New Zealand: Freelancer profile Thomas Pötter from Rastatt, Software Architect, IT Security Expert, Corporate IT | Profiles from freelancers and companies

Register now | Login

You are here: Freelancers » Thomas Pötter

Thomas Pötter, Software Architect, IT Security Expert, Corporate IT from Rastatt

Thomas Pötter

Dipl.-Informatiker

Software Architect, IT Security Expert, Corporate IT

76437 Rastatt

Show map

available

Hourly-/Daily rates: k.A.

Other:

Last update: 01.03.2012 13:07

Database development Other

Attachments

- none -

Language skills

german (first language)english (business fluent)french (business fluent)

Abilities, knowledge, experiences:
Key facts
Success oriented: Lead each professionally financed project efficiently to success within 10 years of professional experience and ca. 20 years of IT experience.

Proven ability to create and patent unique product advantages and unique selling propositions (USPs).

Ability to work autonomously/independently, entrepreneurial thinking, little vocational adjustment required / quickly productive in new topics, factual/fair in social/personal contacts, soft skills.

Software Engineering (mainly software architecture, project management, and process engineering), business processes, certification, quality standards, MDA/UML, Code generation with UML tools and template engine, OOA/OOD, requirements engineering but also programming and hardware level engineering.

IT-Security (information security, smart cards/chips, VPN, fire walls, cryptography, watermarking, Common Criteria / System Vulnerability Analysis, penetration tests).
Focus on Java and C++/C# - classical and .NET/CLI, eCommerce / (J2EE: BEA ALSB/WebLogic, WebSphere, Tomcat, JBoss, JMS, AXIS, Struts, Spring, XML/XSD, SOAP, UDDI, WSDL, JSP), .NET (Visual Studio 2005/2008, LINQ, WPF, XAML, Windows Forms), Groovy , Scala, ScalaCheck, PHP, Perl, Python, Shell (Unix (tcsh, ksh, bash)/Windows/MacOS. All common database management systems.
Knowledge management, document technologies (CMS, DMS, PDM), computational linguistics, text mining, competitive intelligence using the technologies XML/XSLT (Xerces, Xalan, saxon), DOM/SAX, HTML/CSS, DITA, DocBook, JSP, data bases, data mining, text mining, etc.

Electronics: Diverse network and data protocols and control systems: TCP/IP, Firewire, USB, Bluetooth, ARINC protocols, MIL protocols, serial/parallel protocols

Successful leadership experience: E.g. ca. 40 guided employees at BMW/ Softlab; Up to a dozen guided employees in the own technology enterprise.
Continuously booked in customer projects, 10 year long track record without gaps..

Industry sectors
Banks, health care, electronics/technology, hosting/configuration/rollout, aviation/transport/automotive, electric utilities, publishers, hosting/ configuration/rollout and IT in general

Successes
8 granted software patents in the field of IT security / text technologies; numerous awards for business ideas and innovations.
References: German government, 9 DAX30 corporations (Dt. Bank, Commerzbank, Allianz/Dresdner Bank, Daimler, BMW, VW, German Telecom, TUI/Hapag-Lloyd, ThyssenKrupp), 5 international corporations (Vattenfall, Thales, Airbus, stryker, B. Braun, Generali, Sal. Oppenheim, Sparda Bank, Noris Bank, Citibank).
Two CeBIT fair highlights: 1998: Secret writing for the digital age (hiding of data in text as well as text watermarking for copyright protection); 2007: Software for a new way of accessing cash cards (Geldkarte/SECCOS) for Commerzbank so that they exhibit functions of a HBCI card (encryption, verification, signature, etc.) as well as the distributed clearance of purchases and money transfers.
International popular and academic publications in any form, big PR- and media successes in communicating innovations (numerous TV reports, radio reports, articles in academic/commercial press and newspapers).

