Frank Fuhrmann

Berlin, Germany

Contact

Email: frank at ff-sec.eu
Phone: +49 15678447860

---

IT Security Framework
PrivateBin
OSINT Framework
Bluesky
ULC Deutschland

About

Hello, I’m Frank. Currently I'm working as the Head of Security Engineering for a german cyber-security consulting company. Show me your business processes and IT systems and I can show you how data can be stolen from your company and how you can improve and protect the value stream and the information flow in your company.

With over 20 years of experience in the areas of SecOps, System Engineering, SRE, DevOps and classical system administration for Linux- and Unix-based server networks I understand what your server guys are doing.

Almost the same amount of years I used some of my free time to create software for my daily life. Code in Python, Scala, C/C++, Perl, Bash and other programming languages is familiar to me.

But data protection is not only IT security for me. I take a holistic view of my clients' information security. From server configurations over source code, vulnerability management and how physical assets are managed up to business processes and awareness training, I keep an eye on everything that is relevant for data privacy and information security. From server configuration, source code, vulnerability management and physical asset management to business processes and awareness training, I keep an eye on everything that is relevant to data protection and information security. With straightforward risk management, identified risks are mitigated and information security is put in the right state.

The rest of my free time I spend with writing (blog) articles on my various blogs, building an ISMS toolkit to make my current job a little bit easier, reading books, playing around with my Neocities website, enjoying analogue and digital photography and creating some digital art on my iPad.

Skills

These are some of the skills I contribute to my professional activities.

General

• Information Security and Data Privacy Management; incl. planning and implementing ISMS or improving existing ones
• Risk Assessment and Risk Management
• DevOps / SecOps / DevSecOps
• Linux / Unix System Administration
• Security Auditing to prepare for certifications like ISO 27001
• Pentesting for web applications and networks
• Intrusion Detection
• Network Design
• AWS, Azure
• Containerization with Docker and Kubernetes

Security Frameworks that I'm familiar with

• BSI IT-Grundschutz
• ISO 27001 (and related ISO standards)
• CIS Controls
• ... and more

Some of my Softskills

• Explaining complex technical topics to non-technicals
• remaining calm and relaxed while executing disaster recovery procedures
• being paranoid enough to consider any risk, yet practical enough mitigatee them
• Teaching people how to better protect their data
• Showing business leaders why they should invest in information security by exposing vulnerabilities not only in IT systems
• having supporter genes

Operating Systems that I know very well

• Linux - various distributions from Debian and Ubuntu over SuSE, Fedora and Centos up to Linux From Scratch (LFS)
• MacOS - my preferred Desktop system
• RouterOS - I use it on my MikroTik devices
• KTSOS - a very basic core system, that I wrote in the past for some private projects like my C&C server from the "darker periods" of my life
• Solaris
• OpenIndiana
• FreeBSD

Operating Systems that I know basically

• MS Windows
• RISC OS

Programming and Scripting Languages that I like

• Python (my preferred language)
• JS
• Perl
• PHP
• C/C++
• Scala
• Bash
• Golang
• and more

Servers and similar software that I've used and managed in my various engineering jobs

• Webservers
  • Apache
  • Nginx
• Databases
  • MySQL / MariaDB / Percona
  • MongoDB
  • Apache Druid
• Mailserver technologies
  • Postfix
  • Dovecot
  • Courier
  • Spamassassin
• CI / CD
  • Jenkins
  • Gitlab
• Others
  • Stream Processing with Apache Kafka
  • Tomcat
  • Zookeeper
  • GlusterFS
  • Varnish
  • Log monitoring with ELK stack (Elasticsearch, Logstash, Kibana)
  • Redis
  • Beanstalkd
  • various monitoring tools like NewRelic, Nagios / Icinga and Prometheus
  • IPtables
  • Intrusion Detection with OSSEC, Snort, Prisma, Wazuh and other
  • and more...

And of course I can work with common Linux/Unix CLI tools, IaC (Terraform, Saltstack, Ansible or Rex), version control with Git or Mercurial SCM and everything else required for modern configuration, logging and application management.

Experience

I worked in very different companies and environments in the past. Here are some of my stations from the last years, beginning with the latest. The list would be too long if I would try to list all the companies I have worked for since I started working in IT.

Dr. Michael Gorski Consulting
I joined Michael's company as a Senior Security Consultant but already 3 months later he promoted me to the Head of Security Engineering. Looks like I'm good at what I'm doing. ;) And since it turned out that I have some talent in explaining our different consulting services well to customers and showing them why investments in cybersecurity are essential for every company, I also took over some areas in business development.

AppConceptionOne
I joined AppConceptionOne as the CISO. After I implemented a basic ISMS into the company I also took a look at the management processes. Since I learned a lot about modern management from my former employer, Personio, and I'm interested in management methods and leading a busines in general, I began to look at ACO from this perspective. We were a very small start-up with an outsourced software development team and management processes were nearly non-existent. So I re-worked our management procedures and began to implement a lean management approach into our company. This led to my promotion to the COO of the company and I managed the complete day-to-day business.

Personio
I joined Personio in a very early startup phase. In the beginning I supported them as a freelancer in DevOps engineering and system administration. When the GDPR became mandatory, Personio offered me a permanent position as their Security Manager. In this role, I made the company GDPR-compliant, set up incident management, started implementing risk management and helped to build a security team that fits their fast growing environment. When I left Personio a few years later to take up my first C-level position, the company had over 1200 employees.

Bild Digital GmbH / bild.de
I worked for Bild Digital / bild.de as a system administrator. In this role I hardened the systems for "Bild deckt auf" and re-structured multiple satellite systems running on AWS.

Mokono / blog.de
For Mokono I worked 2 times. At my first time with them I helped to move their complete office network to a new office and got some first insights into their server network. Because of some differences between their CTO at that time and me I left them very fast again. But after a few years, I returned to fix the problems in their server network that I predicted the first time around. Beside that in this company I took the role as their internal DPO (Data Privacy Official) for the first time in my career.

These are just a few stations of my career. I selected these stations because each one had a big impact on my personal development and gave me new knowledge and new experiences that have shaped me and helped me to become the allrounder I am now.

Ich bin ein Mensch (German)

Ein Statement für mehr Miteinander in unserer Gesellschaft

Contact

Email: frank at ff-sec.eu
Phone: +49 15678447860

---

Design based on Dracula UI from Dracula Theme.