Profilbild von Mohammed Hanif IT Cyber Security automotive Consultant aus Karlsruhe

Mohammed Hanif


Letztes Update: 02.03.2022

IT Cyber Security automotive Consultant

Firma: Mr.
Abschluss: MSc Softwate engineering - Oxford University UK
Stunden-/Tagessatz: anzeigen
All inclusive
Sprachkenntnisse: deutsch (Grundkenntnisse) | englisch (Muttersprache) | französisch (Grundkenntnisse) | hindi (Muttersprache)




Automotive  ADAS, Security Cryptography, PKCS , Zone Models, PKI           7 Years
Security Safety standards ISO26262, ISO27001, IEC61508, CISM                6 Years
IT Risk Assessment Framework ISO31000. Info Security Forum (ISF)           4 Years
Sensors, Actuators, ODX, OTX, ISO 20080, ISO 22091                                 4 years
STS with JSON,JWT, OIDC                                                                             3 Years
VMWare VCloud, HP, Cloud, Data Centre, Big Data, VCP,  ITIL cert              7 Years
Juniper Firewalls SRX240 , EX3200, EX4200, MX, Junos                           6 Years
Cisco Secure, CCNP, CCIE , Netflow, NetScreen, Cloud Security Manager   6 Years
Cisco Nexus Routers Switches ,ASA FW, PAM, IAM                                    4 Years
BGP, OSPF, EIGRP, QoS, VoIP, VPN (SSL, IPSec), AD, DNS                        5 Years
Network Management  LTE, GSM, UMTS Protocols, CS/PS Networks        10 Years
Cyber Arc PSM, Nagos, Groundwork, IPS(Smort, Suricata, Sourcefire    3 Years
SIP, RTP, SDPVoIP, MMC,CMS, Node B, BTS,  RRC, RNC, L2/3               6 Years
3G, GSM, GPRS, LTE, 4G, HSPA,  IMS, X-CSCF, GGSN                              4 Years
Cisco IDS, IPS, WAF, Voip PABX, CUBE, MSS, MGW,HLR, STP                   2 Years
Object Oriented Analysis and Design, C, C++, Java, ASN.1, GDMO            12 Years
BGF Acme SBC, CSCF , HSS, MGCF/SGF ,  PSTN, and 2G/3G  Mobile      4 Years
SW System Specification, Test  Specifications, Software Architecture    14 Years
System/Functional Testing, Integration, Test Executions,  Acceptance       8 Years
Security Big Data ElasticSearch,Kafka, Hadoop Platform,Syslog-ng               3 Years
SIEM, SPLUNK, HSM, SHE, PKCS, X509, SHA2-512, AES-128                    3 Years
Doors, SVN, Jira, CANoe, K2L, MOST, ETH, Puppet + config tool suite          3 Years
CAN, OBD-II, UDS, AUTOSAR, CATIA V5, AUTOSAR, DevOps,                 4 Years     
MetroWerks CodeWarrior,  MS Visual C++,  Linux(Realtime), Andorid         3 Years
Sun Solaris, Unix, HP UX, C, C++, SOA,  Bash, Shell Programming        11 Years
J2EE Client/Server, Java Web Server, J2ME(MIDP) PDA                            3 Years
BEA WebLogic, Java Script, JSP, EJB,  JDBC, XML, HTML , HTTP            3 Years
Software Process Improvement (SPI), QA, ISO9001, IEEE, CMM                  6 Years
MMTel, CMS, HSPA,  AMR, RTP, SDP, SIP, PTT, Presence                           4 Years
MPLS/GMPLS  IP Routing protocols BGP-4, OSPF, IS-IS , RIP                  3 Years
TCP/IP  IPv4,  IPv6 , VPN, IPSec, nMap,Nessus Enter/Security Mgr          3 Years
AWS, apigee, Docker, Kubernetes, MongoDB,  Rest , Iaas, Paas, Saas   4 years
Telecommunications, PDH, SDH, ITU, ISO, TMN , POTS, ISDN, V5           8 Years                                                      
Key Lifecycle Management, PKI, CryptoCell, Secure Boot, WS-Trust      4 Years
Java J2ME MIDP, CLDC,  MTM, Soap UI ,UIQ Messaging                           4 Years
HP-UX , XMP/XOM, CMISE , UML, Rational Rose, CISSP, GXPN                4 Years
Oracle Database (RDBM) , MySQL, MS  SQL Server 2008,  AD, DNS         4 Years
GNU Tool chain,CME, Eclipse IDE, Lauterbach, EtherReal(Wireshark)        3 Years
Linux Redhat, OmniTracker, Catapult, DOORS, SOAP                               3 Years
NetAct OMS,  FlexiBTS, IP Router,  NVIDIA OpenGL                                  3 Years
Arcsight, Misp, Myra, Modsec WAF, FireEye EX, Symantic, McAfee               3 Years
LLDM LTE MA Trace Analysis, Jira, GIT, GDPR                                              4 Years
SIEM AccelOps, CERT, TOGAF, Amazon S3, MongoDB, MariaDB,                4 Years
IRAT IOT , Artemis, Mobile Analyzer (2G 3G LTE  Stack Analysis)                  3 Years


