fixes

de/index.html

@@ -220,9 +220,7 @@ <h1>Publikationen</h1>
   <li><strong>Anonymous voting using distributed ledger-assisted secure multi-party computation</strong>, M. Schiedermeier, O. Hasan, T. Mayer, L. Brunie, H. Kosch. In: Applied Network Sciences Vol. 9, Springer Nature, 2024. <a href="https://link.springer.com/article/10.1007/s41109-024-00650-2?utm_source=rct_congratemailt&utm_medium=email&utm_campaign=oa_20240828&utm_content=10.1007%2Fs41109-024-00650-2">[link]</a></li>
 
 
-  <li><strong>A transparent referendum protocol with immutable proceedings and verifiable outcome for trustless networks</strong>, M. Schiedermeier, O. Hasan, T.R. Mayer, L.- Brunie, H. Kosch. In: Proceedings of the 8th International Conference on Complex Networks and Their Applications, Springer International Publishing, 2019, 647—658. <a href="https://link.springer.com/chapter/10.1007/978-3-030-36687-2_54">[link]</a><br>See also pre-publication at arXiv )open access): <a href="https://arxiv.org/abs/1909.06462">[arXiv:1909.06462]</a></li>
-
-  <li><strong>Deliverable D2.2: Incremental report on provenance, trust and reputation models – Technical Realization (network & storage layer)</strong>, T. R. Mayer. Project Report (WP1 Value Assessment), Project “Linked Data for Prescriptive Analytics: Application to Fraud Detection, Value Assessment” with Atos/Worldline industrial partner, Lyon, France, 03/2018 <i>(confidential, not publicly accessible)</i>.</li>
+  <li><strong>A transparent referendum protocol with immutable proceedings and verifiable outcome for trustless networks</strong>, M. Schiedermeier, O. Hasan, T.R. Mayer, L.- Brunie, H. Kosch. In: Proceedings of the 8th International Conference on Complex Networks and Their Applications, Springer International Publishing, 2019, 647—658. <a href="https://link.springer.com/chapter/10.1007/978-3-030-36687-2_54">[link]</a><br>See also pre-publication at arXiv (open access): <a href="https://arxiv.org/abs/1909.06462">[arXiv:1909.06462]</a></li>
 
   <li><strong>Deliverable D2.2: Incremental report on provenance, trust and reputation models – Technical Realization (network & storage layer)</strong>, T. R. Mayer. Project Report (WP1 Value Assessment), Project “Linked Data for Prescriptive Analytics: Application to Fraud Detection, Value Assessment” with Atos/Worldline industrial partner, Lyon, France, 03/2018 <i>(confidential, not publicly accessible)</i>.</li>
 

