Christian Decker - Managing Director and Senior Consultant

• Conceptual consulting for securing business processes
• Consulting on planning and implementation of IT and IT security projects
• Security and policy checks, process optimizations, emergency planning
• Project management and interim management in IT infrastructure and information security

Overview of relevant projects:

• 2025: Consulting on a DLP concept for Digid GmbH.
• 2025: Consulting a client after a cybersecurity attack that compromised the IT infrastructure and where the attacker obtained M365 tenant admin rights. Investigated the IT infrastructure and restored it. Developed recommendations to improve IT security.
• 2025: Continued the projects listed below for Thyssenkrupp Marine Systems and Norddeutsche Landesbank.
• 2024: Created a DNS concept including advice on DNS strategy and technology, DNS design, DNS security, load balancing, reverse lookup zones, and automation. Created a DHCP concept including advice on DHCP design, a central DHCP management system and automation. Advised on operating the mentioned products, the operational processes, and updated IT documentation and IT service descriptions for Thyssenkrupp Marine Systems.
• 2024: As-is analysis and assessment of the network and security infrastructure established by providers in terms of overall architecture including design and components. Designed solution proposals to improve current operations for performance and security maximization as well as complexity reduction. Presented the results to C-level, their causes and possible solutions including required decision templates. Developed a SASE concept based on a zero-trust architecture for Norddeutsche Landesbank.
• 2024: Continued the projects listed below for Atlas GmbH and Deutsche Vermögensberatung AG.
• 2023: Consulting on resolving findings from an IT security assessment of the IT infrastructure, conducting proofs of concept for DDoS protection and digital experience monitoring (DEM) with Zscaler (ZIA, ZPA & ZDX), creating a new security architecture based on zero trust, redesigning a Cisco ISE implementation, and designing a DNS security solution to protect guests and financial advisors for Atlas GmbH / Deutsche Vermögensberatung AG.
• 2023: Continued the projects listed below for Digid GmbH, Vaillant Group GmbH (until 09/2023), Federal Institute for Geosciences and Natural Resources (until 05/2023), and Union Investment IT-Services GmbH (until 07/2023).
• 2022: Created and reviewed whitepapers for infrastructure and security architectures, and planned new network infrastructures for the German Aerospace Center.
• 2022: Developed a concept for the technical and procedural modernization of a disaster recovery plan for United Nations Volunteers.
• 2022: Developed a concept for migrating measurement data to a cloud environment, introduced network access control, and conducted an awareness training for Digid GmbH.
• 2022: Developed a network segmentation concept for DZ Hyp AG.
• 2022: Developed a network segmentation concept for the Federal Employment Agency.
• 2021: Developed a new load balancer architecture concept for Bundeswehr Fuhrparkservices GmbH.
• 2021: Conducted a vulnerability scan and penetration test of a web frontend including analysis and recommendations for remediation considering risk and likelihood for the client ifi GmbH.
• 2021: Consulting, design, and subproject management for implementing a network access control solution (certificate authentication and MAC address bypass) and macro segmentation (area and zone concept based on dynamic device assignment) in office and production IT for Vaillant Group GmbH.
• 2021: Upgraded and optimized LAN and WLAN infrastructure for United Nations Volunteers.
• 2021: Developed a target concept for modernizing the IT security infrastructure including the DMZ (Cisco switches, firewalls, WSA, ESA, SMA), internet connections, admin and management networks, and the wireless LAN, including overseeing implementation for the Federal Institute for Geosciences and Natural Resources.
• 2021: Created a micro-segmentation concept based on Cisco DNA, SGT, and zero trust for Union Investment IT-Services GmbH.
• 2021: Reviewed and updated ISMS level 3 policies and created procedure instructions for Software AG.
• 2021: Project lead for the global tech refresh project Meraki WLAN 2.0, coordinated the outsourcing of LAN/WLAN infrastructure to a managed service provider, and created a WLAN concept for automated guided vehicles for Heraeus Infosystems GmbH.
