Christian Fox Cyber Security Consultant

Developed a comprehensive AI Security Concept to proactively identify, assess, and mitigate risks associated with AI systems. This project focused on creating a robust framework for secure AI development, deployment, and operation, ensuring data integrity, model robustness, and ethical AI use.

- Consulting, auditing and implementation services with regard to BSI basic protection, KRITIS, § 8a BSIG and B3S - Implementation of agile software development project management based on Confluence and Jira - Conducting workshops and training courses on secure software development - Creation of software development guidelines - Carrying out BSI basic protection checks - Creation of security concepts based on BSI standards 200-1, 200-2, 200-3 - Implementation of penetration tests

- Supporting SAP IT projects in identifying, assessing and mitigating cybersecurity risks - Development, implementation and improvement of role and authorizations concepts - Participation in the definition of guidelines and standards with regards to SAP cybersecurity - Defining SAP Security definition for diff. SAP Modules/Systems - Identifying the improvement areas in authorization topic i.e. in both process and technical areas - Support technical SAP cybersecurity audits, tests and self-assessments

- Central contact and coordinator between application managers and IT security management - Implementation of measures tracking and ensuring the elimination of the security gap - Creation reports on progress and status of vulnerability remediation and overview of open findings Applications: PCI DSS, OSST MM, NIST SP800-115, BSI, BAIT, MaRisk, KWG, BCBS239, OWASP, BSI-Penetrationstest Leitfaden, Office, Nessus, Rapid7, Metasploit, Nmap, Wireshark, Splunk, OpenVas, Burp

- Creation of a process model for carrying out gap analyzes based on the banking standard - Support in the implementation of the model in ServiceNow - Support in conducting gap analyses

Analyze web application security and perform vulnerability and risk assessments using tests and security guides (OWASP, etc.) - Performing automated scans with web scanner tools - Identification of security vulnerabilities ( e.g. XSS, CSRF, SQL, Command and XPath Injections, Directory and Path Traversal and Security Misconfigurations) - Reporting, evaluation and recommendation of countermeasures - Collaborate with application owners and software developers and conduct vulnerability remediation meetings

- Vulnerabilities- , Exploits- and Threats Detection for the Helaba GROUP (Cert, CVE, CVSS, Metasploit, ...) - Carrying out of vulnerability scanning (Network, Data bases, Applications, virtual-, container- and cloud environments) - risk-oriented analysis on the basis of data mining - Identification of application and system owners, opening of vulnerability ticket and coordination of actions - Monitor the timely application of security patches and ensuring the implementation of remediation measures

IT risk management in the banking sector - Analysis of IT and operational risks - Coordination and implementation of mitigating measures - Consideration of the banking supervisory requirements for IT (BAIT) and MaRisk

- Development of a cloud strategy that is tailored to your specific requirements - Development of modern "hybrid cloud architectures" from infrastructure to network, security, governance, compliance and integration into operations - Reduction of your IT costs and generation of added value - Experience with AWS Cloud Platforms

- Responsible for establishing the "First Line of Defense" for the detection and defense of cyber attacks - Detection and defense of cyber attacks by using a vulnerability scanner to detect and prevent, identify, evaluate and conclude vulnerabilities - Recording of vulnerabilities information for automatic evaluation and determination of rules and regulations - Preparation of IT risk and management reports - Development of the process, roles, interfaces and integration into the IT service mngmt

- Performing an comprehensive 27001:2013 GAP analysis - Carry out internal ISMS audits - Contact for external auditors on questions concerning KRITIS, VAIT - Responsible for the preparation of a project plan for the implementation of an ISMS - Responsible for the implementation of the ISMS based on ISO 27001:2013 - Responsible for implementing measures for an external Maturity Assessment examination