Matthias Steinmann - Senior Security Consultant (freelance)

Q: Where is Matthias based?

Matthias is based in Panketal, Germany and can operate in on-site , hybrid , and remote work models.

Q: What languages does Matthias speak?

Matthias speaks the following languages: German (Native), English (Advanced), French (Elementary) .

Q: How many years of experience does Matthias have?

Matthias has at least 46 years of experience. During this time, Matthias has worked in at least 15 different roles and for 10 different companies . The average length of individual experience is 3 years and 11 months . Note that Matthias may not have shared all experience and actually has more experience.

Q: What is Matthias's latest experience?

Matthias's most recent position is Senior Security Consultant (freelance) at DVZ M-V .

Q: What companies has Matthias worked for in recent years?

In recent years, Matthias has worked for DVZ M-V , DTBS , BMZ , and Dataport .

Q: Which industries is Matthias most experienced in?

Matthias is most experienced in industries like Information Technology , Arts and Crafts , and Media and Entertainment . Matthias also has some experience in Automotive , Manufacturing , and Government and Administration .

Q: Which business areas is Matthias most experienced in?

Matthias is most experienced in business areas like Information Technology , Quality Assurance , and Project Management . Matthias also has some experience in Supply Chain Management , Production , and Logistics .

Q: Which industries has Matthias worked in recently?

Matthias has recently worked in industries like Information Technology and Government and Administration .

Q: Which business areas has Matthias worked in recently?

Matthias has recently worked in business areas like Information Technology , Audit , and Project Management .

Recommended expert

Panketal, Germany

Check rate

Experience

Sep 2023 - Present

2 years 10 months

Senior Security Consultant (freelance)

DVZ M-V

ISMS and security concept for the Fabasoft e-file according to BSI 200-1/2, among others
Structural analysis (A.1), modeling (A.3), and baseline protection checks (A.4)
Preparation for OWASP penetration test, incident response plan, risk analysis
DevOps Bitbucket, ARC42, IAM with Keycloak/AD, multi-tenant setup, DMS, SOC
Emergency preparedness concept (BSI 200-4), operations and service concept (BSK), ITSM

Jun 2022 - Jun 2023

1 year 1 month

Security Architect BSI 200-2 and BSI 200-3 (freelance)

DTBS

Structural analysis (A.1) and baseline protection checks (A.3) for a data center/ISMS, including TOMs
Creating and updating the risk analysis (A.5) according to the BSI 200-3 Compendium 2021/2022 and ISO 27001/27005 (UAN)
IT security architecture and analysis / preparation for data center surveillance audit
Developing a policy for role and permission management (RuB)/AD

Oct 2021 - May 2022

8 months

Senior Consultant Operational Security (freelance)

BMZ

IT service manager OPSEC / SOC operations / ISO 27001 baseline protection
Incident management / incident response and reporting, SOC, SIEM, Macmon NAC/Zero Trust, FW/IDS/IPS, Trend Micro XDR/DER, OSSIM
Process and document management in OPSEC, Log4j measures
Developing concepts per BSI 200-2, including DER 2.1 and DER 4.0, CVE/CVSS, WSUS
Team leadership, disaster recovery planning, shutdown-restart planning, ITSM

Sep 2020 - Sep 2021

1 year 1 month

Senior Security Consultant (freelance)

Dataport

Project lead for certification audit of the multi-tenant connection zone in Hamburg, Bremen, and Schleswig-Holstein under IT baseline protection/TZ5/TZ15 (implementer)
Tendering and auditor selection process
Creating security concept A.1 to A.5 under IT baseline protection, ISMS
Conducting GSCs, including using IT-GS HiScout, supporting pre-audit/main audit IV
Audit preparation for ISO 27001 baseline protection of the ITSM operations/TQ3 division
Supporting baseline protection GSC/RA using IT-GS HiScout
Creating operations concept, emergency manual, logging concept, risk analysis (100-3/200-3), permission management including AD/PAM
Supporting service management based on ITIL and BMC Remedy ITSM Suite 19.02

Aug 2017 - Aug 2020

3 years 1 month

IT-Security Manager

CANCOM on line GmbH

Lead implementer for ISO 27001 baseline protection and KRITIS in the transport sector at the Rhineland-Palatinate Mobility Authority (LBM RP)
Creating the security concept (2018–2020) for the LBM IT network, including sales support, using GS tool Infodas SAVe 5
Central LBM office network / SAP LBM
Highway tunnels and control centers
Networks and infrastructure
Establishing a central ISMS: security incident management, patch management, internal audit, asset management, risk management, technical and organizational measures (TOMs), internal SAP audit, etc.
Project methodology based on BSI baseline protection (100/200-xx), ISO 27001, KRITIS
Structural analysis and protection requirements for processes/assets, IT/OT
Modeling per IT baseline protection, including module B 5.13 SAP, baseline protection check
Applying B3S for road traffic (signal systems)/threats
Preparation for the audit / evidence under § 8a (3) BSIG (security audit)

