Jan Kopia available

Jan Kopia

Verified Profile

IT security ISMS,TISAX, SOC, IT-Grundschutz, ITIL, PMO, kritis, auditor 27001, penetration tester

Profileimage by Jan Kopia IT Security, ISMS, TISAX, SOC, SIEM, IT-Grundschutz, KRITIS, Auditor 27001, Sikat Penetration-Tester from Berlin
  • 12683 Berlin Freelancer in
  • Graduation: Doctorate Degree
  • Hourly-/Daily rates:
  • Languages: German (Full Professional) | English (Full Professional)
  • Last update: 15.09.2021
Profileimage by Jan Kopia IT Security, ISMS, TISAX, SOC, SIEM, IT-Grundschutz, KRITIS, Auditor 27001, Sikat Penetration-Tester from Berlin
Profil english

You need an account to view this information.

CV / Lebenslauf

You need an account to view this information.

Special fields of the last years: 
  • ISMS implementation based on BSI IT-Grundschutz or ISO 27001-native
  • Auditor and consultant for ISO 9001, ISO 27001, ISO 27019, §8a and TISAX, ISO/IEC 27701, ISO 22301
  • DSGVO data protection implementation, data protection officer
  • GOBD
  • Use of various brand-specific security standards B3Se (e.g. clinics, health, energy, etc.)
  • Establishment of Security Operation Center (SOC) as well as Cyber Security Incident Response Teams (CSIRT), products e.g. Splunk, Greenbone, Nessus, Elastic Search, Elastic Security, Kabana 
  • OT Security, IEC 62443, Scada
  • Cloud Security (AWS Security), Security in Containers (Docker, Kybernetes).
  • Experience with the NIST framework and NIST assessments.
  • SIEM / Splunk, logging, monitoring, Elastic
  • System hardening (Windows, Linux)
  • Threat Modeling 
  • Secure Software Development / Security Testing / SDLC
  • Automotive: SAE J3061, ISO/SAE 21434, TISAX
  • Implementation of technical guidelines for hardware and software development products (incl. Common Criteria certifications including TR 03109)
  • Implementation of risk analyses, IT security assessments, penetration tests, vulnerability assessments 
  • Development of security concepts for network infrastructure and IT systems (incl. IT architectures and software development best practices, e.g. secure coding)
  • Hardening / system hardening
  • Publication of technical articles / authoring activities
  • Project management and team leadership activities with personnel responsibility 
  • Project management for complex projects (requirements analysis, implementation, quality assurance)
  • Requirement analysis and interface business requirement and IT implementation
  • SOX Compliance, BAIT, BaFin, ISAE 3402
  • Experience as Scrum-Master and Product-Owner for product developments
  • Chinese Cyber Law experience
  • IEC 62443, IACS, SCADA
Other Topics: 
  • IT Security / Security / Crypography / Common Critera / PKI solutions.
  • Implementation of ISMS, e.g. in the area of critical infrastructures (Kritis-V)
  • Auditor for IT security catalog according to §11 Ia EnWG, audit proofs according to §8a BSIG,
  • Preparation and audits according to BSI Grundschutz and Grundschutzkataloge
  • ISO 22301 BCM
  • Penetration testing experience (Certified Ethical Hacker certification)
  • OWASP, Burp, ZAP, Nessus etc.
  • CISSP 
  • Certified Ethical Hacker (CEH)
  • ITILv4
  • IT Security Officer (certified)
  • IT Security Manager (certified)
  • SCUM Master
  • Certified EC-Council Instructor (CEI)
  • Multi Project Management (PMI / PMP and SCRUM Master certified) 
  • Incident Management and the development of CIRTs
  • Certified EC-Council Instructor (CEI)
  • BCM 22301
  • IT-Grundschutzberater
  • 02/2012 - Present

