Marcus Pauli
Born on the 18th of March 1967 in Bamberg / Germany
Professional activities
05/2020 - today | Senior Sec. Architekt at Finanz Informatik Technologie Service |
12/2018 - 04/2020 | Cyber Security Specialist for Threat Intel and Incident Response with Airbus Cyberdefence formally Airbus Def. + Space |
10/2015 - 11/2018 | Security Analyst (Level 3) with Airbus Defence + Space |
09/2013 - 09/2015 | Sen. Cyber Security Specialist with Sophos Ltd. / UK |
12/2012 - 08/2013 | Sen. Network Specialist with Sophos GmbH / Germany |
01/2012 – 11/2012 | Sen. Application Manager with Roche Pharma / Germany |
07/2011 - 12/2011 | clearing the remaining customers of the insolvent Strawberry EDV-Systeme GmbH |
11/2009 – 06/2011 | Sen. Network Consultant with Strawberry EDV-Systeme GmbH / Germany |
02/2010 | Division manager of the technical department |
07/1998 – 10/2009 | Employee at DeTeSystems now known as T-Systems Enterprise Serv. |
07/2007 | Patch Manager , solely responsible for the EADS network |
10/2004 | Operative Security Manager for the EADS network |
08/2004 | Operative transfer of the EADS network into the operating structure of T-Systems B.S. |
06/2000 | System Manager |
01/2000 | Solely responsibility for the operating of the largest private router network in Germany (Allianz AG) |
10/1998 | Solely responsible Security Manager for the Allianz AG |
07/1998 | System Operator at DeTeSystem, Munich |
02/1996 - 06/1998 | Network Field Engineer with CompuServe Germany near Munich |
08/1995 – 01/1996 | PC-Network technician at Dontenwill, Munich |
01/1993 – 07/1995 | System- and Application support and Network administrator at Klüber Lubrication,Munich |
04/1989 – 12/1992 | Operator with DHL Worldwide Express, Munich |
02/1989 – 03/1989 | Sabbatical in Cairo |
11/1988 – 01/1989 | Work experience as Programmer at Sonotron, Munich |
07/1988 | Qualified as Freight Forwarding Merchant at the Chamber of Industry and Commerce |
09/1985 – 10/1988 | Apprenticeship and employment as Freight Forwarding Merchant at the Airport Munich at Emery Worldwide Express, Munich |
Scale of activities
Security Analyst L3 at Airbus D+S
Having the opportunity to support the colleagues at the SOC as a “last level resort” of information for all threats and issues, I’m especially dealing with the following topics besides my main topics of Vulnerability Assessment/Management and IOC-Sharing:
- 04/2020 GCFA exam passed
- Incident Responder and Forensic specialist with several internal and external customers
- Incident Response Handler for customers using several tools (Autopsy, TheHive, MISP)
- Forensic analysis (light) of mobile phones (IOS, Android) and windows server and client systems
- Technical lead of an Vulnerability-Assessment architecture document with the biggest European bank
- Vulnerability-Assessment of OT landscapes
- Building an APT Simulator using Splunk for customer demos
- Design, build and run of malware harvesting and IOC generation using MISP and Cuckoo
- Conducting, designing and running a company-wide IOC-sharing platform using MISP
- Static malware analysis
- Analysis of ongoing threats within the Airbus premises
- Forensic network analysis
- Design, build, run, securing, monitoring and documentation of the SOC-Lab (Windows AD, VMware, mail, dns, dhcp, FW, AV, proxy)
- Run, monitor, administer company-wide Vuln. Assessment using Greenbone and Nessus.
- Comprehensive VA reporting using own Splunk views
- Design, create and realize a VA Ticket automation using Splunk and OTRS
- Supporting several Cyber Audits as Analyst L3
- Use Case definition, implementation and testing of new and upcoming threats
- Training of internal teams (APT Groups, TCP/IP, IP routing, VA, OSINT, IOC-Sharing, Splunk, MISP, Cuckoo)
- Analyzing live data in terms of unwanted behavior
- Joining Airbus “Cyber Task Force” for identifying and defining new threat mitigations
- Internal and external advice on strategic, process-oriented and technological issues relating to IT and Cyber Security
- Designing, building and running:
- Vulnerability Assessment using Greenbone/OpenVAS
- Comprehensive Splunk-VA dashboarding and reporting
- Automation of VA-Ticketing using Splunk and otrs
- IntelThreat exchange internally and external using MISP, Soltra and several OSINT tools
- Technical management of our Level2-Analysts within the SOC
- Building up knowledge within threat sharing within the team
- Using CIF, MISP, IntelMQ, Soltra
- Designing, building and running live data correlations with
- Splunk, MISP, IntelMQ
- Starting a new personal development as "Data Analyst"
Cyber Security at Sophos
By giving me the opportunity of my long-cherished wish to change my profession to Cyber Security and relocate to England, I can now use by my skills in autodidactic and my understanding of complex technical relationships, to enhance the security of Sophos to a state of the art level. Creating corporate security instructions, threat assessments of known and especially newly released threats and comprehensive event correlation are the main daily tasks. But the analysis and verification of threats (identified by my ongoing scans) with my own attacks, the company-wide consultation of colleagues and management at security issues are also part of my job as well as the regular decrypting the domain passwords for locating weak basic security. In my present position I am responsible for the building, maintenance and operation of out SIEM, which gives the team a clear understanding of the current threat situation in general, but also the weaknesses of individual systems and applications in detail. Current focus of my work is the analysis of IDS data and anomaly detection in combination with reputational information in particular. Through my persuasiveness and expressiveness, I succeed very well to convince my colleagues and employees in the entire company to the need of any countermeasures or configuration changes to your systems, in order to meet the required safety level.
