Schlagwörter
Skills
2022: Completed an ISO 27001:2013 implementation for an international client.
Currently ISMS ISO 27001 implementor lead, Head of Security for a startup and Senior Cyber Risk Consultant.
---
Information Security
ISO27001, TISAX Certification process
ISMS Management
Security awareneness training
Policies, Procedures, Guidelines
GRC (Governance, Risk, Compliance)
Networking (VLAN, Firewalls, VPNs, etc)
Access Control and Access Management
Cloud / Google, AWS - EC2, Cloudwatch
SIEM (Elastic, Logstash, Kibana, etc) and logging
Splunk and logging
Penetration Test and Vulnerability Management
Secure Systems Engineering principles
ISO 27001 Lead Implementor
Knowledge in ISO 27001
Knowledge of GDPR
---
Networking:
CompTIA Network+ Certification (until February 2021)
Secure file transfer protocols (SFTP, FTPS, FTP, WebDAV for Sharepoint)
---
Auditing/Compliance - Log Collection and SIEM (Security Information and Events Management):
Secure log collection and log management concepts in relation to information security.
Secure file transfer concepts for auditing and compliance
Integrations with Rapid 7 InsightIDR, Splunk, ELK (Elastic Search, Logstash, Kibana, Beats), ArcSight, QRadar
GPG13, FIPS 140-2, HIPAA, ISO series, file integrity monitoring.
---
Technical Writing and Documentation:
Working with developers to create usable documentation aimed at a technical audience
Development of articles, whitepapers, blog posts, video scripts, and other content
Documentation tools - RST, Sphinx, adoc
Writing of a SIEM and log collection eBook
SOPs
---
Windows and Linux administration:
Windows Server administration
Windows log collection including IIS, Event Log, ETW, Windows DNS Server, Registry Monitoring, Active Directory
Windows log collection and hardening
Linux log collection and hardening
---
Project Management Tools:
Version Control – Git, Gitlab, Github
Tools – Mattermost, Slack, IRC, Trello, Kanban
Concepts – Scrum, Agile
Ability to work remotely with teams and in an international environment
---
QA/Technical Support tools such as:
OS - Windows, Linux, MacOS, ChromeOS
Remote monitoring and troubleshooting tools – ScreenConnect, TeamViewer
Software testing and QA (manual)
Projekthistorie
* Developed mitigation strategies and controls to reduce overall risk.
* Coordinated and performed information security inspections, tests and reviews.
* Define and refine the cyber incident response plan, BCP and DRP.
* Led the internal and external Information Security compliance audits and assessments
* Participate in deployment of security technologies and program enhancements across endpoints and networks.
* Develop, maintain information security management framework (ISMS) according to ISO27001 standards.
* Define, refine and maintain information security policies and procedures.
* Perform technical assessments and triage security testing results.
* Develop the physical security policy, and procedures.
* Develop and manage information security and privacy awareness program.
* Conduct hardware and software implementations and updates for information systems.
* Ensure information security risk controls are implemented and appropriately monitored throughout systems lifecycle.
* Implement and manage endpoint security.
* Monitored reports, systems, logs and alerted for suspicious activity.
Remote, contract role. Reported to the VP of Product.
- As the first dedicated technical writer, I expanded the documentation beyond product marketing. This required technical in-depth knowledge of DNS, Whois, networking and information security concepts in order to write for security administrators and developer audiences.
- Produced a large body of work including API documentation (REST/JSON), User Guides integrating with the Splunk SIEM suite and User Guide for the flagship platform, Iris.
- Worked with the developers (front-end lead, engineering manager) to finalize the technical aspects of the guide.
- Researched the development of a new API infrastructure (OpenAPI/Postman) and to move the documentation infrastructure to an automated system (such as Asciidoc).
- Published a 5-part series of posts on DNS and domain log collection, which led to 14,000+ views, 500+ click through to the links.
API Documentation:
There were 23 API endpoints with existing API documentation which has been expanded in order to surface:
- More information about the API parameters including the defaults spec, type of data used, the limitations of the valie which can be used.
- Find potential defects and report the issue to the Front-End Lead.
- Add missing API parameters that have not been documented.
- Generate updated snippets of the different use cases of the API endpoints
- Expanded and resurfaced the meaning of the JSON-formatted responses.
- Expanded the list of use cases for the high traffic API endpoints
I worked with the Software Engineering Manager to determine which APIs to focus on initially, the SME (which can be the Lead Developer or the Engineering Manager) for the technical details. The documentation goes through review with the sales engineers and the Product lead.