  • IT-Security Projects
  • current project: finance sector:
    • Conception of IT security concepts for secure operation (IDS/IPS, SIEM, log archiving and analysis) 
    • Penetration testing and vulnerability scanning 
    • Conception of compliance requirements from regulatory guidelines (including backup/recovery, authentication, exit strategies in service management, etc.)
    current project: Large Cloud Provider:
    • Establishment of a SOC operation and introduction of a SIEM for a financial services provider.
    • Implementation of requirements for Cloud Security based on BSI C5, Business Continuity BCM according to ISO 22301, and ISO 27001, 27017 , 27018, 27019
    • Implementation of product certifications for China: Chinese Cyber Security Law and CCPS certification 
    • Risk assessments and creation of security concepts for a government agency and its data center
    • Implementation of SOC1 and SOC2 certifications
    • Management of project consolidations 
    • Establishment of data protection management according to ISO 27701
    • Security concepts: including conception of multi-factor authentication and backup and recovery, BCM / emergency plans
    • Penetration tests for web applications and source code analyses

    project (approx. 2 years): activities:
    - Management of a young company in the growth phase
    - Advising companies in critical infrastructures with regard to information security and compliance with the IT security law
    - Advising customers in the context of information security and IT security
    - Development of Security Operation Center (SOC) and Incident Response Teams (CSIRT)
    - Red Teaming / Blue Teaming (penetration testing and simulation of attacks as well as defense against cyber attacks)
    - Consulting of companies in questions of certification according to BSI Grundschutz BSI 100-1-4, ISO 9001, ISO 27001, Business Continuity Management, Cobit, ITIL and Risk Management
    - Security assessments and penetration testing of customer IT and network architectures
    - Project management activities for major customers
    - Project management activities for customer orders and internal projects Last project (approx. 1.5 years):
    - Management of the software team (12 persons)
    - Organization of software development projects in the field of embedded and x86 technology
    - Close coordination with the management and overall development management
    - Process optimization of product development
    - Project management for the development of hardware and software
    - Management of the IT security project (according to technical guidelines)

    1. design of a security module (hardware and software)
    2. threat modelling of the architecture
    3. decision on technical implementation of cryptographic measures, secure storage and transmission of data
    4. create a security target based on Common Criteria
    5. audit preparation for BSI-tested IT security

    - Assumption of tasks of the IT security officer
    1. penetration testing of the internal IT landscape as part of regular security assessments
    2. conception of IT security solutions with the IT department
    3. reverse engineering of software / network forensics
    4. writing automation scripts (Bash, Perl/Python)
    5. preparation for an ISO 9001 and ISO 27001 certification as well as measures of BSI basic protection
    - Assumption of tasks of the IT security officer 

    Projects 2012  

    Activities (15 months): Interim management
    - Operational management of the IT department (35 IT specialists, 5 direct reports)
    - Introduction and conversion of the development methodology of the teams to an agile development process according to SCRUM
    - Communication interface to sales
    - Support for Common Criteria certifications

    1. design and documentation of products for Common Criteria certification
    2. monitoring and rectification of security audits

    - Support for ISO 27001 (and ISO 9001) certification
    1. certification support for the company in both standards
    2. preparation of a risk management system

    - Development of IT concepts, especially in the area of security on the embedded systems
    1. draft of a PKI concept
    2. conception of safe programming solutions in the embedded area
    3. threat modelling of possible solutions
    4. security assessments and penetration testing of solutions
    5. writing software in C, debugging at assembler level
    6. development of defence strategies for DDoS attacks
    7. implementation of some requirements of the BSI basic protection

    - Product development and project controlling
    - performance of training courses
    - Accompanying advice for customers including presentations
    - Moderation of workshops
    - Topics and environment in the area of critical infrastructures, badge APP including security audits, conception of PKIs and IT security architectures