Specific IT knowledge
Software-Tools Microsoft Visual Studio: C++ / Visual Basic / .NET Enterprise Architect / goMONO
GNU gcc / g++, eclipse, kdevelop (Unix/Linux)
Java / J2EE (JBoss, WebSphere, Tomcat), JSP, JavaScript
Borland C++ Builder, JBuilder, Delphi
MS-Project, build server like Luntbuild
SPSS, Data Mining Techniques & Tools
UML, Borland Together, RUP, IBM / Rational Solution Architect / Rational Rose, ClearCase, Visio, requirements engineering, OOA, OOD, CVS, Subversion, quality assurance (QA) also according to DO-178B, CATIA/CAA
Configuration and version management: CVS, Subversion, Sniff+, PC-Anywhere
Security: SSH, Utimaco, NCP VPN, L2TP, PPTP
Data bases Oracle 9/10, IBM DB2, Sybase PowerDesigner 12, Oracle Sqlplus, TOAD, Squirrel SQL, Oracle JDeveloper, ERWin
MySQL, PostgreSQL, SQLite
MS-ACCESS, MS SQL-Server
Programming languages C / C++, C#/CLI (and other .NET Technologies)
Java / JEE/ J2EE, JSP, JavaScript
PHP, Python, Perl
Pascal / Delphi, Modula 2
Visual Basic / VBA / ASP, PC Assembler, Fortran, COBOL, Smalltalk
Project leadership / sales Costing, MS Project and network planning techniques, IT Infrastructure Library (ITIL/SOA), soft skills, coordination- and communication abilities, sales and marketing knowledge and skills

Personality

Aspect Description
Interests Software architecture or positions in creative areas that entail not just pure programming, but also conceptual work or customer contact or creative work or some other possibility to apply university level knowledge and creativity; continuous innovation, acquiring and sharing knowledge, challenging tasks and recognition for success, efficient team work, completing tasks quickly but also going deep where necessary.
Fundamental strengths / soft skills Long concentration, excellent memory & associative power/creativity, giftedness to learn languages easily, to learn fast just with books, teamwork, fairness and collegiality, resistance to manipulation techniques, staying calm/becalming others, ever since applied the strategy to learn knowledge in context, ability to work under pressure or under stress.
Resulting strengths/ soft skills Each professionally funded project was led to success , also roughly within time and budget constraints; proven ability to create and patent unique product advantages and unique selling propositions (USPs); fast grasping of new knowledge fields through autodidactic learning, very broad knowledge, skimming through research papers and news based on comprehensive background knowledge and important concepts, ability to draw / sketch and thus explain any idea quickly, estimating other’s personality and using that (task assignment, sales, negotiations), requirements engineering (completeness, consistency, language skills), graphical specification techniques like UML, excellent results with a sparring partner / in a brainstorming session, grasping large projects in their entirety, turning theoretical ideas into stable, efficient and successful commercial products and covering the entire product life cycle, conceiving USPs, obtaining patents, fast grasping of complex mathematical/logical relationships, combining & coordinating many different people inside and outside the company, working in a self-contained manner, comprehensive business thinking.
Further Qualifications / Advantages High programming productivity (> 10 programming lines/hour) after being familiar with a subject, security/trustworthiness checks passed; security clearance for level “secret”, fast reading, fast typing, knowledge in the areas of pre-sales/sales, financing, subvention programs, in-depth knowledge of standard software under MS Windows and Linux including typesetting and drawing software packages, business thinking, stress resistant.
Effects of practical experience Pragmatic, practical and efficient work style putting customer wishes at a high priority, keeping discussions on a factual level, taking other’s personality into account, understanding/knowledge from both sides (buyer/seller, etc.), better problem avoiding / risk minimization strategies, estimating seriousness, sense for what works practically.
High Mobility Willing to relocate within Europe and North America. Willingness and fun doing business trips, seeing new places and getting in touch with other cultures.
Preferred positions Freelancer projects in software architecture, software engineering, project or product management, (group) leader positions, interim management (development groups or business units).
Hobbies IT, swimming, badminton, jogging, reading, graphic design, art, music.

