Tom Vogt's Curriculum vitae

Personal Details

Born in Hamburg in 1973, I was raised and went to school in my home city. After my course of studies in Wedel, returned to Hamburg in early 2000.

In addition to the computer-based hobbies listed below, I am practicing martial arts and have a good educational background including diverse topics such as linguistics, quantum mechanics, politics and psychology.

I am currently the CEO of Calitarus GmbH.

Professional Experience

August 1993 - September 1999

Study of Wirtschaftsinformatik (computer science and business economics) at the FH Wedel, University of Applied Sciences.

April 1998 - November 1999

Initially part-time (student) work, after August 1999 full-time work at WLW, a german B2B service provider. My work there was system administration of Solaris servers including Apache webserver, Oracle database servers and others, but I was also responsible for network issues including the design of a redundant (multi-homed) Internet connectivity.
WLW offered me a full-time job while I was still at the FH Wedel, an offer that I accepted, concluding my study time without a diploma. My responsibilities remained largely unchanged except for additional 24h on-call duty (shared with the second system administrator).

December 1999 - April 2001

System administrator for ricardo.de, Germanys major competitor to ebay. My duties included various Linux systems, including Apache webservers, Adabas database servers and Linux ipchains firewalls, as well as a number of support systems. Again, I was on 24h on-call duty together with two other system administrators.
In Q4 2000, ricardo.de was acquired by competitor QXL, a London-based online auction company. I was offered a new position with the London headquarters, which I declined after due consideration, and in favour of concentrating stronger on computer security work.

June 2001 - March 2011

I worked my way up in HanseNet GmbH, a telecommunications company and ISP. My responsibility was originally as the security specialist of the hosting department, including internal consulting work, project management and occasional pre-sales support. Among my work at HanseNet was the design of a managed firewall system based on OpenBSD and research work on a SELinux-based "secure hosting" server system.
Starting January 1st 2009, I was promoted to Senior Manager IT Compliance where I was responsible for the IT part of SOX as well as general security controls. I reported directly to the CFO.

September 2011 - today

After a few months of preparatory work, I founded Calitarus GmbH and have been its CEO since then.

Other Relevant Experiences

I have been using computers for about 30 years, starting with a C64 and moving to the PC platform during my final school years. My interest in computer security started very early and has since branched out into the areas of compliance, information security management and risk management.

Aside from my native german, I have a solid command of the english language, and have held presentations in it. I have also taught english for beginners.
In summer of 2002, I learned basics in french during a two week "crash" language course in preparations of a holiday in France.

In early 1999, I was involved in the High-Availability Linux Project, which aims to bring HA capabilities to Linux systems. I wrote a proof-of-concept code named Heart which provided the initial ethernet heartbeat code for the project (which is still in use today, though in an updated form).

During later years, I have become more and more active in the security community, including a strong interest in Security Enhanced Linux, where I have contributed several policies, as well as making many proposals which have been accepted into the upstream code. I have also written patches for third party programs such as wdm and worked with the developers to have them integrated.

As a result of my security research, I have published several papers and articles⁽¹⁾ and have given numerous speeches at conferences and trade fairs⁽²⁾, both in german and english. Some of my work has even been translated to japanese and published in Japan. I have also been an expert reviewer for scientific articles, on invitation of the respective magazine editors.

I have given courses in Linux basics and advanced courses in NSAs Security Enhanced Linux. Former employers have remarked on my skill of presenting complicated issues in a readily digestible form and teaching them to others.

I have been active with the cypherpunks and in cryptography as well and spent time working on the creation of a european civil liberties organisation. I've worked with John Gilmore of EFF and Andy Mueller-Maguhn, european ICANN representative during those times, though I am not involved in the organisation finally created, EDRI.

Away from work, I have an active interest in computer game development and have created several successful online games. I also participated as beta-tester in the development of numerous commercial games, including AAA titles.

Since 2003, I have continously improved my communications and negotiations skills, inluding rhetorics, leadership training as well as NLP and even (therapeutical) hypnosis.
As chairman of the Works Council, I have also gathered experience in team leadership and organisation.

Work Philosophy and Expectations

In my work I differentiate clearly between hacks or temporary solutions and professional results. I am a master of hacks, widely admired for my ability to find a workable solution to virtually any problem. On the other hand, I have very high quality standards for any work intended to be part of a professional solution. I believe in repeatability, maturity and robustness, and continuously aim for these. I am also a strong proponent of evidence-based approaches and pragmatic solutions.
To satisfy my curiosity, I also find myself more interested in problem-solving than in routine maintainance, and any necessary routine jobs quickly find themselves automated.

Contact

You can reach me at my private e-mail address tom@lemuria.org, or my business address vogt@calitarus.de, both of which I usually check several times a day.

I am available for speeches and lectures if given enough time to prepare and plan the event into my schedule.

• Application-Level DRDOS Attacks (2002)
• Simulating and optimising worm propagation algorithms (2003/2004)
• Security Enhanced Linux (in DFN-CERT Workshopband, ISBN 3-00-012959-6)
• The Soft Underbelly (2004)
• Practical Security Assessment (2004, japanese translation from english)
• Security and Usability (in DFN-CERT Workshopband, ISBN 9-783844-806885 as well as in DFN Mitteilungen #82, ISSN 0177-6894)

Speeches

• HAL2001 on DeCSS and politics (english)
• Hamburger Computertage on general security (german)
• CCC 2003 on SELinux (english)
• Pacific Security Japan on SELinux (english, with japanese simultaneous translation)
• 11. DFN-CERT Workshop on SELinux (german)
• Cebit 2004 on SELinux (german)
• 19. DFN-CERT Workshop, keynote on security & usability (german)
• 22. DFN-CERT Workshop, Penetration Testing (german)
• DFN Betriebstagung, Kennwortsicherheit (german)
• Plus various speeches at non-public events

Certifications