Wilhelmshoeher Straße 74
60389 Frankfurt am Main
Germany
Tel.: +49-(0)170/57 29 31 0
thomas@hetschold.de
- Automotive – 2,5 years
Design of an IT security policy for the automotive field (BMW)
Definition, implementation and operation of the Center of Competence Automotive Security (BMW)
Creation of a threat- and risk-analysis for the vehicle security architecture (BMW)
Implementation of a secure SAP R/3 infrastructure (Volkswagen)
- Aviation - 4 years
Gap-analysis and implementation of Payment Card Industry Data Security Standards (Lufthansa)
Supporting the implementation of IT-security processes (Lufthansa)
- Banking – 3 years
Development of security protocols for electronic business processes (Deutsche Bank, Dresdner Bank, Bank of America, ABN Amro)
Development of a security online banking protocol (Dresdner Bank)
- Public admininstration – 2,5 years
Design of IT security concepts for the deployment of the German electronic health card (several health insurance companies)
Development of a purchase system according to German signature law (Federal State of Lower Saxony)
Development of security protocols for the deployment of the German Health Pro-fessional Card (ABDA)
- Power – 1 year
Development of a system for the secure operation control in a nuclear power plant (RWE)
Implementation of a secure SAP R/3 infrastructure (RWE)
- IT and Telekommunication – 8 years
Development of a product to secure SAP R/3 systems (SAP)
Development of security products (Secude, Fillmore Labs)
Development of access control in an OSI management platform according to X.741 (Deutsche Telekom)
- Media – 1,5 years
Development of a digital rights management system for a peer to peer file shar-ing service (DWS/Bertelsmann)
- Automotive processes
E/E development processes
Production processes
Service processes
Logistics processes
- Aviation processes
- Processes of financial services
Money transfer
- Quality management in the pharmaceutical industry
- IT processes
PCI DSS
ISO 2700x
Documentation according to Common Criteria
Development processes according to ISO-9000
Quality management
Documentation according to ITSec
- IT security processes
- IT risk management
- Software development
- Integration of security functionality in existing applications
- Design of e-commerce and e-business protocols
- Design of security policies
- Security protocols (SSL/TLS, GSS)
- Smartcards (PKCS#11, PC/SC, ISO 7816)
- SAP R/3 security (SNC, SSF)
- Cryptographic standards and algorithms (PKCS, PKIX)
- Data protection
- Digital rights management
- Process analysis and -modelling
- Applications:
MS Office, MS Project, Doors
- Programming languages:
C++, C, Java, HTML, XML, SOAP, SQL, Pascal, Modula, PLI, Lisp, Prolog
- System software:
Subversion, CVS, Quality Center, Gauss VIP, SAP Basis
- Devlopment environments:
Visual Studio, Eclipse
- Databases:
MySQL, DBase III, DBase IV, Microsoft Access, Paradox
- Operating systems:
AIX, FreeBSD, HP UX, Linux, Mac OS, Microsoft Windows, Solaris
- German
- English (Certificate in Advanced English)
- Diploma in Computer Science, J. W. Goethe-University, Frankfurt, Germany
- Certified Information Systems Security Professional
- PCI SSC Standards Training
- Project management of IT projects (CSC Ploenzke)
- Since 2004 freelancer (senior security consultant, process design)
- 2003 – 2004 Secude GmbH (CTO)
- 2001 – 2003 Fillmore Labs GmbH (CEO)
- 1996 – 2001 Secude GmbH (CTO)
- 1993 – 1997 GMD – German national research center for information technology GmbH (scientific employee, project manager)
- 1990 – 1993 self-employed (IT consultant, software developer)
- CTO Secude GmbH, Management of Development and Consulting with 30 employees, 7 years
- CEO Fillmore Labs GmbH, 7 employees, 2 years
- Secude GmbH, program management, 7 years
- Fillmore Labs GmbH, project management, 2 years
- GMD (Fraunhofer Gesellschaft), 2 years
- Development of a private internet website with more than 1000 participants
- Member of Mensa e.V.