References:
Time 04/2011 – today
Industry Insurance/Banking ; Llyods Banking Group (LBG ; result of fusion of Lloyds TSB with Halifax Bank of Scotland (HBOS)), Insurance Division (Clerical Medical/Scottish Widows/Heidelberger Leben): Enterprise Architect and Solution Designer: Approx. 104 000 employees.
Locations Heidelberg, Frankfurt (DE), Bristol (EN), Luxemburg (L), Vienna (AU), Milan (IT), Maastricht (NL), Isle of Man (IOM).
Project goal Modernization of corporate IT, integration of the various IT worlds from before the fusion, implementing legally required changes.
Role Enterprise/System Architect, Solution Designer
Tasks 1. Main task: Software-/System-Architect/Solution Designer for improvements and new solutions, e.g. writing rough architectures (Outline Solution Design, OSD) to be elaborated by suppliers. Where it was possible, implementation work was outsourced. An adapted PRINCE2 standard was used for project management.
2. Documentation of the existing enterprise architecture in UML and intuitive easy to understand descriptions. Conceiving an eTOM (electronic Target Operating Model) model while respecting TOGAF. Incorporation and enhancement of data models using Sparx Enterprise Architect. Incorporation/adaptation of SOX- and GxP-compliant process modeling using Bizagi. Suggestion of a corporate document management process and an architecture usage and update process. Research and documentation of requirements regarding the IT systems of banks and insurances, e.g. from MA Risk VA, SOX (Sarbanes Oxley), GxP. Created suggestions on that basis for LBG’s architecture. Evaluation/Review of architectures/suggestions from suppliers.
3. Creation of an business continuity management (BCM) and disaster recovery management (DRM) concept: Conception of redundancy mechanisms using dependency graphs and physically a disaster recovery site, i.e. with 2 sites, several clusters, failover mechanisms, VPNs, zoning concept (access/service/backend/management zones), WAFs (web application firewalls), IPS (intrusion prevention systems), selective error detection and recovery mechanisms.
4. Conception of / transition-management for a corporate eLearning system based on ILIAS 4.1.5 and the SCORM-2004 format, security assessment of ILIAS and defense against corporate IT regarding security.
5. Conception of / transition-management for a corporate intranet based on SharePoint 2010 Enterprise Edition. Using SharePoint, Integration of employee/group search, newsletter, internal market, protected area for managers, booking of trips, taxis, etc. Data extraction from the old intranet and consulting regarding the conversion to the SharePoint format.
6. Conception of the “Annual Statements Project” which delivers an updated version of customer reporting regarding the values of their contracts, the performance of their funds, their estimated benefits, etc.
7. Conception and basic implementation of a source code analysis solution with special support for SQL/DDL, Perl, Java, C# and Cold Fusion to generate UML class and sequence diagrams (as part of the overall architecture documentation).
8. Conception of the Commissions Project to calculate the commissions for independent brokers in a new and optimized way using SAP CD (collection/disbursement), Oracle GL (general ledger), Life/400 and Cor&FJA LF3/LF4 as well as a partner management system.
9. Conception of a SAP Upgrade project and discussion/elaboration with ConVista (SAP consultancy) from 4.6 to 6.0.4 regarding mainly FI/CO, CD with SEPA and Riester pension customizations.
10. Conception of the SEPA/EBICS/ISO20022 Payment Project to support the new XML-based payments in 27 European countries with IBAN/BIC with SDD (SEPA Direct Debits), SCT (SEPA Credit Transfer), EBICS (CCC, CCT, CDD, CDB), ETEBAC (France), DTA as basic format and extended to IBANs (Switzerland), MT940, CSV, R-Transactions (revocations, reversals, rejections, refunds, refusals, returns) management, error handling and mandate management. Prerequisite was the SAP release upgrade and the integration with Oracle GL (general ledger), Life/400 and Cor&FJA LF3/LF4/ZUL/TaxConnect.
11. Conception + implementation of updated calculations in SQL incorporating changes and adapted interpretations in Austrian Premium Tax for Life/400 and the tariff calculation engine (kernel + BIPRO web services/web front-end). Special challenges were a short legal time frame for many tax variants and tax models for various flexible policy conditions, perhaps the most flexible conditions on the Austrian market (e.g. regarding premium holidays, top¬ups, withdrawals and other contract changes).