  • 02/2000 - 02/2011

  • Diverse Projects
  • Projects 2008-2011

    Requirement analysis & process analysis
    Creation of requirements and functional specifications, analysis of processes and IT architectures, moderation of workshops, conception of solutions (also by means of process representation in UML, BPMN etc.)
    Selection of solutions and providers, tendering
    Provide ROI analysis and IT investment decisions for departments and companies
    Preparation of tender documents and evaluation criteria
    Implementation of the provider presentations
    Evaluation and presentation of the provider/solutions with recommendations for the most appropriate solution
    Software development processes
    In addition to requirements analysis, I know the software development cycle very well. This includes methodologies of development (agile, extreme programming) as well as the tools used for it. I also know the topics testing and QA, release management and deployment very well.
    Certified as Scrum Master and experience in working with Scrum Teams. I am especially interested in increasing productivity through agile methodologies and the hurdle to consolidate this way of thinking in teams and companies.
    Project Management
    Experience in classical project management based on PMI through PMP certification.
    Project planning, management and controlling, risk management and other relevant areas in this field (according to PMI Knowledge Areas).
    Service Level, Quality and IT Processes
    I have carried out an ITIL Foundation certification and various process support in projects.
    Development experience
    Very good overview of Java / JEE development as well as the development with PHP5 through own past development experience. I am familiar with the tools and current technologies and their performance (EJB3, persistence frameworks, JMS, and other different APIs as well as web services).
    SOA / BPM
    In various companies I was involved in the selection and implementation of a service-oriented architecture.
    Use of BPM tools based on existing automated IT infrastructures.
    IT Administration
    As team leader, I was responsible for w data centers and a heterogeneous system landscape. This included above all the support of the application and web servers as well as database servers, but also the architecture of the system landscape itself (network technology, virtualization, IT security according to BSI / IT basic protection, etc.)
    Web development
    Through project experience knowledge of front-end technologies and processes: Web design, HTML/CSS/JavaScript, Flash, Silverlight, but also JSP/Servlets.
    Mobile Technologies
    Very good knowledge of mobile systems (iOS, Windows Phone) and their capabilities and requirements in relation to software development projects.
    Sales experience
    Development experience of a division of a personnel agency Experience in sales and key account management.
    Marketing and social media consulting
    Consulting for various SMEs in the field of social media topics as well as marketing in the online sector (including SEO/SEM)

    Activities in the field of management consultancy (2 years):

    Sales and product management support and project management in the field of innovative hardware and software products
    Drafting contracts with suppliers and customers of the new market
    Change management of internal processes
    Conception and business plan development for a start-up company in the field of management consulting
    Project management at skilldeal AG for various IT projects

    Worked as project manager (5 years):

    multi-project management
    Introduction of the CRM system Salesforce.com for 500 employees
    Conception, development support and introduction of an external event management system system into the internal company processes
    Evaluation and introduction of an Enterprise Service Bus (ESB) with SOA architecture of the top providers in the market according to Gartner. Setting up a Business Process Management (BPM) based on the infrastructure and products and introducing the necessary process changes in the company
    Introduction of a Social Media/Enterprise 2.0 intranet for the Scout Group
    Decision making, implementation and migration of an old BI tool to a Business Intelligence system.
    Assumption of Scum Master positions for various Scrum teams in software development.

    Activities as partner for a management consultancy (2 years):

    consulting and coaching
    Development of social media strategies and online marketing measures for SMEs
    Coaching of individuals and teams with regard to the specialist topics of marketing, financing, IT processes and systems and in personnel management
    Lectures at networking events on the above topics
    Conception of ideas and writing of business plans
    Writing of professional articles
    Project management in the area of ECM (6 months): The focus of the project was on complex integration projects in the Enterprise Content Management product environment. I performed the following tasks: Activities

    Project management in the area of ECM (6 months): The focus of the project was on complex integration projects in the Enterprise Content Management product environment. I performed the following tasks: Activities
    Creation of an internal project platform based on SharePoint
    Definition of new customer segments for targeted project acquisition
    Key Account Management of an existing customer base
    Processing of tenders
    Organization of trade fair appearances
    Project personnel service provider (1 year): The task of my position within the service provider in the Interim Management and IT division was to develop the area of consulting and project management. Due to my previous consulting activities, in which many sales aspects played a role, and my expertise in the field of IT technologies, I got in contact with specialist departments with companies to present their services and discuss solutions and projects with the contact persons. Here, current and strategic topics and project decisions with strong reference to the placement of technical experts, especially freelancers, were discussed. My own assignments as a freelancer allowed me to actively shape the project business.   Activities
    Development and implementation of sales strategies
    Collaboration on ideas for a new corporate strategy in this area
    Advising customers on technical issues with the aim of providing consulting services in the area of business processes (CMMI/ITIL), optimization of processes, project management offices as well as decisions in the IT environment (SOA, outsourcing, migration projects, etc.)
    Participation in tenders
    Quotation calculation and preparation
    Interim assignments with clients as interim manager or freelancer
    Publication of articles in professional journals

