IT-Consulting

Timo Pagel | Web Security Training Expert

Timo Pagel

DevSecOps Consulant

Freelancer

Biography

Timo Pagel is a security architect, located in Hamburg. He is an IT specialist in system integration and web security. He has been in IT industry for over fifteen years for designs, builds, and oversees the implementation of network, infrastructure, cloud, and application security for organizations.
 
After a career as a system administrator and web developer, he now advises clients on DevOps security with the focus on security test automation for software and infrastructure. He is a proven security professional as well as a leader of security teams and programs within a cloud service environment. He is also specialized in security education; secure development lifecycle, application security training in Hamburg, program design and architecture, compliance, and docker Security. In his free time, he teaches “Security in Web Applications” at the University of Applied Sciences Wedel.
 

Timo Pagel is an internationally acclaimed speaker whose lively talks are accompanied by the exclusive DevSecOps Workshop in Hamburg, Germany. He speaks on the different concepts like OWASP Juice Shop, OWASP DevSecOps maturity model, OWASP Security Pins projects, etc. He also builds security infrastructures, providing technical guidance, assessing opportunities & risks, and establishing security policies and procedures.

Interests

  • (Agile) Secure Development Lifecycle
  • DevSecOps
  • Threat Modeling

Education

  • Master of Science, 2016

    University of Applied Sciences Kiel

  • Bachelor of Science, 2014

    University of Applied Sciences Kiel

  • Qualified IT specialist for system integration, 2009

    Ennit AG and IHK, Kiel

DevSecOps

Embrace the full DevSecOps-toolchain and culture to enhance the security of your cloud and applications.

Check out the OWASP DevSecOps Maturity Model 

Projects

WEB-SECURITY TRAINING

Train developers web threats and how to develop secure code.

WEB-SECURITY TRAINING ADVANCED

Train developers web threats and how to develop secure code.

CONTAINER SECURITY WORKSHOP

Conduction of a container security workshop to show the threats by operating containers.

CLOUD SECURITY STRATEGY

Assessment of the cloud security strategy or the implementation. Giving recommendations to enhance cloud security.

WORKSHOP AGILE SECURITY

Introduction into modern methods to integrate security into the development lifecycle.

DevSecOps WORKSHOP

Introduction into modern methods to integrate security into the development lifecycle.

SECURITY ASSESSMENT AND MANAGEMENT

Assessment of the overall security status, planning of activities and check of the effectiveness.

DevSecOps-ASSESSMENT

Assessment of the current DevOps security status, planning of activities and check of the effectiveness.

AGILE THREAT MODELING

Conduction of a structured analysis to identify threats in IT systems.

SECURITY CHECK

Quick security check of web applications to identify threats in running applications for common pit falls.

WORDPRESS SECURITY

Hardening of WordPress

SECURITY AWARENESS TRAINING

Security Awareness Training

Recent & upcoming Talks

Usage of the DevSecOps Maturity Model (German)

Online

Video

Sicherheit per Kultur – Agile Security & DevOps

Aug 20, 2020

Breaking Agile Meetup

Meetup
Video Comming Soon

Strategic Usage of the OWASP DevSecOps Maturity Model

Aug 20, 2020

OWASP Ottawa Meetup

Meetup
Video

Presentation of the OWASP Security Pins Project

Dec 10, 2019
OWASP German Day
Slides

My containers have been running stable for a year, is that good?

May 14, 2019

Continuous Lifecycle London

Presentation of the OWASP Pins Project

Feb 27, 2019

OWASP Stammtisch Hamburg

Code

Vorstellung der Autorisierungskonzepte in OAuth 2

Oct 18, 2018

Heise DevSec()

Slides

Vorstellung der Autorisierungskonzepte in OAuth 2

Sep 15, 2018

Kieler Open Source und Linux Tage

Slides

Presentation of the DevSecOps Maturity Model

Jun 6, 2018

OWASP Summit

Slides
Code

Docker Security Workshops

Jun 16, 2017

OWASP Stummit

Slides
Code

Hacking-Session für Developer (und Pentester)