index.html

@@ -62,12 +62,12 @@ <h2 id="currently">Currently</h2>
 <p>I am currently working as a <strong>Senior IT Security Engineer at <a href="https://de.connectedcare.net">ConnectedCare GmbH</a></strong> (Berlin / Telgte, Germany, formerly Bewatec GmbH), where I significantly contribute to the IT security of the ConnectedCare platform and serve as the contact person for all topics related to IT security &amp; data protection.</p>
 <p>My activities address two important areas: <strong>a) technical security and b) regulatory activities</strong>. Both areas interact closely (e.g. fulfilling vulnerability management for the Cyber Resilience Act or risk management for NIS-2) and must always be planned together. They fundamentally include data protection topics as well as constant communication with various stakeholders (internal teams in technology / marketing / sales, management, data protection officers, legal counsel, supervisory authorities, etc.)</p>
 <h3 id="activities-technical-security">Activities: Technical Security</h3>
-<p>In the area of technical security, I am responsible for the design and implementation of measures to enhance the IT security of the ConnectedCare platform. This includes general roadmap planning, technology evaluations, as well as the execution of projects / measures and in-house software developments (Terraform, Python, GoLang). Examples of relevant activities are:</p>
+<p>In the area of technical security, I am responsible for the design and implementation of measures to enhance the IT security of the ConnectedCare platform. This includes general roadmap planning, technology evaluations, as well as the conduction of projects / measures and in-house software developments (Terraform, Python, GoLang). Examples of relevant activities are:</p>
 <ul>
 <li><em>Project AWS CloudSec Suite</em>: Development of Infrastructure as Code (Terraform, Python) for the configuration and deployment of AWS Cloud Security services (including intrusion detection, firewall, vulnerability scanner, notifications to Slack / Teams).</li>
 <li><em>Project Vulnerability Management</em>: Implementation of <a href="https://www.defectdojo.org">DefectDojo</a> as a central system for vulnerability management with graphs / metrics to visualize temporal trends. Self-developed scripts (Python as Terraform / AWS Lambda) realize data import (e.g. findings ofAWS SecurityHub, SonarCloud, GitHub) and “back-sync” (e.g. marking as &ldquo;false-positive&rdquo; in DefectDojo updates the vulnerability as “suppressed” in AWS).</li>
 <li><em>Project Supply Chain Security</em>: Implementation of <a href="https://dependencytrack.org">DependencyTrack</a> for tracking all used software libraries as a Software Bill of Materials (SBOM), including vulnerability scanning and DefectDojo integration.</li>
-<li>Planning and coordination of penetration tests, independent execution of simple penetration tests (“surface scans”).</li>
+<li>Planning and coordination of penetration tests, independent conduction of simple penetration tests (“surface scans”).</li>
 <li>Various individual measures, e.g.:
 <ul>
 <li>Web Application Firewall: a) <a href="https://modsecurity.org/">ModSecurity</a> with custom rules and <a href="https://owasp.org/www-project-modsecurity-core-rule-set/">OWASP CRS</a> on reverse proxy in Kubernetes pod and (as a successor) b) AWS WAFv2 with AWS managed <a href="https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-baseline.html">core rule set (CRS)</a>.</li>
@@ -81,21 +81,21 @@ <h3 id="activities-regulatory-aspects">Activities: Regulatory Aspects</h3>
 <ul>
 <li>Ensure compliance to EU and national regulations and directives such as NIS-2, Cyber Resilience Act (CRA) or GDPR by analyzing and implementing their requirements</li>
 <li>Accompanying introduction of ISO27001</li>
-<li>The above tasks comprise a wide set of organisational measures, example are the following:
+<li>The above tasks comprise a wide set of organisational measures, examples are the following:
 <ul>
-<li>Development of relevant policies, especially with a technical, e.g. incident management, risk management, secure development, access control, cryptographic algorithms and key lengths (according to BSI TR-02102).</li>
-<li>Conducting risk management with regular risk assessments and coordination with management</li>
+<li>Development of relevant policies, e.g. incident management, risk management, secure development, access control, cryptographic algorithms and key lengths (according to BSI TR-02102)</li>
+<li>Conducting risk management with regular risk assessments and coordination with the management</li>
 <li>Threat modeling (with IriusRisk and focus on STRIDE risk model)</li>
 <li>Various individual measures such as technical documentation, interaction with third parties (e.g. specific customer inquiries, specialized attorneys, supervisory authorities)</li>
 </ul>
 </li>
 </ul>
 <h2 id="before">Before</h2>
-<p>I was involved as <strong>IT Security Analyst at Verimi GmbH</strong> (digital identity and trust platform) in the areas of security, risk &amp; workflow analysis as well as technology &amp; architecture security (e.g. vulnerability scans, coordination of pentests). Before my position at Verimi GmbH I was, worked as researcher at the INSA de Lyon in applied research projects with international industrial partners. My work focused on research &amp; development activities (particularly the architectural design &amp; development of a distributed infrastructures, data traceability, security and reputation) as well as fostering relations with international IT partners.</p>
-<p>I was developing a blockchain based data processing platform for data traceability (particularly big data und machine learning models), data anonymization &amp; privacy-preserving analytics in a project with a big industrial partner. For the realization I used only modern &amp; free technologies, some of them are Java / Maven / Gitlab (+ CI) / Spring (Boot, Data etc.) / Apache Cassandra / Apache Kafka / Swagger REST) / Angular2 / TypeScript etc. The R&amp;D activity comprised the whole software development lifecycle starting from research, vision, specification, software development up to the deployment with modern technologies such as Docker / Kubernetes / AWS etc.</p>
