Projectmanagment
from agile to traditional
Processes
modeling and efficient management
IT Security
Implementing and sustainably managing IT security standards
Interim
Sensible use of temporary support
PAM
Controlling authorizations with Privileged Access Management
Cloud
Integrating Microsoft M365 into hybrid architectures
IAM
Introducing and expanding Identity & Access Management
SOC / SIEM
Introducing SOC / SIEM infrastructures
Management
Projects
Processes
Efficiently manage and model processes.
IT Security
Implement and live security standards.
Interim
Provide temporary support and coaching.
Projects
Based on our many years of experience in project management,we guide projects of all sizes not only in the agile world, but also in traditional or hybrid environments. We consider ourselves mediators between professionalism and implementation and therefore aim to gain an understanding of the project content to such an extent that the project can be managed professionally. Depending on the client's requirements, we follow with PM standards such as IPMA, PRINCE2, Scrum and SAFe.
We also provide consulting services on the introduction of these standards, for example as part of the introduction of PM manuals or higher-level standards such as CMMi.
Processes
IT Security
Our experience regarding IT security reaches from the implementation of security standards such as the BSI basic protection compendium, ISO27000 or BAIT to the implementation of IAM / PAM systems (OneIdentity, Forgerock, Tenfold) and setting up SOC / SIEM. We are also experienced in optimizing security by introducing IT policies, defining naming conventions, introducing automated processes in user and rights management or setting up jump servers, transfer platforms or introducing zero trust frameworks.
Interim
As interim managers, we assume responsibility for the management of departments or teams, with particular focus on IT and product development departments. Our experienced employees guarantee a swift familiarization with your topics, taking in account the existing corporate culture and, in close coordination with our clients, the focus and implementation of the defined goals. Moreover, we can actively support change management for required reorganizations.
Technologies
PAM
Securing administrative access to the IT infrastructure.
Cloud
Introducing and securing Microsoft M365 in a controlled manner.
IAM
Automating user and rights management.
SOC / SIEM
Detecting and defending cyber-attacks.
PAM
In Privileged Access Management, we take care of authorization management on the administrative side of the IT infrastructure, especially in critical infrastructure companies. PAM accounts are classified and, depending on the given requirements, embedded in user and rights management processes, which are implemented in an automated manner wherever possible. Management systems such as Forgerock, OneIdentity or Tenfold are used in combination with orchestration systems such as Camunda. Furthermore, target architectures such as Zero Trust Framework are implemented in order to achieve the highest possible security standard. Generally, regulatory requirements such as ISO27000, BSI basic protection or BAIT are also taken into account here.
Cloud
We provide support with the implementation of Microsoft M365, especially in the administrative setup for hybrid architectures, including the integration between Azure AD and onprem AD, which requires a concept for synchronization between the two directories. Additionally, an IT security concept must be created that secures the endpoints in use, e.g. with MFA and integrated hardware and software supply processes.
IAM
The introduction and expansion of products such as Quest OneIdentity, Forgerock Identity Platform or Tenfold are the key focus of our consulting services. This involves supporting the design of processes related to the user lifecycle, the definition of account types, AD structures or naming conventions. In this regard, we also provide advice on file server hardening, e.g. against ransomware attacks, in defining file server permissions and structures, and accompany necessary document classification and file server migrations. In order to achieve the highest possible degree of automation in the ULC process, we support the integration of HR systems, AD/AAD, KISS, SAP, as well as systems for managing software authorizations and distribution.
SOC / SIEM
As part of the new requirements of the IT Security Act 2.0, the introduction of SOC / SIEM infrastructures is particularly necessary for critical infrastructure companies. We organize the implementation of the technology for you, including architecture of transfer networks, network, system and application monitoring, firewall activations, setup and connection of sensors, the necessary measures to reduce potential weaknesses and the ramp-up process for interpreting sensor results, as well as the definition and introduction of rule and emergency processes.
Sectors
Telecommunications
- Program management for IPTV (service delivery, sales)
- IPTV risk management
- Architecture management for wholesale customers
- Introduction of risk management, process analysis and documentation (BPMN, Camunda)
- Integration, release management processes, product rollout & deployment management
- Introduction of a product development process based on CMMi with BPMN (Camunda)
- Process analysis, process development, process quality, management of the process team
- Identity management for end customers in mobile/fixed network
- Adaptation of business processes (BPMN, ARIS), integration of data warehouse (DWH)
- Provisioning management in the area of AAA domains
- Introduction of OpenID/OAuth2 infrastructure
- Organization and implementation of an international software rollout in seven countries
Energy
- E2E processes campaign management / customer / consent data.
- Adaptation of E2E processes for DSGVO Consent Management
- Assessment of DSGVO conformity, proposal of measures
- Technical concept creation, epics and user stories as product owner
- Technical analyses and reports from the data warehouse (DWH)
- Analysis AD / AAD / conception file server authorization structure
- Concept creation for IAM automation
- Ensuring compliance regarding ISO2700, Kritis, DSGVO
- Compliance with BSI requirements regarding SOC / SIEM for KRITIS
- Definition of network topology of SOC connection for OT and IT Prioritization of the assets to be connected
- Definition of operational processes between end customer, provider, SOC
- Control of the "false positive" phase
- Implementation of a jump server and file transfer platform solution
- Classification of login procedures for all customer applications
Finance
Experience in the area of finance:
Derivation of measures from PAM audit findings according to §30 and §44 of the German Banking Act (KWG)
Analysis of actual and conception of target use cases for PAM accesses
- Creation of a PAM concept for a banking group
- Identification of all PAM assets and definition of an asset handling process
- Creation of an access concept for PAM for the technologies used
- Definition of PAM account types
- Definition of approval processes for assets and their authorizations
- Integration of the systems required for PAM access management such as Quest OneIdentity, Ivanti HEAT / CMDB, Wallix Bastion, Cisco ISE, Tufin and Active Directory
- Design of a technical access process for PAM access based on the Zero Trust Model and the jump server solution Wallix Bastion
- Ensuring conformity with BAIT, ISO2700, DSGVO, NIST
Mechanical Engineering
- Management consulting for a post-merger transformation.
- Transformation of the machine level for IoT and digitalization
- Introduction of standards / norms (e.g. ISA88 / ISA95)
- Process analyses and adaptations, value chain analyses, BPMN
- Conversion of organizational structure: special to standard machine building
- portfolio management
- Interim management R&D
- Introduction of Scrum and Requirement Management
- Quality management engineering process (hardware / software)
- Introduction of monitoring and CIP tools for management