11/2018 - bis jetzt
IT Cyber Security
Valeo Siemens (>10.000 Mitarbeiter)
Industrie und Maschinenbau
Siemens  Erlangen Germany  November 2018  – October 2019


I am responsible for all Cyber Security SW Engineering features in connected ECU. I created the Threat  Analysis and Risk Assessment (TARA)  model for several projects.  Afterwards, I  developed SW modules(hands-on), provided implementations support for Infotainment and Inverter Secure SW Platform Modules.

I provide Vulnerability Threats, and planed total mitigation implementation for the project, and then lead the coordination with all vendors and 3rd party suppliers to deliver the final security SW platform using in-house tools.


I defined PKI Certificate based services within DevSecOps  process, Certificate, Encryption and implemented PKI Certificate Policies for End-2-End security for clients to establish a Root Of Trust in development and production using HSM, NDES, and Certificate Manager.

Participate in TTPS , SOPs procedures for Cyber Security, and SOC activity log creation, reviewing, and maintenance. Regular performance tuning and filtering SIEM alerts. Provide Vendor and internal team training as requested by management.

 All features were aligned according to the General Data Protection Regulations(GDPR). I guided technical teams on the usage of the PKI/Certificate process and services to achieve this.

01/2016 - 11/2018
Security Engineering
Visteon Electronic Karlruhe Germany (1000-5000 Mitarbeiter)
Automobil und Fahrzeugbau

Responsible for complete development of automotive Security features and measures, performing discovery, detection, and disruption IPS/IDS HIPS activities, reporting, and providing analysis of all threat landscape and hardening of security concepts,  using various tool for vulnerability priority. 

Provide processes for embedded real-time Automotive System Security architecture design technical lead, on VIP, SoC system architectures with sub-systems employing blocks such  Zone Models, Firewall concept, Intrusion protection, as cryptographic engines Root of Trust using security and cryptographic standards, and systems implementation using (NIST, PKCS, FIPS-140, ISO).

The security architecture model Optimization was done in the context of Integrity, Confidentially, and Authenticity for Autonomous Automotive.

The secure solution was for based on  SoC,  CryptoCell, Cryptographic and  Hash Engine, digital Key Signatures, Encryption controls and  OWASP.

The Penetration/scalability Tests were conducted for Trusted Execution Environment, with Amazon backend Cloud web services(AWS, MS Azure), all within Public Key Infrastructure(PKI) Services, IEM, X509 based certificate, SecOC, Secure Boot, and Secure SW downloading. These services used RSA Archer 5.x/6.x applications, RSA Archer used for access control and event notification with 2-factor authentication based on one-time token devices and TOTP authentication.  Third-party risk management was based on Archer 5.x API applications.

All within Cockpit, Instrument Clusters, Virtualization (VMWare, Hyper-V) and head-up displays(HuD) – as well as core technologies such as augmented reality(AR) and artificial intelligence, on STAR 2/3 architecture.   

I Translate assessment results into  Security Specification (Security plan). I develop and manage the IT Security policy standards and baselines for conforming to Policy Framework to prevent IDS, IPS(Snort, Suricata,Sourcefire), Web Application Firewalls for Cloud-Connected services within Network Topology, ISO 27001, ISO  21434, ISO 26262, ASIL and ISO/IEC SPICE Processes.


Both High Level and Detail Threat system analysis were carried out for Embedded SoC memory protection, OS Virtualization, and Network Cloud infrastructure solutions for End to End, Network Connected attacks and ASLR.   All the development was done within DevOps Continuous Delivery toolchain (Eclipse, Git, Jenkins, Puppet, Chef) environment, and CANoe, CAPL, and PROVEtech.  


