Dr. Christian Gutschwager - Cyber Security
Dr. Christian Gutschwager
Cyber Security, Awareness, OT-Security, Risk Management, CISSP, CCSP, PMP
Mission
I help you to identify, communicate and mitigate cyber security risks which are critical to your business operations. OT security, security awareness, Identity and Access management and risk management / ISO 27001 information security management (ISMS) are my specialisations.
How can I support you?
Information security and risk management consultant
Do you need a consultant to support a project regarding information security or risk management or you want to introduce an aspect of IT security into your company? I would be happy to talk to you about how I can use my experience to solve your problems. I am CISSP (“Certified Information Systems Security Professional”) certified which is considered the most difficult and comprehensive certification in the field of information security (including risk management) and requires both broad theoretical knowledge and proven professional experience.
Project manager (Agile and Waterfall)
Do you need an experienced project manager who manages a demanding IT security project and is able to communicate with senior management, programmers and employees in production on eye-level, talk their language and understand their needs? I would be happy to discuss your needs and how we can successfully implement your project. As a certified Google Project Management Professional I gained many years of project manager experience in both agile and waterfall projects in an international DAX chemical company, in a regional insurance company and in a small start-up.
Specialisations
Security of production facilities (OT-Security)
Production facilities form the basis of many companies. Since many corporate networks are now well protected against attacks by criminals, many criminals focus on the simpler targets: production facilities. These are often not possible to keep up to date with the latest security standards, originally designed as solutions without a network connection they are now a gateway to the company network, thanks to Industry 4.0 and 5G. The motivation of criminals can be simple industrial espionage or the attempt to extort money using ransomware.
Awareness
Employee awareness and training is an often neglected topic in IT security. The best firewalls, the strongest passwords, the fastest installation of patches, the latest AI antivirus scanner are of little use if employees do not understand the latest social engineering attacks, if passwords are passed on due to phishing emails or millions of €/$ are transferred from the finance department to criminals because a criminal poses as the CEO with a secret project or as a supplier with a new bank account.
Identity and Access Management (IAM)
I find it exciting to set up identity and access management correctly and in a modern way. This includes rolling out recommendations from NIST across the company, training users, building Zero Trust architecture, enabling remote access for service providers with secure remote access solutions, defining expectations for handling passwords and user management with providers and employees with SSO and Identity Federation to make work easier and more secure at the same time.
Risk Management and Information Security Management System (ISMS)
The basis of any strategy for ensuring information security is the identification and assessment of risks and setting up an ISMS to manage these risks. It is fundamental to first understand which information is critical for the company, which applications process this information and which relevant dangers these applications are exposed to. Afterwards business-supporting processes are set up to mitigate relevant risks.
I supported the DAX group Henkel and several start-ups in establishing and renewing the information security risk management in the office area and, in particular, in simplifying the classification of information and applications with regard to their protection requirements, in rebuilding the asset management in several production plants and to evaluate and to ensure that IT security is adequately taken into account within supply chain risk management.