Network security
Since my entrance in the range of the technology, I set a personal emphasis in the topic security in networks, buildings and the personnel surrounding field. Also nothing changed that with my promotion to the director/conductor of the technology at the Strawberry GmbH. Rather this passion was expanded by my high auto didactics now on the co-workers of the department with my internal training courses.
Operating of heterogeneous networks
My priority activities cover everything within the range of the 2nd and 3rd level support of the IT-landscape of our customers. Particularly the analysis and customer-fair documentation of various, complex and heterogeneous networks, rounded up by various security audits and penetration test of the customer nets with the presentation of the results and the pointing out of risks and counter measures in front of the customers and its specialist.
System configuration
Primarily the following hard and software components fall into my area of excellence in the enterprise network duties:
Cisco IOS, CatOS, squid, bind, iptables, PaloAlto, WebWasher, Smartfilter, checkpoint, Stonegate, Astaro, Asterisk, OpenVPN, remote access and Sophos-AV and BackupExec. The control of the dedicated operating systems Solaris, Debian, SuSE, Windows 2003 servers are just as natural, as different other open source products and services in the internal as also in the customer surrounding field.
Personal development
In the past year an emphasis of my personal development targets particularly lay in the appropriation of theoretical and practical knowledge around information drift of data and information from the internal networks especially by mobile communications (IPhone, Android, laptop).
Executive duties
None right now, but by the entrance into the management of the Strawberry, I had the technical and personnel lead of the technology department, as well as budget responsibility. Also my commercial as well as strategic support of the management circle was part of my tasks.
Education
09/1973 – 06/1983 Elementary school: Oberhausen i. Obb., München, Wolfratshausen, Geretsried, Tegernsee
09/1983 – 07/1985 Junior high school: Michael Grzimek Schule, Nairobi, Kenya
09/1992 – 07/1994 advanced technical college entrance qualification:
Telekolleg, München
Languages
German native speaker
English business fluent in talking and writing
Arabic basic knowledge
Kiswahili basic knowledge
Technical qualifications
Forensic GCFA, X-Ways, Autopsy, PhotoRec, Datarecovery tools, own tools
Communication G.703, G.704, RS232, I.403, X25, Frame-Relay, ATM, TCP/IP Routing RIP V1/2, EIGRP, OSPF, ISIS, BGP
Operating systems Microsoft: Windows 98, XP, Vista, Server 2003
Linux: debian, Ubuntu, SuSE, RedHat, Fedora
Unix: Solaris
Standard applications:
Unix: DNS: Bind8 + Bind9
Proxy: Squid, Webwasher, Trendmicro Viruswall
Webserver: Apache + Apache2
Windows: Active Directory, DNS-Server, Exchange, IIS
Backup & Recovery Symantec – BackupExec 12, CA Arcserve, SEP – Sesam, Rsync and own scripts
Opensource VoIP: Asterisk 1.2 – 1.4
Ticketing: Eventum, otrs
Office: OpenOffice, MS Office (Excel, Word, PowerPoint, Visio, Outlook)
Firewalls Checkpoint NG – 6.5, Stonegate, PaloAlto, iptables (fwbuilder), FW-Toolkit (ex. Gauntlet)
Cisco PIX und FW-IOS, ACL’s), Sophos/Astaro UTM Ver. 3-9
Client-FW’s: Zonealarm, Norton, Sophos Ent. server, etc.
Patchmanagement PatchLINK (SuSE, Solaris, RedHat) Adventnet Sec. Man. Plus (debian, Windows) Debian apt
Windows WSUS
Cisco Trainings TCP/IP + IPv6
ATM Internetworking
Configuration and Troubleshooting Advanced BGPv4
Building Cisco Multilayer Switched Networks
Building Cisco Remote Access Networks
Building Scalable Cisco Networks
Installation and Maintenance of Cisco Router
Cisco SNA Configuration for Multiprotocol Administrators
Data Link Switching Plus
Cisco Campus ATM Solutions
Cisco Voice over Frame Relay, ATM and IP
Configuration BGP on Cisco Routers
Cisco Certified Internetwork Expert