I supported and acted as a point of contact for Penetration Testing specification and standardized Hypervisor security platform for Virtualization using both VMware and Xen.  The multi OS’s (AUTOSAR, Linux, INTEGRITY) were running on SoC, ARM Trusted Firmware Execution Environment(TEE)  using Cloud services,  IPSec, SSL/TLS communication, on high availability infrastructure. Common tools like JIRA, Eclipse, Maven, Jenkins, Junit, CANoe.DIVA, ZenZefi (certificate and key management), and CANdela for Secure Diagnostics, and Access Rights Management.  All within Continuous Delivery pipeline DevOps Agile environment.

11/2013 - 01/2016
IT Automotive Security
Delphi Europe (5000-10.000 Mitarbeiter)
Internet und Informationstechnologie

I am Network Security Architect Lead.  Responsible for defining Cloud Platform backend Infrastructure  IT Security, availability,  with full Network Security solutions, Data Centre hosting environment  Servers based on vSphere, VCloud, EMC,  HP Cloud System Matrix, Office365, Azure AD and Amazon Cloud backend  AWS Servers. 


Provisioning of Data Storage managed by  NetAPP  Data Migration and Virtualisation of OTA Cloud hosting environments, IaaS, PaaS,  and SaaS. I setup and configure Data Centres, with all related routers and switches, CheckPoint Firewall, load balancing and F5, in Cloud Foundry compliance toolset.


I participate in migration WAN/LAN Troubleshooting,  Root Cause Analysis, management, availability, load balancing, and capacity planning. The Blade system is based on Cisco, using Virtualization VMware Hypervisor, HP, Microsoft,  Cisco ASA, Junipers Firewall SRX 240, and EX  series for VLAN Routing Switching of all IP traffic. 


I specified and reviewed Amazon backend Cloud web services(AWS), MongoDB,  SIEM to prevent Secure system Boot, Secure Network vulnerabilities all within Public Key Infrastructure(PKI). Use of SIEM together with AccelOps to prevent security blind spots.

Define and implement Security Identity Management solutions, and define Java  Management API optimisation of solutions, including firewalls(Juniper), Reverse Proxy, Remote Access, DHCP, DNS, IP addressing,  VPN, IPS, LAN/WAN technologies switching, routing, load balance for Broadband Remote Access Routes(BRAS) /BNG. In Continuous Integration and Configuration environment for eCommerce business analysis for end customers.

During project following tools and technologies were used for this Infotainment Telematics’ project, CAN bus, CAN-based fault diagnosis, ODX, OTX, ISO 20080, 20077/20078, and ISO 22901.  Quality Management FMEA – Failure Mode &Effects Analysis,  Vector tools CANoe and CANalyzer  Connect car, CAN, CANopen, AUTOSAR, Cloud, DevOps, MIL, DTC , ECU, Security Control SSLv2, CAN OBD Dongle APN, API development Integration REST/SOAP, MIL, Linux, Android, QNX Integrity. 


I Configured setup with Juniper firewalls (Netscreen) , administration and configuring Cisco,  Junipers routers. I provided 2nd Level Support when required.  I have certifications as CCNA, CCNP, CCIE , CISA/CISM,  CISSP,  SSCP , CEH and JNCIA.

07/2011 - 11/2013
Intel Microprocessors SW Development
Intel Mobile Communication - Munich Germany

Network  solutions in Virtualization of Cloud Data Centre  Servers based on VMWare, vRealize Suite,  vSphere EXSi ,VCloud, VMs, EMC, HP CloudSystem Matrix provisioning.  Data Storage was managed by  NetAPP  Data ONTAP Virtualisation Cloud environment. I support all design , deployment, configuration and implementation tasks. I  Specified and documented the Secure Network Iaas, PaaS, Cloud based System Architecture specification, development and deployment. 


The Network design which I proposed used IP routing protocols BGP, EIGRP, OSPF, MPLS and IP Multicast, while Network  protocols used TCP/IP UDP, HTTP, FTP. Afterwards, I configured and customised  Network nodes for STP Load Balancing, Configurations, IP routing protocols, architecture and configuration customisation of  Tomcat. WebServer, Websphere, HP Super Micro Servers, using  Active Directory DNS, Citrix XenApp,  DHCP, WINS,  NAT, VPN, IP MPLS,  SSL, SNMP, Security Switched Network environment for products based on Transmission, and Network protocols.  


I design a new Data Centre (HP Super blade) Cluster design with load balancing for redundancy across fire zones, and to integrate this to existing VPN, NAT, VLANS, Layer 2 Layer 3 STP, routing IP MPLS, and BGP, AAA,  DHCP, DNS, AD, VPN, Juniper ME/EX  Junos, Cisco Firewalls Switches & Routers  SRX-240H, Gateways and Infiniband  fabrics over F5 Load Balancer Checkpoint, KVM Storage using BGP. I participate in diagnostic and debugging.


