Personal Details

Born in Hamburg on July 2nd 1973, I was raised and went to school in my home city. After my course of studies in Wedel, I married in 1999 and returned to Hamburg in early 2000.
In addition to the computer-based hobbies listed below, I am practicing martial arts and have a good educational background ranging from linguistics to quantum mechanics.
I am currently employed as Senior Manager IT Compliance with HanseNet Telekommunikation GmbH in Hamburg, Germany.

Work Experience

(not including various student jobs)

August 1st 1993 - September 30th 1999

Study of business informatics (computer science and business economics) at the FH Wedel, University of Applied Sciences.

April 1st 1998 - July 31st 1999

August 1st 1999 - November 30th 1999

Initially part-time (student) work, after august 1999 full-time work at WLW, a german B2B service provider. My work there was system administration of Solaris servers including Apache webserver, Oracle database servers and others, but I was also responsible for network issues including the design of a redundant (multi-homed) Internet connectivity.
WLW offered me a full-time job while I was still at the FH Wedel, an offer that I accepted, concluding my study time without a diploma. My responsibilities remained largely unchanged except for additional 24h on-call duty (shared with the second system administrator).

December 1st 1999 - April 30th 2001

System administrator for ricardo.de, Germanys major competitor to ebay. My duties included various Linux systems, including Apache webservers, Adabas database servers and Linux ipchains firewalls, as well as a number of support systems. Again, I was on 24h on-call duty together with two other system administrators.
In Q4 2000, ricardo.de was acquired by competitor QXL, a London-based online auction company. I was offered a new position with the London headquarters, which I declined after due consideration, and in favour of concentrating stronger on computer security work.

June 15th, 2001 - today

Systems analyst with HanseNet GmbH, telecommunications company and ISP. My responsibility was originally as the security person of the hosting department, but has grown to include internal consulting work, project management and occasional pre-sales support when customers have a special interest in security.
Among my work at HanseNet was the design of a managed firewall system based on OpenBSD and research work on a SELinux-based "secure hosting" server system.

Starting January 1st 2009, I was promoted to Senior Manager IT Compliance and am currently responsible for the IT part of SOX as well as general security controls. I report directly to the CFO.

Other Relevant Experiences

I have been using computers for about 30 years, starting with a C64 and moving to the PC platform during my final school years. My interest in computer security started very early and has since branched out into the areas of compliance and information security management.

Aside from my native german, I have a solid command of the english language, and have held presentations in it. I have also taught english for beginners.
In summer of 2002, I learned basics in french during a two week "crash" language course in preparations of a holiday in France.

In early 1999, I was involved in the High-Availability Linux Project, which aims to bring HA capabilities to Linux systems. I wrote a proof-of-concept code named Heart which provided the initial ethernet heartbeat code for the project (which is still in use today, though in an updated form).

During later years, I have become more and more active in the security community, including a strong interest in Security Enhanced Linux, where I have contributed several policies, as well as making many proposals which have been accepted into the upstream code. I have also written patches for third party programs such as wdm and worked with the developers to have them integrated.

As a result of my security research, I have published several papers and articles⁽¹⁾ and have given numerous speeches at conferences and trade fairs⁽²⁾, both in german and english. Some of my work has even been translated to japanese and published in Japan. I have also been an expert reviewer for scientific articles, on invitation of the respective magazine editors.

I have given courses in Linux basics and advanced courses in NSAs Security Enhanced Linux. Former employers have remarked on my skill of presenting complicated issues in a readily digestible form and teaching them to others.

I have been active with the cypherpunks and in cryptography as well and spent time working on the creation of a european civil liberties organisation. I've worked with John Gilmore of EFF and Andy Mueller-Maguhn, european ICANN representative during those times, though I am not involved in the organisation finally created, EDRI.

Away from work, I have an active interest in computer game development and have created several successful online games. I also participated as beta-tester in the development of numerous commercial games, including AAA titles.

Since 2003, I have continously improved my communications and negotiations skills, inluding rhetorics, leadership training as well as NLP and even (therapeutical) hypnosis.

Work Philosophy and Expectations

In my work I differentiate clearly between hacks or temporary solutions and professional results. I am a master of hacks, widely admired for my ability to find a workable solution to virtually any problem. On the other hand, I have very high quality standards for any work intended to be part of a professional solution. I believe in repeatability and maturity, and continuously aim for both. I also believe that quality and security do not require libraries of standards, and prefer pragmatic approaches.
To satisfy my curiosity, I also find myself more interested in problem-solving than in routine maintainance, and any necessary routine jobs quickly find themselves automated.

Contact

You can reach me at my private e-mail address tom@lemuria.org, which I usually check several times a day.

I am available for speeches and lectures if given enough time to prepare and take days off at work.