Cloud Security Assessor @ Tipico

payment platform provider

08/2021 – 12/2022 (Offsite – Vienna, Austria)

  • Currently performing security assessment of the AWS and Kubernetes deployments of Tipico

Interim CISO @ PPRO

payment platform provider

01/2020 – 02/2021 (Munich, Germany)

  • acted as interims CISO supporting the organization in its largest funding phase from startup to unicorn
  • created the security strategy and security management program to ensure the organizations security posture satisfied the requirements of the world’s largest e- commerce providers
  • recruited and trained staff to establish the security function and hand it over to the permanent CISO
  • implemented technical and process security controls to satisfy contractual, legal and regulatory security requirements
  • designed cloud security architecture and implemented a secure CI/CD pipeline
  • initiated and prepared the ISO 27001 certification process

SOX Senior IT Security Consultant @ Domoferm/Jeldwen

international manufacturing organization

06/2019 – 12/2019 (Gänserndorf, Austria)

  • assisted the IT team to implement the IT controls required by Sarbanes Oxley
  • defined required technical controls and implementing them throughout the company
  • performed control assessments reporting the results to the US management team
  • supported remediation activities in the local subsidiaries

Founder and CEO Austria @ Cognosec

Information Security Services & Audit

04/2011 – 04/2019 (Vienna, Austria)

  • founded Cognosec together with British payment service provider securetrading
  • provided security consulting, audit, penetration testing and managed services to Europe’s largest financial institutions
  • managed a company with 24 employees located in 5 countries
  • acted as CTO of Cognosec as it was listed on the NASDAQ

Head of Corporate Security @ bwin

provider of sports betting, poker, casino and games

11/2005 – 08/2011 (Vienna, Austria)

  • designed and implemented the enterprise risk and security management system in Europe’s largest provider of online sports betting, poker, casino and games.
  • established and managed bwin’s corporate security department comprised of the security management, security operations and the security audit team.
  • implemented 24×7 security monitoring and incident response.
  • ensured compliance with the following standards and regulations: COBIT 4.1, ISO 27001, EGBA, ECOGRA, PCI DSS.

Senior Security Consultant @ Lanifex

information security services

03/2005 – 10/2006 (Vienna, Austria)

  • served as a technical security project manager and team leader for a large security monitoring implementation using an open-source security management suite developed by Lanifex for a major bank in Slovakia.
  • implemented the Lanifex security management suite and the Computer Associates eTrust Security suite at a large Austrian bank.
  • developed of a policy compliance module and its integration into the security management suite developed by Lanifex.

Infosec Trainer @ Myajen

information security services

12/2004 – 03/2005 (Riyadh, Saudi Arabia) Contact: Michael Krausz

  • trained the Saudi Arabian Security Forces in the areas of information security and computer/network investigations
  • supported the seizure of equipment, retrieval of data, analysis of systems and evidence protection during anti-terrorism investigations
  • assisted in the creation of security strategies and programs of several law enforcement branches

Chief Security Officer @ Wave Solutions

software development and integration branch of Bank Austria Unicredit

10/2001 – 11/2004 (Vienna, Austria) Contact: Christoph Gruber

  • initiated the setup of security, incident and vulnerability management systems and the development of security policies, procedures and standards.
  • developed policies, procedures and standards for the BA/CA Corporation as team leader together with the Security Office of Bank Austria, designed the security architecture for an incident management system of the BA/CA network,
  • implemented the centralized BA/CA user provisioning system, involving host and client/server-based systems and applications.
  • engineered and designed new security solutions to protect the bank from information security threats and vulnerabilities
  • led project initiatives to identify security solutions and mitigating controls based on regulatory requirements that affect the bank’s business units.

Founder & Principal Consultant @ Trustafrica

information security services

06/1999 – 03/2000 (Accra, Ghana) IT Security Consultancy

  • provided the programming, operations and marketing of intranet development and security services.
  • managed the Trustafrica NOC, providing managed security services to several major institutions in the finance sector.
  • developed numerous intranet systems for governmental institutions.
  • planned, designed and managed the software and security implementation of several
  • Ghanaian e- governance intranet solutions, financed by USAID and UNDP.
  • planned and managed security implementation for Dart Communications, the broadband backbone for inter-bank communication in Ghana.