Sep 2016 - May 2017

9 months

Senior Information Security Consultant

secunet Security Networks AG

Security concept for SAP network SAP system DRV according to IT Baseline Protection, ISMS
Consolidation of basic security check/gap analysis
Additional security and risk analysis for the SAP application
Implementation of building block B 5.13 SAP according to IT Baseline Protection
Consulting at the Federal Office for Information Security (BSI) Division 33 Federal Networks, ISMS and network security/Ü2
Consulting and audit of document management and requirements management for Federal Networks/IVBB
Support for DRV infrastructure building blocks project: kickoff, structural analysis, GSC

Feb 2015 - Aug 2016

1 year 7 months

Certified Ethical Hacker CEHv9

EC-Council / Firebrand Training

Penetration Testing / Vulnerability Assessment
Web and cybersecurity
Cryptography and Social Engineering

Aug 2010 - Jan 2015

4 years 6 months

Senior Project Manager / IT Security Manager in large-scale projects

T-Systems International GmbH

Project DAVOS/Information Network Berlin-Bonn (IVBB)/NdB, ITSM/data center
IT security management according to IT Baseline Protection in subprojects of IVBB
IT Baseline Protection basic check and risk analysis
ITSM tool BMC Remedy, ISO 27001, TKG

Aug 2009 - Jul 2010

1 year

Program Manager Nearshore and Offshore Regulation (NOR)

T-Systems International GmbH

Implementation of IT security compliance in Systems Integration (SI)/Ü2
Implementation and support of requirements for classified information protection (GBS), privacy (GPR) and legal (GLA)/TKG
Implementation of NOR compliance in 102 SI applications including SAP BMS-IT (P02), implementation of measures and partial repatriation of offshore capacities

May 2007 - Jan 2015

7 years 9 months

Senior Consultant IT Security and Process Management

T-Systems International GmbH

Internal audits/checks of 30 top projects in project monitoring according to TSI PM and SE standards
Conducting ISO 27001 assessments, quality gates (reviews) in projects and services
Information security and data protection according to TSI standard NOR/IRON, TKG
Service management according to ITSM/ITIL, SLA
Internal audits for projects including DB, DP, Fraport

May 2007 - Jul 2009

2 years 3 months

International Delivery Network (IDN) - Consulting (Near- and Offshoring)

T-Systems International GmbH

IDN process rollout project management (PM-Book)/software engineering (SE-Book) in the SI country subsidiaries
IDN project monitoring for projects among others in the subsidiaries in France, Spain and Mexico

Jun 2000 - Apr 2007

6 years 11 months

Consultant central quality assurance / ISO 9001

T-Systems / Gedas Deutschland GmbH

Support for SAP service contract VW ITSM/SLA/service catalog based on ITIL
Proposal and project review board/document management ISO 9001
Process manager for proposal review board and project monitoring: process analysis and process design/process modeling in ARIS

Sep 1999 - May 2000

9 months

SAP consultant for materials management (MM)

T-Systems / Gedas Deutschland GmbH

Project central spare parts logistics VW AG 'Spare Parts 2000' (ET2000) in Kassel
Worldwide distribution and support of SAP material master data and pricing (ALE)

Feb 1998 - Aug 1999

1 year 7 months

SAP consultant for controlling (CO/subproject management)

T-Systems / Gedas Deutschland GmbH

SAP implementation project Shanghai Volkswagen
Implementation of the SAP CO module (cost center accounting, CO orders, product costing)

Aug 1988 - Jan 1998

9 years 6 months

Freelance sound engineer and studio musician

Sep 1979 - Jul 1988

8 years 11 months

Transport Technologist

Kabelwerk Oberspree Berlin

Development of material flow analyses and transport technologies

CISSP/CSSP – Qualification

Fernschule Weber

Network Security, Access Control, Physical Security, Application Security
Compliance Management (COSO, COBIT), Business Continuity, Operational Security

IT Security Manager (ISMS/ISO 27001)

TÜV Rheinland Akademie GmbH

Information security governance according to DIN ISO/IEC 27001, 27002:2013 including IT security procedures, ISMS, risk management

Industry Experience

See where this freelancer has spent most of their professional time.

Experienced in Information Technology, Arts and Crafts, Media and Entertainment, Automotive, Manufacturing, and Government and Administration.