Collaborating with a remote-only team to produce technical materials, and enhance existing material including documentation with concepts involving log collection (deployment, enrichment, parsing), auditing and compliance, Linux and Windows telemetry (including Windows DNS Server, Windows Event Log, ETW, IIS) and more.
Work on integration guides with other software including SIEM suites, and tools including Splunk, IBM QRadar, McAfee ePO and InsightIDR. The work including setting up InsightIDR on an EC2 instance and use of Windows and Linux (Ubuntu) servers to set up log collection integrations.
Communicate with the technical community on social media regarding log collection and related concepts on Reddit, StackExchange, Twitter and other Forums, including security research social media.
Lead the development of two campaigns - SIEM and DNS campaigns - leading to whitepapers, a SIEM log collection eBook, landing page, multiple articles and liaising with technical writer teams.
Links:
User Guide (various sections, mainly Integrations)
https://nxlog.co/documentation
Whitepapers
https://nxlog.co/whitepapers/reduce-data-size-cut-siem-costs
https://nxlog.co/whitepapers/windows-event-tracing
https://nxlog.co/whitepapers/dns-logging
https://nxlog.co/whitepapers/structured-logging
Technical Blog posts
DNS Log Collection:
https://nxlog.co/dns-log-collection-and-parsing
https://nxlog.co/dns-log-collection-on-windows
https://nxlog.co/dns-log-collection-on-linux
Other:
https://nxlog.co/how-centralized-log-collection-help-siem
https://nxlog.co/send-etw-logs-to-splunk
https://nxlog.co/owasp-top10
https://nxlog.co/why-you-need-file-integrity-monitoring
https://nxlog.co/agent-based-versus-agent-less
https://nxlog.co/windows-event-forwarding
https://nxlog.co/owasp-top10-2017
Landing Pages
https://nxlog.co/eventlog-to-syslog
Guest post on opensource.com:
https://opensource.com/article/19/2/reducing-security-risks-centralized-logging
- Worked with a remote team of developers to deliver secure file transfer solutions.
- Improved the technical documentation aimed at system and network administrators.
- Wrote articles and guides aimed at administrators on topics around security, infrastructure, client/server-side software use, and auditing and compliance (GPG13, FIPS 140-2, HIPAA, ISO series).
- Reviewed secure file transfer software (client and server) through manual testing with the QA team.
- Provided technical sales and support to customers – mainly network and system administrators, architects and other support technicians. Provided support for secure file transfer queries regarding audit trails, compliance, secure file transfer architecture and solutions.
- Worked on troubleshooting issues on Microsoft Windows Server Editions, UNIX (IBM AIX, HP-UX, Solaris) Linux (SuSe (SLES), RedHat (RHEL), Ubuntu, Debian, Gentoo), MacOS, virtual environments (VMWare, VirtualBox, Docker) and clustered environments.
- Worked on troubleshooting issues utilizing knowledge of protocols FTP/S, SFTP, SCP, HTTP/S, WebDAV.
Links
User Guide
Online https://www.sftpplus.com/documentation/sftpplus/latest/
Repo https://github.com/proatria/sftpplus-docs
Note: The git history of the repo indicates that a major import event occurred, meaning history before 2019 is not shown.
API Documentation
https://www.sftpplus.com/documentation/sftpplus/latest/developer/index.html (only for the HTTP API sections)
Technical Blog Posts
https://www.sftpplus.com/articles/2018/sftpplus-ipv6-readiness-article.html
https://www.sftpplus.com/articles/2018/sftpplus-securing-file-transfers-with-third-parties.html
https://www.sftpplus.com/articles/2018/sftpplus-best-protocols.html
https://www.sftpplus.com/articles/2018/sftpplus-ha-resiliency-intro.html
https://www.sftpplus.com/articles/2018/sftpplus-hardeningconfig-sweet32.html
https://www.sftpplus.com/articles/2018/sftpplus-exchange-sftp-server-client.html
https://www.sftpplus.com/articles/2018/sftpplus-oiac-asd-ism.html
https://www.sftpplus.com/articles/2018/sftpplus-data-loss-prevention.html
https://www.sftpplus.com/articles/2018/sftpplus-3330-security.html
https://www.sftpplus.com/articles/2018/sftpplus-mft-security-scan-post.html
https://www.sftpplus.com/articles/2018/sftpplus-business-continuity-article.html
http://web.archive.org/web/20180613000942/http://sftpplus.com/ (for authorship byline)
Reisebereitschaft
Sonstige Angaben
- Deutsch B1+
- Learning German B1+