12. Architecture of a DMS-Add-on for the consistent consolidation of various documents and versions, using Liferay as portal system as well as Etherpad / TinyMCE as a rich text editors. The add-on permits in a left area to load / create / edit / save a content structure for the target document and the presentation of the source documents with their structure. By clicking on each of the relevant chapters, a rich text editor with the content will be displayed to the right. Sentence, paragraph, or section-wise content can be copied/moved/deleted using drag & drop into the target document structure. Already available passages are color-coded to identify duplication or differences between versions. Also, the direct editing of passages in the target document is possible. Hundreds of documents from different development teams or older versions could thus be integrated quickly and inexpensively.
13. Conception of a SIP-/VoIP-Callcenter integration using Asterisk/Sipgate and of a homeoffice-integration using DD-WRT/OpenWRT and Asterisk. Conception/programming of a TAPI-interface in C++/C# using SIP TAPI/AstTapi. Evaluation of Yate, Asterisk, Sipek2, Twinkle, Starface, Siphon, PJSIP, JSIP, JAIN, SIP.NET, Konnectic SIP. Implementation of the RFCs 3261, 3265, 3515, 3665, 3725, 3853, 4235, 4320, 4916 directly or using libraries e.g. for TAPI. Phone calls can be initiated from the PC / laptop and are routed cost efficient using SIP and are assigned directly in the web-based CRM system, even if they were started using the phone or if they were incoming calls. That way 100% of customer contacts are registered.
14. Conception/creation of a prototype for interactive entry of payments into online banking interfaces (similar in concept to sofortueberweisung.de) to set up classical/SEPA payments for a contract and for the easy interactive resolution of R-Transactions. This was part of a lean process management initiative. The JEE/Grails app used HBCI4Java, Web Mining/Scraping and Groovy/Grails with JQuery, YUI, Hibernate, Captcha, Spring Security.
15. Co-Conception of the Italian Anti-Money-Laundering (AML) Project using NameSafe, KYC (Know Your Customer), WinTar and lists of PEPs (politically exposed persons), blacklists and customized rulesets.
16. Review/Co-Conception/Extension for a Dynamic Hybrid Insurance Contract Line for all three insurance layers (Basic pension/Rürup, Riester pension, private pension). This means that guarantees exist for the customer’s money but still a substantial participation in rising stock markets is possible: Safety for invested money combined with participation in a rising stock market (better performance).
17. Creation of a group-wide load and performance testing concept: evaluation of products / tools: Linux Test Project (LTP) for OS Load Testing, JMeter, The Grinder, HP QuickTest Professional / HP Quality Center (web) application load testing; DBMonster for database load tests; Special test programs/plug-ins for LDAP e-mail, SSL-/JDBC-/ODBC-/FTP-/Security-Testing. Evaluation of other tools MS Visual Studio Test Professional / Visual Studio Test Manager, Testing Perl modules (test harness, test-DBIx, C2FIT Test, Test :: FIT), Fitnesse, test code-generation tools. Preparation and holding of presentations on best practices, principles, challenges and solutions in the load / performance testing.
IT Environment Unix, Win32, SharePoint 2010, C#, DB2, MS Access, Java/JEE with Tomcat, MS Visual Studio 2010, Perl, Python, ASP.
IT Tools: Visio, Sparx Enterprise Architect, MS Project, Eclipse, MS Active Directory, Bizagi, TOAD, SquirrelSQL, DB Visualizer, HP Quality Tools(Quality Center, WinRunner, QTP), DMS (Document Management System), Sox Express, Citrix, Kofax, Alchemy, VNC.
Insurance/Finance Tools/Products: SAP CD, Oracle AP, GL, Cash Management, Profit & Loss; Multicash, Multiversa, M/Text, Life/400, Cor&FJA LF3/LF4/ZUL/TaxConnect, Progress (Nera, Boxman, Boxlink), BIPRO, PAWS, RAN, GALA, PAPS, ACE, Advoline, Schufa, Bürgel, Reuters/Lipper Hindsight, Sun Accounts, TLQ, Stars.
Protocols/formats: JDBC, WSDL, http(S), XML/XML Schema (XSD)/XSLT, LDAP, SSL, TLS, BIPRO Webservices.
Libraries/Frameworks: Apache Tomcat, .NET 4.0.

