legal contact rss

Marcus Pauli

Born on the 18th of March 1967 in Bamberg / Germany

Professional activities

05/2020 - today Senior Sec. Architekt  at
Finanz Informatik Technologie Service 
12/2018 - 04/2020 Cyber Security Specialist for Threat Intel and Incident Response with Airbus Cyberdefence formally Airbus Def. + Space 
10/2015 - 11/2018 Security Analyst (Level 3) with Airbus Defence + Space
09/2013 - 09/2015 Sen. Cyber Security Specialist with Sophos Ltd. / UK
12/2012 - 08/2013 Sen. Network Specialist with Sophos GmbH / Germany
01/2012 – 11/2012 Sen. Application Manager with Roche Pharma / Germany
07/2011 - 12/2011 clearing the remaining customers of the insolvent Strawberry EDV-Systeme GmbH
11/2009 – 06/2011 Sen. Network Consultant with Strawberry EDV-Systeme GmbH / Germany
02/2010 Division manager of the technical department
07/1998 – 10/2009 Employee at DeTeSystems now known as T-Systems Enterprise Serv.
07/2007 Patch Manager , solely responsible for the EADS network
10/2004 Operative Security Manager for the EADS network
08/2004 Operative transfer of the EADS network into the operating structure of T-Systems B.S.
06/2000 System Manager
01/2000 Solely responsibility for the operating of the largest private router network in Germany (Allianz AG)
10/1998 Solely responsible Security Manager for the Allianz AG
07/1998 System Operator at DeTeSystem, Munich
02/1996 - 06/1998 Network Field Engineer with CompuServe Germany near Munich
08/1995 – 01/1996 PC-Network technician at Dontenwill, Munich
01/1993 – 07/1995 System- and Application support and Network administrator at Klüber Lubrication,Munich
04/1989 – 12/1992 Operator with DHL Worldwide Express, Munich
02/1989 – 03/1989 Sabbatical in Cairo
11/1988 – 01/1989 Work experience as Programmer at Sonotron, Munich
07/1988 Qualified as Freight Forwarding Merchant at the Chamber of Industry and Commerce
09/1985 – 10/1988 Apprenticeship and employment as Freight Forwarding Merchant at the Airport Munich at Emery Worldwide Express, Munich

Scale of activities

Security Analyst L3 at Airbus D+S

Having the opportunity to support the colleagues at the SOC as a “last level resort” of information for all threats and issues, I’m especially dealing with the following topics besides my main topics of Vulnerability Assessment/Management and IOC-Sharing:

  • 04/2020 GCFA exam passed
  • Incident Responder and Forensic specialist with several internal and external customers
  • Incident Response Handler for customers using several tools (Autopsy, TheHive, MISP)
  • Forensic analysis (light) of mobile phones (IOS, Android) and windows server and client systems
  • Technical lead of an Vulnerability-Assessment architecture document with the biggest European bank
  • Vulnerability-Assessment of OT landscapes
  • Building an APT Simulator using Splunk for customer demos
  • Design, build and run of malware harvesting and IOC generation using MISP and Cuckoo
  • Conducting, designing and running a company-wide IOC-sharing platform using MISP
  • Static malware analysis
  • Analysis of ongoing threats within the Airbus premises
  • Forensic network analysis
  • Design, build, run, securing, monitoring and documentation of the SOC-Lab (Windows AD, VMware, mail, dns, dhcp, FW, AV, proxy)
  • Run, monitor, administer company-wide Vuln. Assessment using Greenbone and Nessus.
  • Comprehensive VA reporting using own Splunk views
  • Design, create and realize a VA Ticket automation using Splunk and OTRS
  • Supporting several Cyber Audits as Analyst L3
  • Use Case definition, implementation and testing of new and upcoming threats
  • Training of internal teams (APT Groups, TCP/IP, IP routing, VA, OSINT, IOC-Sharing, Splunk, MISP, Cuckoo)
  • Analyzing live data in terms of unwanted behavior
  • Joining Airbus “Cyber Task Force” for identifying and defining new threat mitigations
  • Internal and external advice on strategic, process-oriented and technological issues relating to IT and Cyber Security
  • Designing, building and running:
  • Vulnerability Assessment using Greenbone/OpenVAS
  • Comprehensive Splunk-VA dashboarding and reporting
  • Automation of VA-Ticketing using Splunk and otrs
  • IntelThreat exchange internally and external using MISP, Soltra and several OSINT tools
  • Technical management of our Level2-Analysts within the SOC
  • Building up knowledge within threat sharing within the team
  • Using CIF, MISP, IntelMQ, Soltra
  • Designing, building and running live data correlations with
  • Splunk, MISP, IntelMQ
  • Starting a new personal development as "Data Analyst"

Cyber Security at Sophos

By giving me the opportunity of my long-cherished wish to change my profession to Cyber Security and relocate to England, I can now use by my skills in autodidactic and my understanding of complex technical relationships, to enhance the security of Sophos to a state of the art level. Creating corporate security instructions, threat assessments of known and especially newly released threats and comprehensive event correlation are the main daily tasks. But the analysis and verification of threats (identified by my ongoing scans) with my own attacks, the company-wide consultation of colleagues and management at security issues are also part of my job as well as the regular decrypting the domain passwords for locating weak basic security. In my present position I am responsible for the building, maintenance and operation of out SIEM, which gives the team a clear understanding of the current threat situation in general, but also the weaknesses of individual systems and applications in detail. Current focus of my work is the analysis of IDS data and anomaly detection in combination with reputational information in particular. Through my persuasiveness and expressiveness, I succeed very well to convince my colleagues and employees in the entire company to the need of any countermeasures or configuration changes to your systems, in order to meet the required safety level.

