Markus Malewski

Vice President Cyber Defense

In meiner derzeitigen Rolle als Head of SOC bin ich für den Betrieb eines globalen Security Monitoring Service verantwortlich: # Entwicklung strategischer, taktischer und operativer Lösungen # Aufbau eines Teams von Sicherheitsexperten für den Betrieb des SOC / SIEM Dienstes # Fachexperte für SOC / SIEM relevante Themen

Project Lead to built an in-house solution for a thyssenkrupp global SOC/SIEM Service. Develop strategical, tactical and operational solution for an in-house SOC/SIEM service. Represent GSS IT Security Services on subject matter expert round table for SOC/SIEM topics. Participate in management meetings and working actively on improvement projects to enhance the strategical and tactical cyber threat mitigation capabilities. Built a team of Security professionals to run SOC/SIEM service.

Represent CERT in contract negotiations with service providers for a SOC/SIEM as a Service solution. Enhance an analytics platform, detection and visualization methods for monitoring and threat hunting purposes. Supported incident management to evaluate and assign threats to customers.

Develop and design of SOC/SIEM as a Service solution for SMB and enterprise business in D-A-CH region. Participate in bid management to fulfil requirements for proposal of SOC/SIEM as a Service solution. Prepare and actively participate in bid presentation for SOC/SIEM as a Service solution offering at customer site. Responsible for planning of the SOC/SIEM Service transition to business readiness. Represent the Cybersecurity Practice at customer meetings.

Ensure the optimal operation of SIEM monitoring content. Built on and continuously improve the SOC analytics framework. Ensure relevant knowledge transfer to all SOC team. Provide professional data analysis to drive further security measures and risk mitigation activities. Conduct proof of concepts for analysing and interpreting log events for threat assessment. Represent the SOC on in-house fairs and at customer meetings. End to end responsibility for on-boarding of new customers in regard to SIEM content.

Functional lead of a Global Security Operations Center and related analytics as well as underlying processes and tools. Security expert with technical understanding of common enterprise infrastructure security aspects. Interprets internal issues and external business issues and recommends best practices. Mentor of an international team of 1st level security analysts. Supports threat intelligence and security incident response teams. Defines technical concepts, processes, procedures and guidelines.

Perform real-time IT security monitoring and analysis for large enterprise in shift work. Take responsibility for in-depth analysis of events discovered. Identify and validate threats by data analysis with the wide range of security tools and defence line products. Triage of security events and escalation of incidents to security incident management team. Provide technical security expertise in order to provide professional data analysis reports for further corrective actions and security measures.

Responsible for operation and maintenance of network monitoring and reporting platforms. Development of behaviour models (use cases) for monitoring purposes. Troubleshooting of 2nd and 3rd level monitoring platform issues and 24h on call duty. Close interaction with problem management, incident management and customers' technical department. Provide trainings for Service Operation Center operator staff and 2nd level support teams.

Perform real-time IT infrastructure and application monitoring for Network Operations Center (NOC) in shift work. Triage of monitoring alerts and escalation of incidents to responsible operational teams and service owner as well as major incident management.

Datenverarbeitung