Time 08/2010 – 10/2011
Industry Dt. Telekom/T-Systems: De-Mail project: Approx. 300 people in the team; Approx. 250 000 employees in Deutsche Telekom.
Location Homeoffice; area around Frankfurt/Main, DE
Project goal Design, estimate the feasibility and contexts, implementation, testing, certification and delivery of an e-mail and document storage system according to De-Mail Bill & security standards of the Authority BSI. In this way, De-mails attain the same legal status as registered letters and can be used for mandatory government / administration mail. Slogan: binding, confidential, reliable.
Role Software/system architect in the core team with a focus on security and transition management
Tasks 1. Main tasks: Software-/System-Architect: network infrastructure (access, service and backend zones, admin-LAN), security, storage, databases, VPN Connectors, gateways, application servers, services, applications, front ends, crypto-concept (key life cycle, algorithms, certifikate profiles, OTP, secure tokens, smart cards); Host-/network-based intrusion detection systems (HIDS/NIDS) with active bypass units (ABPU); user and rights concepts, process design, process implementations with respect to crypto-material disaster recovery, compliance (with legal and security requirements), connection with electronic identity card (eID / NPA), input from project management: Definition of work packages, creation of time and cost estimates. Technology of Web Applications: GWT, ExtGWT/GXT/Vaadin RIA frameworks, HTML5 (canvas, SVG, etc.), BST media player (video support), GWT graphics, Gwtrpc-spring, Spring (lightweight IOC container), GWTEventService, Hibernate (ORM), Envers (Auditing), Lucene (fulltext search), Apache CXF (webservices), EhCache, Dozer (object mapping), JasperReport (reporting), Jasypt (encryption), JBoss Drools (workflow and rules engine), Atomikos Transaction Essentials (JTA manager), Apache Tomcat.
2. Creation of a clustering architecture concept with cheap standard hardware modeled based on Google and LinkedIn (Search, Network, Analytics SNA): Hadoop, Google File System (GFS), Google Distributed Systems, Distributed Databases Sensei and Voldemort; essential algorithms and data structures: Map-Reduce, BigTable / Hypertable, Sawzall, compression, encryption.
3. Management task: coordination of ideas for solutions, procedures and best practices, as an architect in the core team with about 20 other teams within German Telecom as well as software and hardware suppliers, totaling approximately 300 employees. Organizing meetings, telephone conferences, presentations and coordination of solutions, leading of discussions on various goal conflicts of solutions: the fastest to be implemented, the fastest running, safest, easiest to be certified, most affordable, most compatible, most profitable, with least risk, from renowned existing manufacturers, provided with the best support. Dealing with high workload under time pressure while minimizing disillusionment & loss of productivity and with minimal need to have to discard already developed partial results.
4. Transition Management Development -> Operation: Design / co-implementation, test and production environments on the TSI-standard (e.g. Hitnet, Blade, eTOM (enhanced Telecom Operations Map), TOGAF, GDM (Group Domain Model)…) as well as new components for future operating standards, process optimization, monitoring: test management, change management, release management.
5. Creation of the security certification documentation for BSI full protection/ Common Criteria, e.g. attack tree creation and based on this protection needs analysis, end-to-end system overview, security concept and analysis. Statement of assets, vulnerabilities, attacks, threats, mitigation, policies, according to Common Criteria and identification of remaining weaknesses and their ranking according probabilities / expectation values.
6. Design / supervision of the implementation of the identified countermeasures/mitigations in the frameworks implementing the security concept according to Common Criteria (CC). The aim of the De-mail system is to be the most secure IT system in Germany, because a compromise of the system would also be a violation of postal secrecy protected by the constitution. In the end most intimate/personal content such as tax and penalty decisions, medical records, etc. will be delivered by De-mail. The certification takes place according to the highest standards of BSI in their widest interpretation, as it probably never happened for such a large system. A particular focus was the analysis of successful hacks. In particular, the background research/analysis of the DigiNotar hack (Netherlands) showed that the information exchange among HSMs using SSL was insufficiently secured against session refresh attacks.
7. Creation of (training) documentation for expertise transfer to operations.
