Experience

  • January 2025 – Present
  • Informatik Consulting Systems GmbH
  • What am I doing here?

Driving security innovation

  • Alignment and strategic development of the Competence Center Security within Informatik Consulting Systems GmbH
  • Expansion of know-how and support for internal training measures
  • Addressing new customers
  • Evaluation of promising business cases

Team management

  • Team Lead Rail Security
  • Lead a distributed team of currently six specialists across Germany and Switzerland.
  • Implement a modern leadership style in a hybrid work environment.
  • Ensure and balance workload of team members.
  • Serve as the first point of contact for team members
  • Prepare and conduct annual employee performance reviews and monthly 1 on 1 meetings.
  • Identify necessary qualification and professional development of team members.
  • Plan team goals and the strategic development of the Rail Security team
  • Contribute to the strategic development of the Security department.

Project Management & Technical Sales for railway projects

  • Manage technical and commercial aspects of projects with distributed teams.
  • Ensure completion of project to the satisfaction of the customer in time and budget.
  • Identify technical needs of customers and prepare technical concepts for quotations.
  • Estimation of effort to realize technical concepts & security management.
  • Discuss technical and commercial aspects of quotations with customers.

Technical Skills

  • Security Lifecycle Management
    • Security management for the whole lifecycle of railway systems according to CENELEC TS 50701.
    • Integrate security lifecycle into RAMS lifecycle according to CENELEC TS 50701.
    • Tailor IEC 62443 and CENELEC TS 50701 for customer projects.
  • Develop specific approaches in complex and international project environments for railway operators as well as large and small suppliers.
  • Conduct security risk assessments according to IEC 62443-3-2.
  • Secure railway applications of customers using IEC 62443-3-3 and IEC 62443-4-2 requirements.
  • Consider specific limitations in safety-critical OT (Operational Technology) environments.
  • Security Management in accordance with IEC 62443-4-1.
  • Ensure traceability between requirements and security-related tests
  • Apply CENELEC TS 50701 for Security Management Plans.
  • Apply CENELEC TS 50701 for railway-specific Security Cases.
  • Apply agile development processes in safety-critical environments (EN 50126 / EN 50128).
  • Audit (non-accredited) security lifecycle management according to CENELEC TS 50701, IEC 62443-3-2, IEC 62443-3-3, IEC 62443-4-1, IEC 62443-4-2
  • April 2022 – December 2024
  • Informatik Consulting Systems GmbH
  • What am I doing here?

Team management

  • Team Lead Rail Security
  • Lead a distributed team of currently six specialists across Germany and Switzerland.
  • Implement a modern leadership style in a hybrid work environment.
  • Ensure and balance workload of team members.
  • Serve as the first point of contact for team members
  • Prepare and conduct annual employee performance reviews and monthly 1 on 1 meetings.
  • Identify necessary qualification and professional development of team members.
  • Plan team goals and the strategic development of the Rail Security team
  • Contribute to the strategic development of the Security department.

Project Management & Technical Sales for railway projects

  • Manage technical and commercial aspects of projects with distributed teams.
  • Ensure completion of project to the satisfaction of the customer in time and budget.
  • Identify technical needs of customers and prepare technical concepts for quotations.
  • Estimation of effort to realize technical concepts & security management.
  • Discuss technical and commercial aspects of quotations with customers.

Technical Skills

  • Security Lifecycle Management
    • Security management for the whole lifecycle of railway systems according to CENELEC TS 50701.
    • Integrate security lifecycle into RAMS lifecycle according to CENELEC TS 50701.
    • Tailor IEC 62443 and CENELEC TS 50701 for customer projects.
  • Develop specific approaches in complex and international project environments for railway operators as well as large and small suppliers.
  • Conduct security risk assessments according to IEC 62443-3-2.
  • Secure railway applications of customers using IEC 62443-3-3 and IEC 62443-4-2 requirements.
  • Consider specific limitations in safety-critical OT (Operational Technology) environments.
  • Security Management in accordance with IEC 62443-4-1.
  • Ensure traceability between requirements and security-related tests
  • Apply CENELEC TS 50701 for Security Management Plans.
  • Apply CENELEC TS 50701 for railway-specific Security Cases.
  • Apply agile development processes in safety-critical environments (EN 50126 / EN 50128).
  • Audit (non-accredited) security lifecycle management according to CENELEC TS 50701, IEC 62443-3-2, IEC 62443-3-3, IEC 62443-4-1, IEC 62443-4-2
  • July 2020 – March 2022
  • Informatik Consulting Systems GmbH
  • What did I do there?
  • Business Unit Mobility / Business Center Security
  • Project Manager
  • Technical and commercial management of project teams distributed over multiple locations
  • Tailoring of IEC 62443 and CENELEC TS 50701 for our customer projects
  • Project Security Management
  • Security risk assessment according to IEC 62443-3-2
  • Securing railway applications of our customers with the help of IEC 62443-3-3 and IEC 62443-4-2 requirements
  • Application of CENELEC TS 50701 for railway specific security cases
  • Application of agile development process in safety critical environment (EN50128)
  • May 2019 – June 2020
  • Informatik Consulting Systems GmbH
  • What did I do there?
  • Business Unit Mobility / Business Center Security
  • Project Manager (since 01/2020)
  • Technical management of project teams distributed over multiple locations
  • Project Security Management
  • Security risk assessment according to IEC 62443
  • Development of customized ETCS solutions for our customers
  • Application of agile development process in safety critical environment (EN50128)
  • Application of agile development process in safety critical environment (EN50128)
  • June 2016 – April 2019
  • Informatik Consulting Systems GmbH
  • What did I do there?
  • Business Unit Transportation
  • Project Security Management
  • Security risk assessment according to IEC 62443
  • Development of customized ETCS solutions for our customers
  • Application of agile development process in safety critical environment (EN50128)
  • August 2015 – May 2016
  • LEA Railergy
  • What did I do there?
  • Development of simulation software for automatic train protection systems such as ETCS (European Train Control System)
  • Product development for innovative railway simulations
  • April 2015 – July 2015
  • DB Netz AG (German railway infrastructure operator)
  • What did I do there?
  • Integration tests for on-board unit model
  • Train simulation model for openETCS on-board unit
  • Top 3 contributor to the openETCS work package 3 (formal on-board unit model)
  • Experience in European collaboration
  • October 2014 – April 2015
  • DB Netz AG (German railway infrastructure operator)
  • What did I do there?
  • Thesis title: “Evaluation of the model-driven development approach in the openETCS project”
  • Top 3 contributor to the openETCS work package 3 (formal on-board unit model)
  • Experience in European collaboration
  • April 2012 – August 2014
  • Ulm University
  • What did I do there?

