | |
| Designed a pseudonymisation architecture for a big data lake | Automotive | |
| Adapted existing security policies for use in an agile AI setting | Automotive | |
| Designed and developed algorithms and systems to detect anomalous wording in contract proposals | Insurance | |
| Developed guidelines for adding SaaS products to the enterprise federated identity system | Automotive | |
| Wrote training materials on cryptography | Consulting | |
| 1&1, Karlsruhe (08/2009 — 01/2014) | Wrote and managed a roadmap for a new user management service landscape for the brands GMX, web.de and 1&1 ensuring high availability across multiple continents | Telco |
| Identified and tracked OKRs to improve the security of the GMX and web.de portals | Telco |
 | Information Systems Security Architecture Professional (ISSAP) (2023) |
 | Certified Cloud Security Professional (CCSP) (2023) |
 | Certified Information Systems Security Professional (CISSP) (2013) |
| Security | BSI Grundschutz; Business continuity; Certificates; Compliance; Cryptography; Data protection; DevSecOps; Disaster recovery; Encryption; GDPR/DSGVO; IAM; ISO standards; ISMS; Key management; Legal requirements; LLM security; Network security; NIST; PKI; Risk management; Security engineering; Security policies; Threat analysis |
| Concepts | Application architecture; Big Data; Data lake; DevOps; Distributed systems; EAI; ETL; Integration; Messaging; Stakeholder management |
| Programming languages (ordered by experience) | Python; Java; SQL; JEE; Bash; Cython; Javascript; C++ |
| Cloud providers | Azure; AWS; GCP |
| General technologies and frameworks | Ansible; Cassandra; Docker; Hadoop; Kafka; Kubernetes; MongoDB; MySQL; PostgreSQL; RabbitMQ |
| Operating systems | Unix; Linux; Ubuntu; macOS |
| NLP / Machine Learning | Deep learning; Explainable AI; GPU processing; Haystack; Hugging Face; LangChain; Large Language Models (LLM); LlamaIndex; Machine learning; Natural language processing (NLP); Neural networks; OpenSearch; Prompt engineering; PyTorch; Retrieval-Augmented Generation (RAG); Spacy; Transformers |
| It’s not the drivers, it’s the road: A plea for secure-by-default infrastructure software, (ISC)2 Magazine, 2022 |
| Quanten-Computing: Zukunftstechnologie mit stark eingeschränktem Einsatzfeld, iX Developer, 2020 |
| KI-gestützte Textanalyse beim Releasemanagement, Softwareforen Leipzig, 2019 |
| Qualitätsfördernde Softwareentwicklungspraktiken, msg systems ag, 2019 |
| Censor Robots: Using AI to Redact Confidential Information, (ISC)2 Secure Summit, London, 2019 |
| GraphQL and Event-Driven Architectures, Bundesagentur für Arbeit, 2018 |
| Cybertwists: Hacking and Cyberattacks Explained, CreateSpace, 2018 |
| Die Blockchain jenseits des Hypes, com! Magazin, 2017 |
| Securing the Enterprise with Blockchain: Uses Beyond the Hype, (ISC)2 Secure Summit, London, 2017 |
| Big Data protection with stable anonymisation, (ISC)2 Secure Summit, Dublin, 2016 |
| Big Data und Datenschutz: Überwindung der Gegensätze mit der stabilen Anonymisierung, (ISC)2 Secure Summit, Dublin, 2016 |