    Axel Springer AG / Hamburg and Berlin Interim Manager (6 months)   

    Team management of the internal IT in the area of infrastructure and data center with disciplinary personnel responsibility of 14 employees including second level support
    Project management of various projects, including:
    Accompanying the introduction and establishment of the shared service center strategy in the area of IT infrastructure and all applications relevant to the publishing house
    Optimization of internal processes
    Migration of different software systems to new versions and new hardware
    Coordination of the computer center operation and roll-outs of new hardware (SUN Solaris, database server etc.)
    Support of architecture decisions in an increasingly complex environment of gigantic data volumes (HDS, LUN, SAN etc.), ITIL and ISO 20000 as well as CMMI conformity
    Takeover of change management processes
    Technical environment: complex system landscape in decentralized data centers made of heterogeneous hardware from SUN Solaris to Windows servers, SAN, HDS, various web servers, terminals and thousands of workstations (Windows and MacOS) as well as the most diverse applications relevant to publishing

    Cornelsen (6 months) 

    Process management: Recording, documentation and optimizing consideration of all operative processes and the associated business cases and transfer of the same into an IT-usable form (process documentation tool) for the purpose of developing a new cross-company publishing system (plus key figures in the sense of business process management)
    Creation of an evaluation catalogue and coordination of the selection of an enterprise software
    Advice on strategic IT issues (architecture, especially the question of service-oriented architecture, decision-making and support as well as evaluation whether in-house or third-party development or potential system providers etc.), advice on setting up IT governance processes and standards (according to CobiT) and return on investment considerations
    Used tools and technologies: Office tools, especially Excel and MS Project, Rational Rose, technologies considered were questions of migration of legacy applications, their encapsulation and provision as a service as well as the migration of hardware

    Springer publishing house   

    Project management for the migration of a CRM system
    Preparation of tender documents
    Selection and evaluation of providers and presentation of the results
    Consulting for portfolio decisions and requirements management
    Technological environment: Oracle databases and various Oracle applications and their migration to a new system (including backup and roll-back concept, data consistency, data cleansing, performance and worst-case scenarios), various project management tools and their evaluation

    Handelsblatt publishing group (3 months)   

    Consulting in questions of the usability of Web 2.0 tools
    IT architecture and system decisions (e.g. SOA, web services, performance issues for database access, search engine optimization, indexing, content management systems, hardware selection, etc.)

    Selection and evaluation of providers and presentation of the results, in particular the basis for decision-making after the pitches of various providers and agencies
    (Technological) environment: heterogeneous system landscape, especially in the area of the content management systems used, customer relationship management systems and related subsystems (billing, accounting, supply management, ordering systems, etc.), search engines and indexing system of Google Search Appliance, Fast Search and Transfer and others, integration development within the framework of a SOA

    Kneipp works (2 months)   

    Organizational analysis and process documentation of all areas relevant for controlling
    Advice on setting up a precisely fitting controlling system based on BPM and balanced scorecards
    Consideration of an outsourcing option in the context of BPO
    Introduction of a Business Intelligence application based on the controlling system
    Development of a catalogue of measures to overcome internal personnel-related hurdles
    (Technological) environment: Legacy controlling applications and the data stock to be migrated, consideration of different controlling systems, implementation support for Microsoft Dynamics

