As a freelance trainer and consultant, I support companies in secure software development. This includes creating and evaluating software architectures, for example by means of threat analyses, developing secure code and finding vulnerabilities through penetration tests in real manual and mental work (TAH - Tool Assisted Human). I help not only to write secure development processes, but also to implement them in a practicable way.
But what good is the best process if the knowledge is missing? To counter this, I give various training courses, including for software developers and architects, which are as exciting and entertaining as they are educational and whose content can be implemented in everyday life.
I spend the second half of my professional life as Product Security Manager at Dräger, a manufacturer of medical and safety technology. Here I create and maintain an environment in which it is easy to meet high cyber security requirements in product development. I attach particular importance to a holistic approach that covers all areas of cyber security, from developer training and security assessments to incident response.
In both worlds, I draw on the experience I have gained over 15 years on the developer side of large and small projects involving web applications, embedded and distributed systems.