+<p>I was involved as <strong>IT Security Analyst at Verimi GmbH</strong> (digital identity and trust platform) in the areas of security, risk &amp; workflow analysis as well as technology &amp; architecture security (e.g. vulnerability scans, coordination of pentests). Before my position at Verimi GmbH, I worked as researcher at the INSA de Lyon in applied research projects with international industrial partners. My work focused on research &amp; development activities (particularly the architectural design &amp; development of a distributed infrastructures, data traceability, security and reputation) as well as fostering relations with international IT partners.</p>
+<p>Previously, I was involved in an R&amp;D project with big industrial partners where I developed a blockchain system based on a fully new &ldquo;democratic consensus&rdquo; approach, where a set of trusted consortium nodes vote for block storage validity. The development was conducted in the context of  data traceability, data anonymization &amp; privacy-preserving analytics and for  the realization I only used modern &amp; free technologies, some of them are Java / Maven / Gitlab (+ CI) / Spring (Boot, Data etc.) / Apache Cassandra / Apache Kafka / Swagger REST) / Angular2 / TypeScript. The R&amp;D activity comprised the whole software development lifecycle starting from research, vision, specification and software development up to the deployment with modern technologies such as Docker / Kubernetes / AWS.</p>
 <h2 id="in-science">In Science</h2>
 <p>My research activities after the PhD combine efforts at WHO, applied research in industrial projects and EU projects.</p>
-<p>The last  research activity was conducted alongside my work and targeted on the creation of a secure digital voting system based on homomorphic encryption (which was published in Springer Nature in 2024). Previously, I was involved in an R&amp;D project where I developed a blockchain system based on a fully new &ldquo;democratic consensus&rdquo; approach, where a set of trusted consortium nodes vote for block storage validity.
+<p>The last  research activity was conducted alongside my work and targeted on the creation of a secure digital voting system based on homomorphic encryption (published in Springer Nature, 2024).
 At the WHO, I applied my experiences as IT specialist at the Dietary Exposure Assessment (DEX) group of the International Research Agency for Research on Cancer (IARC), Lyon, France, to design a new secure and privacy-preserving data analytics infrastructure for worldwide use.
 Right after the PhD, I was implied in several European projects (e.g. Nathcare, Sphera) as postdoctoral researcher at the INSA de Lyon where I assessed hospital information systems in the alpine space in Europe.</p>
 <p>The <a href="https://opus4.kobv.de/opus4-uni-passau/frontdoor/index/index/docId/197">PhD thesis</a> was conducted in a bi-national supervision (cotutelle de thèse) at the University of Passau (Prof. Kosch) and INSA de Lyon (Prof. Brunie) within the MDPS doctoral college, which evolved to the <em>International Research and Innovation Center in Intelligent Digital Systems</em> (<a href="http://irixys.uni-passau.de">IRIXYS</a>). During the PhD, I adopted a game theoretic approach to communication systems in order to ensure a secure collaborative operation of complex distributed system. In more detail it enables the analysis of the strategic choices of rational selfish individuals. During the PhD in the French-German doctoral college I got the wonderful possibility to combine my scientific curiosity and interest in other cultures and languages.</p>
@@ -139,10 +139,10 @@ <h3 id="professional-experience">Professional Experience</h3>
 Security &amp; risk analyses, product security improvements (including vulnerability scanner, pentests coordination),
 security-relevant certifications &amp; audits (e.g. eIDAS substantial part 2/3), raising awareness for IT security safety.</li>
 <li><strong>2018 &ndash; 2019: Head of IT Architecture</strong> <a href="https://www.verimi.de">Verimi GmbH</a>, Berlin, Germany<br>
-Estabilishing a tech-team, insourcing of dev &amp; ops activities, IT / cloud architecture decisions, security &amp; risk analyses.</li>
+Establishing a tech-team, insourcing of dev &amp; ops activities, IT / cloud architecture decisions, security &amp; risk analyses.</li>
 <li><strong>2016 &ndash; 2018: Software architect &amp; engineer (R&amp;D, &ldquo;Blockchain&rdquo; specialization)</strong> <a href="https://www.insa-lyon.fr/en/laboratoires/liris">LIRIS Lab, INSA de Lyon</a>, France<br>
 R&amp;D project(s) to develop a blockchain based platform for data traceability (of particularly big data and machine learning models)</li>
-<li><strong>2014 &ndash; 2015: Digital infrastructure coordinator, post-doc</strong> <a href="https://www.iarc.who.int">International Agency for Research on Cancer (IARC / WHO)</a>], Lyon, France<br>
+<li><strong>2014 &ndash; 2015: Digital infrastructure coordinator, post-doc</strong> <a href="https://www.iarc.who.int">International Agency for Research on Cancer (IARC / WHO)</a>, Lyon, France<br>
 Assessment &amp; coordination of the IT infrastructure at the DEX group</li>
 <li><strong>2013 &ndash; 2014: European project coordinator, post-doc</strong> <a href="https://www.insa-lyon.fr/en/laboratoires/liris">LIRIS Lab, INSA de Lyon</a>, Lyon, France<br>
 Management of INSA activities within European research projects</li>
@@ -219,9 +219,7 @@ <h1>Publications</h1>
   <li><strong>Anonymous voting using distributed ledger-assisted secure multi-party computation</strong>, M. Schiedermeier, O. Hasan, T. Mayer, L. Brunie, H. Kosch. In: Applied Network Sciences Vol. 9, Springer Nature, 2024. <a href="https://link.springer.com/article/10.1007/s41109-024-00650-2?utm_source=rct_congratemailt&utm_medium=email&utm_campaign=oa_20240828&utm_content=10.1007%2Fs41109-024-00650-2">[link]</a></li>
 