• 2021: Project management and technical support for the 'Transition of SIEM/SOC Services' project migrating a client to a shared environment, and took on the interim role of Head of Security Operations at Datagroup SE.
• 2021: Conducted a workshop for the future implementation of mobile device management for Allgeier Experts Go GmbH.
• 2021: Subproject management for implementing a firewall rule management tool and recertifying NAC endpoints based on 802.1x and MAB for Union Investment IT-Services GmbH.
• 2020: Developed a network segmentation concept for two data centers based on Cisco and VMware for Aareon AG.
• Recorded and analyzed the current network architecture including project initiation.
• Designed a micro-segmentation concept in the data center and access network.
• 2020: Infrastructure and security architecture audit for Stuttgarter Versicherung AG.
• Analyzed the IT infrastructure and security architecture regarding network and security component configurations. Also reviewed contracts, process documents, and manuals for completeness. Developed recommendations to improve the stability and operation of the infrastructure. Created a network segmentation concept and led the project to implement the measures from the audit.
• 2020: Consulting on setting up an ISMS-light for Josera foodforplanet GmbH & Co. KG.
• 2020: Security architecture consulting for Datagroup SE.
• Developed a future IT infrastructure and IT security architecture.
• Documented the current IT architecture of all 23 entities.
• Made recommendations to optimize the IT infrastructure and drafted a comparison of a traditional perimeter security concept versus a zero trust model.
• Created a security zone concept.
• Designed an IT infrastructure architecture in coordination with all entities.
• 2018 - 2019: Stream lead in the cybersecurity program at Deutsche Lufthansa AG.
• Responsible for designing and implementing 9 projects in IT security infrastructure and user access management, as well as managing project managers and experts.
• Project area: Network segmentation and access control.
• Project area: Security architecture.
• Project area: Privileged, identity & access management.
• Project area: Simplify user authentication (MFA).
• Project area: Mobile & endpoint security.
• Project area: OT security.
• Project area: E-enabled aircraft.
• 2018: Security architecture consulting for Deutsche Lufthansa AG.
• Project management for the development, evaluation, and management of the company-wide information security architecture.
• Developed a security strategy and a roadmap to align the security architecture with the zero trust model.
• Evaluated market security solutions, services, and tools.
• Defined requirements for RFPs and assessed proposals.
• Developed, maintained, and monitored security architecture artifacts.
• Conducted security assessments of existing and new IT systems and security services.
• 2018: ISMS consulting for GLS IT Services GmbH.
• Advised on implementing and initially operating an ISMS based on ISO27001.
• Audited the IT environments of GLS country subsidiaries.
• Analyzed and assessed IT security risks and derived necessary measures.
• Developed solution proposals in coordination with relevant stakeholders.
• Managed the project and handed over the ISMS to operations.
• 2016 - 2018: Security pre-sales consultant for Cisco Systems GmbH.
• Provided nationwide strategic and conceptual consulting to major enterprise and financial and insurance clients on Cisco and Meraki security products and services such as Firepower, WSA, ESA, Stealthwatch, and ISE.
• 2017 - 2018: Designed and implemented an ISMS for Verivox GmbH.
• Conducted various BIAs and gap analyses.
• Developed security policies based on ISO 2700x.
• Served as interim information security officer.
• 2017: Developed an emergency concept for VPV Lebensversicherungs-AG.
• Reviewed and updated the IT emergency manual.
• 2016: Consulting and project management for designing cloud & hosting services for Vodafone Group Services GmbH.
• Analyzed and optimized the sell-build-run process.
• Created detailed level designs for cloud products.

• Updated Windows Server 2003 to 2008.
• New employee evaluation system.
• Project management for project managers 1 – 4.
• Visualizing and presenting.

• Avaya advanced 1st and 3rd level support.
• Experience with Enterasys PEN, IDS, IDS-Advanced.
• Experience with Kobil SmartKey, SmartToken, SecOvid, and mIDentity.
• Varysys Packetalarm administrator.
• Experience with Enterasys routing, VPN, UPN, and IDS.

• Airport management.
• Cisco router configurations on IOS-based systems.
• Conflict management, moderating and presenting.