Hello, I’m Frank. Currently I'm working as CISO (Chief Information Security Officer) for AppConceptionOne in Berlin. Show me your business processes and IT systems and I can show you how data can be stolen from your company.
With over 20 years of experience in the areas of SecOps, System Engineering, SRE, DevOps and classical system administration for Linux- and Unix-based server networks I understand what your server guys are doing.
Almost the same amount of years I used some of my free time to create software for my daily life. Code in Python, Scala, C/C++, Perl, Bash and other programming languages is familiar to me.
Data protection is not only IT security for me. I have a wide view of data protection. From server configurations over your source code up to business processes and awareness training, I keep an eye on everything that is relevant for data privacy and IT security. With a straight-forward risk management, detected risks are mitigated and step by step IT security comes closer to how it should be.
The rest of my free time I spend with reading news, writing (blog) articles, reading books, analogue and digital photography and creating some digital art on my iPad.
- IT Security and Data Privacy Management
- Risk Assessment and Risk Management
- DevOps / SecOps / DevSecOps
- Linux / Unix System Administration
- Auditing to prepare for ISO 27001 certification
- Pentesting for Web Applications
- Intrusion Detection
- Network Design
- AWS, Azure
- Containerization with Docker and Kubernetes
- Explaining complex technical topics to non-technicals
- remaining calm and relaxed while executing disaster recovery procedures
- being paranoid enough to consider any risk, yet practical enough to minimize them
- having supporter genes
- Linux (various distributions like Debian, Ubuntu, SuSE, Fedora, Centos and more)
Programming and Scripting Languages
- Python (my preferred language)
- and more
Servers and more
And of course I can work with common Linux/Unix CLI tools, IaC (Terraform, Saltstack, Ansible or Rex), version control with Git or Mercurial SCM and everything else required for modern configuration, logging and application management.
- MySQL / MariaDB / Percona
- Apache Druid
- Mailserver technologies
- CI / CD
- Stream Processing with Apache Kafka
- Log monitoring with ELK stack (Elasticsearch, Logstash, Kibana)
- various monitoring tools like NewRelic, Nagios / Icinga and Prometheus
- Intrusion Detection with OSSEC, Snort, Prisma and more
- and more...
I worked in some very different companies and environments in the past. Here are some of them from the last years.
I'm currently working as the CISO (Chief Information Security Officer) for AppConceptionOne. In this position, I'm responsible for all aspects of information security, beginning with IT security up to document, knowledge and contract management. Since we are still a very young startup, my extensive technical knowledge also helps our software development and, above all, building up a DevOps culture. Since many of the duties of the DPO and the CISO overlap, I'm currently also the DPO of the company.
I joined Personio in a very early startup phase. In the beginning I supported them as a freelancer in DevOps engineering and system administration. When the GDPR became mandatory, Personio offered me a permanent position as their Security Manager. In this role, I made the company GDPR-compliant, set up incident management, started implementing risk management and helped to build a security team that fits their fast growing environment.
Bild Digital GmbH / bild.de
I worked for Bild Digital / bild.de as a system administrator. In this role I hardened the systems for "Bild deckt auf" and re-structured multiple satellite systems running on AWS.
Mokono / blog.de
For Mokono I worked 2 times. At my first time with them I helped to move their complete office network to new rooms and got some first insights into their server network. Because of some differences between their CTO at that time and me I left them very fast again. But after a few years, I returned to fix the problems in their server network that I predicted the first time around. Beside that in this company I took the role as the DPO (Data Privacy Official) the first time in my career.
These are just a few stations of my career. But each one gave me new knowledge and new experiences that helped me to become the allrounder I am now.
Email: frank at ff-sec.eu
Phone: +49 15678447860
Design based on Dracula UI from Dracula Theme.