Network security                  

Since my entrance in the range of the technology, I set a personal emphasis in the topic security in networks, buildings and the personnel surrounding field. Also nothing changed that with my promotion to the director/conductor of the technology at the Strawberry GmbH. Rather this passion was expanded by my high auto didactics now on the co-workers of the department with my internal training courses.


Operating of heterogeneous networks                              

My priority activities cover everything within the range of the 2nd and 3rd level support of the IT-landscape of our customers. Particularly the analysis and customer-fair documentation of various, complex and heterogeneous networks, rounded up by various security audits and penetration test of the customer nets with the presentation of the results and the pointing out of risks and counter measures in front of the customers and its specialist.

System configuration            

Primarily the following hard and software components fall into my area of excellence in the enterprise network duties:

Cisco IOS, CatOS, squid, bind, iptables, PaloAlto, WebWasher, Smartfilter, checkpoint, Stonegate, Astaro, Asterisk, OpenVPN, remote access and Sophos-AV and BackupExec. The control of the dedicated operating systems Solaris, Debian, SuSE, Windows 2003 servers are just as natural, as different other open source products and services in the internal as also in the customer surrounding field.

Personal development           

In the past year an emphasis of my personal development targets particularly lay in the appropriation of theoretical and practical knowledge around information drift of data and information from the internal networks especially by mobile communications (IPhone, Android, laptop).

Executive duties                   

None right now, but by the entrance into the management of the Strawberry, I had the technical and personnel lead of the technology department, as well as budget responsibility. Also my commercial as well as strategic support of the management circle was part of my tasks.


09/1973 – 06/1983                 Elementary school: Oberhausen i. Obb., München, Wolfratshausen, Geretsried, Tegernsee

09/1983 – 07/1985                 Junior high school: Michael Grzimek Schule, Nairobi, Kenya

09/1992 – 07/1994                 advanced technical college entrance qualification:

                                               Telekolleg, München


German                                  native speaker

English                                    business fluent in talking and writing

Arabic                                     basic knowledge

Kiswahili                                  basic knowledge


Technical qualifications

Forensic                                 GCFA, X-Ways, Autopsy, PhotoRec, Datarecovery tools, own tools

Communication                      G.703, G.704, RS232, I.403, X25, Frame-Relay, ATM, TCP/IP Routing RIP V1/2, EIGRP, OSPF, ISIS, BGP

Operating systems                 Microsoft: Windows 98, XP, Vista, Server 2003

Linux:                                     debian, Ubuntu, SuSE, RedHat, Fedora

Unix:                                      Solaris

Standard applications:

Unix:                                      DNS: Bind8 + Bind9

Proxy:                                    Squid, Webwasher, Trendmicro Viruswall

Webserver:                            Apache + Apache2


Windows:                              Active Directory, DNS-Server, Exchange, IIS

Backup & Recovery               Symantec – BackupExec 12, CA Arcserve, SEP – Sesam, Rsync and own scripts

Opensource                          VoIP: Asterisk 1.2 – 1.4

Ticketing:                              Eventum, otrs

Office:                                   OpenOffice, MS Office (Excel, Word, PowerPoint, Visio, Outlook)

Firewalls                                Checkpoint NG – 6.5, Stonegate, PaloAlto, iptables (fwbuilder), FW-Toolkit (ex. Gauntlet)

                                             Cisco PIX und FW-IOS, ACL’s), Sophos/Astaro UTM Ver. 3-9

Client-FW’s:                          Zonealarm, Norton, Sophos Ent. server, etc.

Patchmanagement                PatchLINK (SuSE, Solaris, RedHat) Adventnet Sec. Man. Plus (debian, Windows) Debian apt

Windows                               WSUS

Cisco Trainings                     TCP/IP + IPv6

                                             ATM Internetworking

                                             Configuration and Troubleshooting Advanced BGPv4

                                             Building Cisco Multilayer Switched Networks

                                             Building Cisco Remote Access Networks

                                             Building Scalable Cisco Networks

                                             Installation and Maintenance of Cisco Router

                                             Cisco SNA Configuration for Multiprotocol Administrators

                                             Data Link Switching Plus

                                             Cisco Campus ATM Solutions

                                             Cisco Voice over Frame Relay, ATM and IP

                                             Configuration BGP on Cisco Routers

                                             Cisco Certified Internetwork Expert