Portfolio

---

Freelancer (22 - Present)

• Facilitated and embedded threat modeling in SDLCs for greenfield and legacy systems, using tools like OWASP Threat Dragon or threat-composer.
• Delivered hands-on threat modeling trainings, enabling cross-functional teams to apply C4-Modeling, STRIDE and Credible Attack Vectors effectively.
• Built and supported Security Champion programs to promote scalable, decentralized security knowledge within development teams.

Industry domains: Automotive (Car OEMs), Finance (e.g. trading systems), Retail (e.g. enterprise resource planning).

---

Car OEM (18-22)

• Created 5+ threat models per year as Information Security Architect (ISA)
• Trained 200+ new ISAs
• Established the most active Threat Modeling community (internal and external) in the OEM field
• Implemented group-wide AppSec verification standards
• Design and initialize a global DevSecOps Organisation (Tools & Community)
• Improve service visibility via KPI- and Risk Management integration

---

Business Consultancy (15-18)

• Designed and performed Awareness Campaigns
• Threat Modeling support (Connected Car, Banking)
• Prepare Information Security Risk Management Audit
• Prepare Data Protection Audit

---

Education (11-16)

• Security & Safety Engineering (M.Sc.) at HFU
• Main focus on information security, awareness & training
• Thesis about Open Educational Resources (OER) in Information Security (Link)

---

Certifications

• CISSP (20 - present)
• Various Cloud Certificates (AWS Solutions Architect, Azure Fundamentals, etc.)

---

Page template forked from evanca