)
- Project support and sub-project manager within the PCI DSS project of German Lufthansa Airlines
(Payment Card Industry Data Security Standard). Design and Implementation of PCI DSS requirements. Budget planning
Development of protection requirement profiles and risk analyses
Consulting service with regard to processes for the development of protection requirement profiles, risk analyses,
and the implementation of identity management according to ISO 2700x
- Development of security concepts for the deployment of the German elektronic health card
Development of security concepts according to ISO 2700x
Evaluation of several hardware security modules
- Operation of the Center of Competence Automotive Security
Development of an IT security policy for the automotive field
Monthly organization of the steering committee CoC Automotive Security
Preparation of decision memos for the board of heads of departments according to the guidelines of the client
Communication of the know-how of automotive security to all involved depart-ments
Amendment of the BMW threat catalogue in collaboration with the administrative department for information protection
Definition of the base protection profile for automotive security in collaboration with the administrative department for information security according to ISO 2700x
Review of existing security measures of the responsibles for electronic control units
Requirements management for security measures of automotive security
- Definition and implemenation of the Center of Competence Automotive Security
Identification and analysis of requirements of a CoC Automotive Security
Definition of the tasks and description of roles and processes of the CoC Auto-motive Security
Coordination with all relevant contact persons of the involved departments
Preparation of an action plan to implement the CoC Automotive Security
Enforcement of the action plan and integration of the CoC Automotive Security in the process landscape of the client
Support of the project management to implement the CoC Automotive Security and coordination of all involved departments
- Threat and risk analysis of vehicle security
Design and development of a threat- and risk analysis based on CIA criteria (confidentiality, integrity, availability) for the security architecture of the newest vehicle model as well for the vehicle side as for the infrastructure side
Discussion and priorization of the risk profile with the relevant contact persons of the respective consumer and system functions (security requirements analysis)
Derive the overall risk for the vehicle from the single risks of the consumer and system functions
Derive the overall risk for the infrastructure from the single risks of the respective consumer functions
Definition of security components appropriate to secure the bordnet architecture
Determination of the remaining risk according to the specifications of BMW
- Digital Rights Management for Napster
Design and development of a high performant PKI system for 50 millions of users for Napster
Design and integration of brand-new obfuscation techniques into the Napster software to enforce digital rights management
- Identrus
Identrus was an initiative of international major banks to establish a public key in-frastructure for business-to-business to suport e-commerce
New security protocols for electonic business processes were designed together with Identrus
The software developed was being used as reference to test third party software for compliance to the protocols
Patent submissions:
20020165827: System and method for facilitating signing by buyers in electronic commerce
20020112156: System and method for secure smartcard issuance
- BaanERP Security
Design and development of a client/server system that uses signature law com-pliant hardware components for the secure login to a Baan ERP system for the Federal State of Lower Saxony
It was not possible to integrate the security functionality directly into the Baan ERP system
Realization was accomplished as middleware as well on the client side as on the server side
On the client side the Microsoft protocol stack was extended and on the server side the middleware acts as a proxy which allows the connection to the Baan-ERP server only after a successful user authentication
As hardware components signature law comliante smartcards of Deutsche Tele-kom were used
- Security for SAP R/3
Design and development of a product to secure the client/server communication of SAP R/3
Because of export restrictions it was necessary for SAP, to integrate an interface into the R/3 system in a way, that third party products could realize the encryp-tion of the communication channel without the need for SAP to implement the security functionality by themselves
The protocol had to ensure strong authentication of the users and the encryption of the communication channel
The use of hardware to enhance security should be possible
- Secure Online Banking
Design and development of a secure online banking protocol for Dresdner Bank
At the time of the project common online banking implementations used only PIN/TAN techniques for authentication and transaction security
Digital signatures are still not very common in this area but they are ideally suited to provide this functionality
In co-operation with several companies an online banking protocol was designed based on digital signatures. This protocol models the entire process from certifi-cate issuing to online transactions
- Security in OSI-Management
Design of specifications to integrate access control into an existing X.700 OSI management platform
Implementation of access control for OSI Management (X.741)
Development of scientific publication about security policies and their representation
Design of specifications to integrate security policies into an existing OSI man-agement platform
Implementation of security policies into an existing OSI management platform