Sep 16, 2016

Kieler Open Source und Linux Tage

Slides

Fail Fast, Automation von Sicherheitstests für Webanwendungen

Sep 15, 2016

DiWiSH-Fachgruppe Open Business: 2. Kieler Open Source Business Konferenz

Slides

DevOpsSecurity – Automatisierung von dynamischen Sicherheitsprüfungen

Sep 27, 2015

PHP Unconference

Slides

Experience

August 2018 – Present

Hamburg, Germany

DevSecOps Consultant

Leading finance- and insurance software development company (NDA)

  • Development of strategies and concepts to integrate security into the development lifecycle and into operations (e.g. Kubernetes)
  • Conception and implementation of continuous security tests in the build pipeline
  • Security review of complex IT Systems like OAuth2, multi factor authentication, webserver and Java applications
  • Training of internal security experts

February 2017 – Present

Hamburg, Germany

DevSecOps Consultant

SIGNAL IDUNA Gruppe

  • Development of concepts to integrate security into the development lifecycle
  • Conception and implementation of continuous security tests in the build pipeline
  • Security review of complex IT Systems like OAuth, multi factor authentication, webserver, OpenShift clusters and Java applications
  • Training of internal security experts

March 2016 – May 2016

Kiel, Germany

Websecurity Consulant

Web Agency (NDA)

  • Automation of static and dynamic security tests in the build pipeline
  • Conduction of security trainings

January 2016 – June 2016

Kiel, Germany

DevSecOps Consultant

Startup (NDA)

Evaluation and implementation of DevOps strategies to enhance the security of webapplications

March 2015 – December 2018

Kiel, Germany

CTO

FHUNii Media UG & Co. KG

August 2014 – November 2014

Hamburg, Germany

Webdeveloper with security background

Iteratec GmbH

  • Evaluation and implementation of dynamic security tests as a prototype for SecureCodeBox.io

June 2014 – June 2018

Kiel, Germany

Fullstack Developer

Lengalia

  • Development and maintenance of a web vocabulary trainer in PHP and JavaScript

August 2012 – June 2013

Kiel, Germany

IT-Referent

AStA of the University of Applied Sciences Kiel

Voluntary development of a ‘Rückerstattungssoftware’ with PHP, MySQL and JavaScript

August 2009 – September 2013

Kiel, Germany

Webdevelopment and system administration (work student)

ennit interactive GmbH

  • Development of hotel booking engines in PHP and JavaScript
  • Administration of webservers like Apache or OpenStreetMap

February 2006 – June 2010

Kiel, Germany

Qualified IT specialist for system integration

TNG AG (now Ennit AG)

Teaching

October 2020 – present

Elmshorn, Germany

Lecturer for Security in IT-Security

Nordakademie

  • Conception of the module IT-Security bachelor students
  • Conduction of the course

April 2019 – present

Wedel, Germany

Lecturer for Security in Webapplications

University of Applied Sciences Wedel

  • Conception of the module Security in Webapplications for master students
  • Conduction of the course

October 2018 – present

Hamburg, Germany

Conduction of Docker Security Workshop

iteratec GmbH

  • Conduction of one day docker security trainings

July 2018 – present

Nürnberg, Germany

Conduction of  a DevSecOps Workshop

Leading tax software development company (NDA)

  • Conduction of a two days DevSecOps and Agile Secure Development Lifecycle training for the head of security

September 2016 – January 2017

Kiel, Germany

Lecturer for IT-Infrastructure

Schleswig-Holstein Business Academy

  • Conception of the module IT-Infrastructure for bachelor students
  • Conduction of the course
  • Conception and implementation of a virtual IT infrastructure with Virtualbox

June 2014 – September 2014

Kiel, Germany

Lecturer for Security in Webapplications

University of Applied Sciences Kiel

  • Conception of a teaching concept and the module Security in Webapplications for bachelor students
  • Conduction of the course
  • Conception and implementation of a virtual IT infrastructure to learn how to conduct IT security audits

Contact