Timo Pagel
DevSecOps Trainer/Architect/StrategistContact
- github.com/wurstbrot
- linkedin.com/in/timo-pagel-80900b81
- Diekskamp 24, 22949 Ammersbek, Germany
- cv@pagel.pro
Security Skills
Secure Development Lifecycle
-
100
%
Threat Modeling
-
100
%
DevSecOps
-
100
%
Container Security
-
100
%
Cloud Security
-
90
%
Security Testing Integration
-
100
%
Vulnerability Management (including tools like DefectDojo)
-
100
%
Establishment of Good Security Culture
-
100
%
Security Strategy
-
80
%
Security Assessment
-
80
%
Development Skills
Java
-
80
%
Clean Code
-
80
%
JavaScript
-
80
%
PHP
-
80
%
Design Pattern
-
70
%
Operations
Linux
-
100
%
Containers
-
90
%
Kubernetes
-
80
%
Cloud Service Providers like AWS, GCP
-
60
%
Virtualization
-
80
%
AzureAD
-
80
%
ArgoCD, ArgoWorkfows
-
90
%
Bash
-
90
%
DevSecOps Trainer/Architect/Strategist
Timo Pagel has been in the IT industry for over twenty years. After a career as a system administrator and web developer, he advises customers as a DevSecOps consultant and trainer. His focus is on integrating security into the development lifecycle. For example with security test automation for software and infrastructure and assessment of complex applications in the cloud. In his spare time, he teaches "Web and Application Security" at various universities of applied sciences.
Certifications and Qualifications
Certified Cloud Security Professional
Master of Sciences with distinction
Volunteering
- Leader: OWASP DevSecOps Maturity Model - https://dsomm.owasp.org
- Leader: OWASP Security Pins - https://www2.owasp.org/www-project-security-pins/
- Leader: SDA SE ClusterImageScanner - https://github.com/SDA-SE/cluster-image-scanner
- Collaborator: OWASP Juice Shop - https://github.com/juice-shop/juice-shop
- Contributor: OWASP SAMM - https://owaspsamm.org/
- Contributor: OWASP DefectDojo - https://github.com/DefectDojo/django-DefectDojo
- Contributor and Sponsor: OWASP secureCodeBox - https://www.securecodebox.io/
- Member of the local OWASP Germany Board - https://owasp.org/www-chapter-germany/
Certified Ethical Hacker
EDUCATION AND EXPERIENCE
Experience
Lead Security Architect
SDA SE Open Industry Solutions ( Hamburg, Germany ) 2018 - Present
Development and maintenance of an application security program
- Regular threat modeling
- Security review of complex IT Systems like OAuth, multi factor authentication, webserver, OpenShift clusters and Java microservices
- Security training for developers and internal security experts
- Integration of security testes and development of the ClusterImageScanner
- Conception and implementation of continuous security tests in the build pipeline
- Maintaining good security culture
- Implementation of Zero-Trust Architecture
DevSecOps Consultant and Trainer
Signal Iduna ( Hamburg, Germany ) 2017 - Present
Integration of security into the software development lifecycle
- Development of concepts to integrate security into the development lifecycle
- Periodical assessment of the application security and adjustment of the application security program
- Conception and implementation of continuous security tests in the build pipeline
- Security training of developers internal security experts
Security Architect
NDA, Energy Economics ( Switzerland ) 2019 - Present
Security Training and Threat Modelings
- Integration of a lightweight application security program
- Identification of threats and implementation of countermeasures in multiple projects
- Web Application and Cloud Security Training
Conduction of Security Trainings
Various Organizations 2016 - Present
Delivering of security knowledge with topics like Container Security, Cloud Security, OWASP Top Ten, OWASP API Top Ten, Secure Coding, Open Policy Agent, Kubernetes Security
CTO
FHUNii Media UG & Co KG ( Kiel, Germany ) 2015 - 2018
Creation of a 360 Degrees Online Event Management Platform
- Java
- Container
- Build-Pipeline with Jenkins
- Vulnerability Management
Security Strategist
NDA ( Switzerland ) 2023 - Present
Development of an application security program based on OWASP DevSecOps Maturity Model
DevSecOps Engineer
NDA ( Kiel, Germany ) 2016 - 2018
Evaluation and implementation of DevOps strategies to enhance the security of webapplications
Work Student
Iteratec GmbH ( Hamburg, Germany ) 2014 - 2014
Evaluation and implementation of dynamic security tests (DAST) as a prototype for SecureCodeBox.io in Java
Web Developer (Freelance)
Lengalia ( Hamburg, Germany ) 2012 - 2013
Lead development and maintenance of a web vocabulary trainer in PHP and JavaScript
Web Developer (Work Student)
( Germany ) 2010 - 2014
Development in PHP, JavaScript and C++
- ennit interactive GmbH: Development of hotel booking systems in PHP
- QSC AG: Development of architecture metric dashboards in PHP
- P& M Agentur Software & Consulting GmbH: OT device software for trucks in C and JavaScript
System Administrator
Ennit AG (before TNG AG) ( Kiel, Germany ) 2009 - 2010- Administration of high availability server systems with Ubuntu
- Postfix, Postfix, KVM, XEN, bash, Apache2, DBMS, Jboss, PHP
Security Strategist
NDA, Insurance ( Switzerland ) 2023 - present
Implementation of an application security program based on OWASP DSOMM
- Development and implementation of an software security maturity model
- Development of a maturity model measurement strategy, see also https://github.com/devsecopsmaturitymodel/metricCA (external US website)
University Lecturer
2015 - Present
Development and conduction of lectures including conception of exams
- Application Security for Bachelor at University of Applied Sciences Kiel
- IT Infrastructure at Wirtschaftsakademie Schleswig-Holstein
- Application Security for Master at University of Applied Sciences Wedel
- Application Security for Master at University of Applied Sciences Luebeck
Education
Master of Sciences, Information Technology
University of Applied Sciences Kiel 2014 - 2016
Passed with Distinction with focus on IT security
Bachelor of Information Technology and Internet
University of Applied Sciences Kiel 2010 - 2014IT specialist(system integration)
TNG AG / IHK Kiel 2006 - 2009
Administration of high availability server systems with Ubuntu, Postfix, KVM, XEN, bash, Apache2, DBMS, Jboss