The Cloud Hosting Virtualization solution in a Data Centre based on Juniper MX/EX, Cisco  router with optimized Clusters for Load balancing ACE, F5  running in Super Blade switching  technology. Using  BMC  Atrium for development,  management and configuration. Switching technology uses Juniper 4500,  Layer 2: 802.1x, Layer 3. ASA, PIX, FW, ACS ,  for all Infrastructure Cluster. 


I configured and customised all Functional DB(principle sql server and witness sql server) , and services for both SQL (MySQL, MS SQL Server) , and NoSQL(MongoDB, HBase, CouchDB) servers for handling Big Data archiving and  Content Management using Hadoop in Client Server environment. Afterwards,  I  connected these to Junipers EX switches for routing and switching within Domains for all Trunk VLANS .  


During the project I used the  following development and test  tools and processes:  Linux, C, C++,  Clearcase, CME,  CM Synegy, Eclipse, GIT, DebugMux, Python, Tcl, Perl, Lauterbach , Windows Mobile ,  ClearQuest Test Manager,  SDE, Tools, QA Tools  and Ethereal (Wireshark) Trace analysis. Agilent Signaling analyzer for Wireless/network traffic, together with Rhode Schwarz Testers.  ITIL and Agile Scrum were used as project process models.


 In the Access Network, Juniper Firewall Routers were used for VPN concentrators. , CheckPoint (Network Security)  Cisco  HighEnd Router(6500/7600). MS SQL Server 2008, MS AD, MS DNS .

 Other Cisco network devices were Routers & Catalysts, based on Cisco Voice and Data Call Manger CUCM solutions, CUBE,  CCM 8.x , VLAN, IPSec Security and DCN were deployed towards NGN , SBC, IMS(CSCF,MGC,MGW), SS7, DNS, SIP Bluecoat Proxy servers. I supported all Voice cluster activities on Cisco Call Manager, eg configurations, trouble shooting and 1st level and end 2nd level support for the end customers. 

During the project, I  Participated in Cisco network certification programs at CCNA,  CCIE, CCSP, CCSE, CCNP  levels and  in Juniper F5 certifications.

07/2006 - 07/2011
IT Telecommunication Network
Belgacom Proximus Brussels Belgium (5000-10.000 Mitarbeiter)
Internet und Informationstechnologie

I coordinate all technical issues during certifications of PSTN,  E1/T1, SS7, QSIG, IP-PABX  to all Vendors during implementation migration  NGN to IMS phase for Mobile and  NGN, and IMS  System Acceptance testing.   With the IMS core setup, I  have involvement Acme SBC, CSCF Function HSS, MGCF/SGF for  PSTN,and 2G/3G core networks.

I was responsible for Cloud Hosting Virtualization solution in a Data Centre.  In the Access Network  ISG Juniper Firewall(SSL/VPN),  CheckPoint,   Cisco IOS, Juniper Junos, Cisco Load balancers,  Cisco Routers & Catalysts,  Call Manger CUCM, CUBE,  CCM 7, VLAN, IPSec Security and DCN were deployed towards NGN , SBC, DNS, SIP Bluecoat Proxy servers.

Design and implementation was done using Agile SCRUM methodology for this project.


Some of the technologies used are SIP, H323, DHCP,  Megaco, ISDN PRI, Voice, data, IP, Switching, SS7 signalling (ISUP),  STP, and TDM.

I provide full set of documentation according to ITU, 3GPP, and support completing of testing and acceptance activities and decide when  Ready For Acceptance.    


  1.   – Nuremberg Germany  October 2006 -   August  2008


  1. am responsible  for  defining  SW Architecture  and  nformation Model   for Mobile 3G   NMS, NOC,OSS,  WCDMA, MS, VoIP   and WiMAX  SW  and  Platform solutions.


  •  My tasks include  defining System Requirement specifications,  Architecture and software Solution for implementations of the Non Access Stratum on  Ericsson Next Generation Networks(NGN) for 3G and 4G(LTE). 


I participate in end to end solutions together with other technical  aspects of the project implementation teams, product lines and 3rd party suppliers.  In case of issues evolving , I  proceed to  “arbitrage” of the issues by determining the responsible  (IP-PABX or Network VoIP platform Vendor) in order to come to a resolution for the problems

I worked with  a team to define Network  Management  Design , and System Architecture for WCDMA, IMS, VoIP,  WiMAX NMS  Node B and  FlexiBTS.  These  were documented using  3GPP, ETSI  other  internal Nokia standards.   I developed  Information Models for Network Configuration Control, Performance  of  3G  IP  Networks , IP  Routing Protocols, IMS,  Ethernet , IPSec Security,  and DCN. I participated in development activities. 