Information Technology

Arts and Crafts

Media and Entertainment

Automotive

Manufacturing

Government and Administration

Business Area Experience

See which departments and functions this freelancer has contributed to most.

Experienced in Information Technology, Quality Assurance, Project Management, Supply Chain Management, Production, and Logistics.

Information Technology

Quality Assurance

Project Management

Supply Chain Management

Production

Logistics

Skills

Design/ Se
Rh Linux
Kali-Linux
Github
Red Hat
Aris
Ms Visio
Threat Modeling
Arc42
Vm/ Pm/ Test Se
V-Model
Cmmi
Itil
Itsm
Servicenow
Jira
Confluence
Mitre
F5 App.Sec.
Isms Tool Verinice Xp (Sernet)
Save5 (Infodas)
Hiscout According To Bsi It Baseline Protection
Bcm
It Security Management Iso 27001/27005
Cissp
Cehv9
Owasp
Bsi It Baseline Protection 200-X
Kritis
Nist
Nis2

Languages

German

Native

English

Advanced

French

Elementary

Education

Sep 1975 - Jul 1979

Diploma in Engineering Economics · Business Administration, specialization in Logistics

Sep 1969 - Jul 1973

Gymnasium Güstrow

German high school diploma (Abitur) · Güstrow, Germany

Certifications & licenses

Corporate / Public Sector Data Protection Officer

Municipal Education Association e.V.

PECB Certified ISO/IEC 27001 Lead Auditor

PECB

Corporate / Public Sector Data Protection Officer

Municipal Education Association e.V.

CEHv9 Ethical Hacker

EC-Council / Firebrand Training

ITIL Foundation Certificate V3

Capability Maturity Model Integration (CMMI V 1.2)

Project Management Professional (PMP PMI)

ITIL Foundation Certificate V2

Statistics

Experience

Total positions 18

Experience in Information Technology 25 y

Avg length 2 y 11 m

Longest experience 9 y 5 m

Expertise

Recent roles Senior Security Consultant (freelance), Security Architect BSI 200-2 and BSI 200-3 (freelance), Senior Consultant Operational Security (freelance)

Main industries Information Technology, Arts and Crafts, Media and Entertainment

Main business areas Information Technology, Quality Assurance, Project Management

Qualifications

Highest degree Master

Certifications earned 8

Profile

Created

January 2025

Last Update

June 2026

Need a freelancer? Find your match in seconds.

Try FRATCH GPT

Frequently asked questions

Have questions? Find more information here.

Where is Matthias based?

Matthias is based in Panketal, Germany and can operate in on-site, hybrid, and remote work models.

What languages does Matthias speak?

Matthias speaks the following languages: German (Native), English (Advanced), French (Elementary).

How many years of experience does Matthias have?

Matthias has at least 46 years of experience. During this time, Matthias has worked in at least 15 different roles and for 10 different companies. The average length of individual experience is 3 years and 11 months. Note that Matthias may not have shared all experience and actually has more experience.

What roles would Matthias be best suited for?

Based on recent experience, Matthias would be well-suited for roles such as: Senior Security Consultant (freelance), Security Architect BSI 200-2 and BSI 200-3 (freelance), Senior Consultant Operational Security (freelance).

What is Matthias's latest experience?

Matthias's most recent position is Senior Security Consultant (freelance) at DVZ M-V.

What companies has Matthias worked for in recent years?

In recent years, Matthias has worked for DVZ M-V, DTBS, BMZ, and Dataport.

Which industries is Matthias most experienced in?

Matthias is most experienced in industries like Information Technology, Arts and Crafts, and Media and Entertainment. Matthias also has some experience in Automotive, Manufacturing, and Government and Administration.

Which business areas is Matthias most experienced in?

Matthias is most experienced in business areas like Information Technology, Quality Assurance, and Project Management. Matthias also has some experience in Supply Chain Management, Production, and Logistics.

Which industries has Matthias worked in recently?

Matthias has recently worked in industries like Information Technology and Government and Administration.

Which business areas has Matthias worked in recently?

Matthias has recently worked in business areas like Information Technology, Audit, and Project Management.

What is Matthias's education?

Matthias holds a Master in Business Administration, specialization in Logistics.

Does Matthias have any certificates?

Matthias has 8 certificates. Among them, these include: Corporate / Public Sector Data Protection Officer, PECB Certified ISO/IEC 27001 Lead Auditor, and Corporate / Public Sector Data Protection Officer.

What is the availability of Matthias?

Matthias is immediately available full-time for suitable projects.

What is the rate of Matthias?

Matthias's rate depends on the specific project requirements. Please use the Meet button on the profile to schedule a meeting and discuss the details.