    2005 – 2006       

    I managed the IT department of the internet agency New Impact AG. This mainly included the recruitment, personnel development and personnel management of 20 employees and the resource planning of all IT staff based on the IT orders. The low staff turnover made it possible to focus on staff development and organizational problems in a role with disciplinary responsibility. Especially in the area of software development projects on various platforms (Java/JEE, .NET and PHP on Tomcat/JBoss, Webshpere, MS SQL, Oracle, MySQL) an exact forecast of upcoming projects and its technologies had a great influence on the workload of the employees. Close cooperation with the individual project participants and incoming orders was therefore crucial. A further task was the project management. On the one hand, I assumed the role of the contact person for the customer. I was responsible for the requirements analyses, which ended in requirement specifications and ultimately in offers with fixed SLAs, for which I was also responsible - including the necessary contract negotiations. I also divided the development teams, took care of the project organization and project controlling as well as the usual project management tasks such as change and risk and quality management within the projects assigned to me. Since each project manager had full budget responsibility, a standardized approach was essential in every project. In addition to intensive customer support during the project, the presentation of the interim and final solution or training was another important task. The goal was always to generate follow-up projects through the network or customer contact. Technically, I was involved in architecture decisions and in the modeling of software and processes (OOA/OOD) with UML due to my software development background.   Excerpt of project activities (from multi-project management):   

    duration: 4 months 

    GastroBern project manager software development project with web presence activities:
    Requirement analysis and creation of functional specifications based on the business case
    Offer preparation and negotiations regarding the implementation
    Project meetings and coordination with graphics, development and administration
    Project management standards-standards measures Controlling functions, regular team meetings, quality assurance and organisation of testing including regular code reviews in close consultation with the customer
    Presentation and training of the customer in the new system
    Use of technology: Virtual machines (vmware), distributed system with Apache, MySQL, PHP as well as interface to a mobile phone operator, CMS Typo3

    Duration: 6 months 

    Swiss Police Department FDJP Project Manager Software development project with Imperia (CMS) activities:
    Requirement analysis and creation of functional specifications
    Demonstrate migration scenarios of legacy applications to the new system
    Customer support during the development phase in the form of status meetings, incident and change management
    Coordination of the development team
    Technology deployment: Virtual machines (vmware) as development platform Eclipse, Oracle databases, Java templating system, Perl- and JavaScript,

    2003 – 2005       

    My tasks at X mainly included various project management activities. I was also responsible for building up the internal IT department and planned IT systems for both internal and external use. In addition to analyzing and designing customer-specific solutions with a focus on the eBusiness sector and supply chain systems, I coordinated the software developers who implemented the solution. I made the decision for the IT architectures together with my colleagues and at times helped to develop program code. An agile approach according to SCRUM, which I established, enabled an efficient cooperation of the development team under increasing pressure with constant quality.  Customer consulting and simultaneous acquisition of follow-up projects in terms of technology and online strategy were as much a part of my tasks as the recording of requirements and the writing of offers including technical specifications.   Excerpt of project assignments:   Duration: 12 months software development project Business-2-Business System project management and developer activities:
    Conception, requirements definition and calculation as well as proposal writing (including SLAs)
    Organizational project planning
    Technical project management and development (based on PHP, MySQL)
    Finding additional staff and developers, if resources were not sufficient
    Coordination of development in small iterations / sprints, including quality assurance through code reviews and testing
    Acceptance and presentation to the customer
    Technology environment: Highly available Linux servers (Debian), Apache web servers, MySQL databases, PHP development environment, Java/J2EE with various development platforms including Eclipse, Adobe FLASH, Visual Studio and ASP and ASP.NET

    11.2001 – 11.2003     

    Berlin Software Developer  
    Software development with Java/J2EE and PHP
    The focus of the projects was on web applications and content management systems
    XML development (XSL, XSLT transformations)
    Database development (MS SQL, MySQL)

    Other activities and operations 

    iPhone app development based on Xcode 

    03.2001 – 08.2001     
    AMD Europe / London, England Freelance: Hotline Engineer in Hardware Support   

    12.2000 – 02.2002    
    Film Industry / Various companies and locations in Germany

I am available for worldwide work. Just contact me.