Responsible for design and development of  GSM, GPRS, UMTS RNC Node B,  and BTS  SW, for both Mobile WCDMA, and UMTS Networks.

Defined  3G RNC Signaling, HSDAP, HSUPA,  Analyse KPI  parameters for System Dimensioning, Transmission, and optimization for Startup,  System Recovery and Escalation strategies.

In  addition,  define Fault  Management  and handling of Alarms for the RNC  NodeB,  BSS,  BTS. This was used  to support different levels of Testing, and Integration activities, both in lab and in the filed. Participated in  Plane level Subsystem design, and Coding , using Rhapsody,  C, C++, Eclipse IDE, Lauterbach , Clearcase, Linux, on Windows/Solaris, and Omnitracker tool. 

07/1996 - 07/2006
IT Telecommunication Network
Nokia Mobile Telecom (5000-10.000 Mitarbeiter)

I was responsible for SW  Specifications, Architect,  Development, Test and ntegration activities on  Mobile 2G GPRS, 3G UMTS/W-CDMA  Embedded SW  Push to Talk over  Cellular Project.  The project was based on   Symbian Series 60/80/90  PTT. The applications are based on Symbian  vOS 6.0/7.0 OS  running on various Real-time  Embedded Products,  including the Application Engine (U)  browser for Mobile Terminal devices. 
All applications developed in C++    CodeWarrior, MS Visual C++,  Continuous, CM Synergy    and Clearcase, Eclipse IDE, Lauterbach.     testing including Unit testing done to fine tune for Memory and performance optimizations.           
 The core technologies and Network used were,  3GPP R5, IMS, 3G  Terminal in SIP architecture, RNC WCDMA Control( CS, PS Core networks RRC, RRM),  RTP, SDP,  MMF, and  XML.  The Software was developed as a  Server to take care of session management with SIP and SDP-protocols and it controls PoC plug-in of the multimedia framework (MMF), which handles data transfers with RTP. It also provides an API for applications wishing to use PoC Terminal Device.
The SW  was developed using  using Rational Rose EPOC C++, UML, OOD,   CodeWarrior,  and Continues/CM Synergy CCM. I assisted in defined and implemented a  SW  Development and a Test Process.  Testing of Functional and Performance requirements, was done various Tools and utilities including, QA Load, QA Runner, LoadRunner, WinRunner, Test Director, HttpUnit, and Junit. All testing was performed according to the nternal Test Process.

I have been working in the System Concepts groups for the Nokia Telecommunications (NTC).   My role has been to define the system concepts for the Mobile and Fixed Access Applications, using some of the ITU, and Nokia specific standards. The technical specifications were used to determine the architecture choice(s) for the Access Node with Multiservice applications.


My Development role included being responsible for  a subsystem and all its classes, and their  interfaces. This software  was  Real Time, Embedded  using  OO methodologies, , UML, OMT, Rational Rose,  C/C++. A more formal use of the GDMO Modelling, MIB and the ASN.1 were used  throughout these projects: from specification to implementation. The internal and external communication between these objects was implemented using  generic Message Interface classes.

Design  OS Symbian EPOC Component to provide a  Screen Capture Services  for Mobile Portal device . The Screen Capture used most of  the Symbian EPOC Application Framework UIKON, CON applications, including  Comms  Infrastructure/Messaging and  Visual C++. 


I  supported the development of test tools/ utilities and scripts using (Perl, Python, Tcl, awk, Unix Shell) on these projects.  Clearcase with Multisite environment were used for SCM.  ClearQuest tool was used for the bug report  Generations/Tracking of appropriate Action Requests. The quality of the SW was produced according to the CCM, and internal Software Process Improvements(SPI) guidelines. Rational Suite Components were used in all development and test phases.

The  Technical Specifications, for which I was responsible, were  the "core" architecture of the Access Node which was developed. One of the concept from the Technical specification was submitted by NOKIA NET  for  a Patent as  part of the "Invention Report". 

Zeitliche und räumliche Verfügbarkeit

I am available as of 1st November 2017.

Sonstige Angaben

I have over 30 years of experience in: Software Architecture, Development, Networking, Telematics, Automotive Cyber Security, Secure Cloud, Secure Trusted Execution environment, ISO 27001, NIST, OWASP standards. Autonomous driving, Test, and Project Lead.