This month I’ve earned the Information Security Risk Manager. ISO/IEC 27005 certification of rigcert.education. Having multiple years of experience in managing security risks in OT environments according to IEC 62443-3-2, the ISO 27005 provides an extended perspective on risk management. Effective information security risk management is crucial for maintaining secure systems. Failing to properly assess…
This post is a great example, that a spear phishing attack also works in the offline world. It does not always have to be an e-mail! Thank you to Marc Torke for sharing this. The letter in the picture is claiming to come from an official German court and was sent to a newly founded…
Frank Karlitschek, the founder and CEO of Nextcloud, gave an inspiring talk at 2025 re:publica conference in Berlin about how to establish a sustainable, enterprise-ready open-source project. 🌐 Link [DE]: re:publica 25: Frank Karlitschek – So baut man ein nachhaltiges Open Source Unternehmen In his talk he highlights the factors making an open-source project successful….
There is a job advert for a Windows 3.11 administrator role in the rail industry doing the rounds on the internet right now – e.g. here at Heise. It’s often accompanied by the question why such old systems are still in use – it’s 2024! Yes, this is the reality of OT systems – not…
Getting ready for my talk at Verband Deutscher Eisenbahn-Ingenieure e.V. (VDEI) Fachtagung Cybersecurity 2022. I’ll be speaking about Security for Safety and will be sharing a couple of lessons learned and best practices from real world projects at ICS – Informatik Consulting Systems.
A short excerpt from my pitch on ‘Security for Safety’ as part of the BW-International Session at it-sa 2021 is available here: Post | LinkedIn