 
-  <li><strong>A transparent referendum protocol with immutable proceedings and verifiable outcome for trustless networks</strong>, M. Schiedermeier, O. Hasan, T.R. Mayer, L.- Brunie, H. Kosch. In: Proceedings of the 8th International Conference on Complex Networks and Their Applications, Springer International Publishing, 2019, 647—658. <a href="https://link.springer.com/chapter/10.1007/978-3-030-36687-2_54">[link]</a><br>See also pre-publication at arXiv )open access): <a href="https://arxiv.org/abs/1909.06462">[arXiv:1909.06462]</a></li>
-
-  <li><strong>Deliverable D2.2: Incremental report on provenance, trust and reputation models – Technical Realization (network & storage layer)</strong>, T. R. Mayer. Project Report (WP1 Value Assessment), Project “Linked Data for Prescriptive Analytics: Application to Fraud Detection, Value Assessment” with Atos/Worldline industrial partner, Lyon, France, 03/2018 <i>(confidential, not publicly accessible)</i>.</li>
+  <li><strong>A transparent referendum protocol with immutable proceedings and verifiable outcome for trustless networks</strong>, M. Schiedermeier, O. Hasan, T.R. Mayer, L.- Brunie, H. Kosch. In: Proceedings of the 8th International Conference on Complex Networks and Their Applications, Springer International Publishing, 2019, 647—658. <a href="https://link.springer.com/chapter/10.1007/978-3-030-36687-2_54">[link]</a><br>See also pre-publication at arXiv (open access): <a href="https://arxiv.org/abs/1909.06462">[arXiv:1909.06462]</a></li>
 
   <li><strong>Deliverable D2.2: Incremental report on provenance, trust and reputation models – Technical Realization (network & storage layer)</strong>, T. R. Mayer. Project Report (WP1 Value Assessment), Project “Linked Data for Prescriptive Analytics: Application to Fraud Detection, Value Assessment” with Atos/Worldline industrial partner, Lyon, France, 03/2018 <i>(confidential, not publicly accessible)</i>.</li>