Supervision and assistance of students (bachelor and master level) during the lab course “Lab Microcomputer”.

Support of the student teams during the complete design and implementation process of a control module for a sorting facility.

The following steps were supervised and supported:

  • Design of the electrical circuits using the CAD tool Eagle
  • Layout of PCB using Eagle
  • Assembly and soldering of PCB
  • Implementation of software using the language C
  • Debugging and testing
  • Integration of the control circuit into the facility and testing the communication via CAN bus
  • Documentation of the whole project

Publications

Since the IT Security Act for the traffic and transport sector came into effect, one of the key challenges for security managers in the rail sector has been to integrate the necessary security activities into the processes established for security-relevant systems. ICS GmbH has been entrusted with security management in numerous rail projects since 2016, especially in the field of ETCS (European Train Control System) and retrofitting. In addition to the article on the implementation of legacy rolling stock security, this article describes proven approaches to security management in ETCS projects.

  • October 2016
  • MODELS ’16 Proceedings of the ACM/IEEE 19th International Conference on Model Driven Engineering Languages and Systems 
  • Stefan Karg, Alexander Raschke, Matthias Tichy, Grischa Liebel
  • Link to article (ACM DL)

Model-driven software engineering in industrial practice has been the focus of different empirical studies and experience reports. Particularly, positive effects of model-driven software engineering have been reported in the domain of embedded and safety-critical systems.

We report in this paper on the experiences of the openETCS European research project whose goal was to formalize the System Requirements Specification and to develop an open source reference implementation of the European Train Control System including open source modeling tools. Furthermore, we will discuss lessons learned, e.g., about using open source modeling toolchains in safety-critical contexts and about using the SCADE Suite for the development of the safety-critical parts.

  • April 2016
  • zevrail
  • Jakob Gärtner, Dr. Michael Jastram, Dr. Peter Mahlmann, Dr. Rüdiger Hase, Bernd Hekele, Stefan Karg
  • Link to article (zevrail)

Publication in zevrail regarding the results of the European research project openETCS

  • August 2015
  • MobileHCI ’15 Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services / Pages 274-283 / ACM New York, NY, USA
  • Jan Gugenheimer, Alexander De Luca, Hayato Hess, Stefan Karg, Dennis Wolf, Enrico Rukzio
  • Link to article (ACM DL)

In this paper we present ColorSnakes, a PIN-based authentication
mechanism for smartphones which uses fake paths on a grid of
numbers to disguise user input. In a lab study (n=24), we evaluated
variations of ColorSnakes in terms of usability and security.

In comparison to direct input, indirect input significantly reduced the
risk of shoulder surfing (10.5%) without increasing the input time.
In a follow up real-world study (n=12), we compared ColorSnakes
with PIN entry and Android’s Pattern Unlock over the course of
three weeks. Although authentication time for ColorSnakes was
higher than for the other two mechanisms, participants valued the
security benefit over its slightly higher error rate and increased
authentication time.

We argue that ColorSnakes could be used as
an additional authentication mechanism alongside current mechanisms,
thus providing the user with the choice of changing to
ColorSnakes for certain applications or when there is an observer.

Certificates

Basic Certificate in Project Management

July 2018
GPM

Training

EULYNX Introduction Module

December 2024
EULYNX Academy

Information Security and ISO 27001

June 2020
Informatik Consulting Systems GmbH

EUG2015B
ERTMS Specialist Training

April 2015
ERTMS Users Group, Brussels

Introduction into development of safety-critical systems

June 2016
Informatik Consulting Systems GmbH

Model-Based Design with SCADE Suite

January 2015
ANSYS, Inc.

Memberships

  • Participation in DKE Rail Security Working Group
    DKE/AK 351.3.7A (Maintenance of Existing Preliminary Standards)
  • ISC2

Education

  • 2012 – 2015
  • Ulm University
  • Master’s Degree in Computer Science
  • 2009 – 2012
  • Ulm University
  • Bachelor’s degree in Communications and Computer Engineering

Languages

English (C1 – Advanced)
German (C2 – Native)