8. Creation of a Security Concept for Web-based front-ends generally with pull on the main front-components: Web apps, generally Java apps, GWT app, JavaScript/AJAX app. The concrete security concept included the total Vaadin-GWT-based front end and back-end connectivity, covering all the sensible detailed specifications / ratings on management and technical level in separate Excel input fields. Then under the assistance of the 10 most important security portals (OWASP.org, We-bAppSec.org, cwe.mitre.org, etc.) listed in each of 100 of the main attack and counter-measures, with all its details and evaluation on each scenario evaluated and adjusted according to the above Categories sorted and a potential danger (the expected value of the loss-dens), and a cost-benefit analysis of the individual countermeasures condensed men. After the final decision on the measures, the residual risk can be calculated and the results-good results for the marketing of the solution are used. After implementation of countermeasures in the context of quality and penetration tests a re-assessment and improvement measures are implemented encryption and countermeasures against new threats are exactly the same re-evaluated and managed.
9. Design and implementation of a validation library for client-and server-based validation, the client side with support for GWT (GXT + Vaadin) and in a mode with JavaScript (Programming of a validation component in JavaScript) or with GWT-JavaScript link via JSNI for performance reasons because GWT's JavaScript Regular expressions are not supported directly. On the server side this is implemented in Java and is kept GWT compliant.
10. Creating a web application test concept which lists explicitly the 50 main attack techniques, in particular with all major types of XSS / XSRF, code injection and other types of attacks in as many representations as possible.
11. Evaluation of technologies / toolkits / standards for the consolidation of documents and document management systems (DMS) and portals. Evaluated as DMS: Liferay, Alfresco, OpenCMS, Drupal, Word Press, Joomla, Typo3, Polarion 2011, LogicalDOC, phpwcms, Booki.cc, as the central file format: XML, RTF, HTML, DocBook, DITA, ODF, OOXML, Wiki formats (MediaWiki, DocBookWiki); as Ajax rich text editors: ether-pad, Tlerik RadEditor, TinyMCE, CKEditor, FreeTextBox, (j) HTMLArea, Xinha, BitFluxEditor, dijit editor, jQuery Rich text Editor (RTE), ekit,. as collaborative platforms: TWiki, LaTeXLab, TeamLab, Feng Office, Nuxeo, Exo Platform, OpenKM, Telligent evolution / enterprise, Zoho Writer / Zoho Docs, Ramius commitment, Show Document, DocScape Mind-Touch Core TmsEKP, as the conversion tools: Herold, HTML2DocBook.xsl, ROBODOC, pod-2-DocBook, DocBook tools, Apache FO, XES, La-TeX2RTF, L2HTML, RTFConverter, UnRTF, WVware, Drupal import / export, as terminology / translation memory systems: openTMS, opentm2, Anaphraseus, OmegaT +, Sun Open Language Tools XLIFF editor Transolution.
12. Architecture of a DMS-Add-on for the consistent consolidation of various documents and versions, using Liferay as portal system as well as Etherpad / TinyMCE as rich text editors. The add-on permits in a left area to load / create / edit / save a content structure for the target document and the presentation of the source documents with their structure. By clicking on each of the relevant chapters, a rich text editor with the content will be displayed to the right. Sentence, paragraph, or section-wise content can be copied/moved/deleted using drag & drop into the target document structure. Already available passages are color-coded to identify duplication or differences between versions. Also, the direct editing of passages in the target document is possible. Hundreds of documents from different development teams or older versions could thus be integrated quickly and inexpensively.
13. Creation of the crypto-concept according to BSI/CC (Common Criteria) Security Standards: Design of all measures concerning encryption, signatures, hashing, authentication and integrity protection. Use of Hardware Security Modules (HSMs, Safenet Luna SA, Thales TEMS), TCOS smart cards (Telesec), Telesec One-Time-Password (OTP), web application firewalls (WAF, Barracuda), intrusion detection und prevention systems (IDS/IPS), firewalls, virtual private networks (VPN, Cisco ASA), connection / end-to-end encryption (SSL / OpenSSL / Java SSL / IPSec), key exchange (Diffie-Hellman), key and certificate generation, management, disposal (entire crypto-material life cycle), the definition of allowed cryptographic methods, their parameters and of measures to protect the integrity such as the detection of tampering or malware (tripwire).
14. Creation of a business continuity management (BCM) and disaster recovery management (DRM) concept: Conception of redundancy mechanisms to satisfy zero-data-loss and 99.99% availability requirements using dependency graphs and other Business Continuity Institute (BCI) Good Practices Guidelines (GPG) with 2 sites, several clusters, Oracle DataGuard synchronous and deferred data replication, failover mechanisms including 4-fold redundant data storage (DB/file system) with Redo-Logs and Snapshot-Support, HSMs (hardware security modules), VPNs, zoning concept (access/service/backend/management zones), WAFs (web application firewalls), IPS (intrusion prevention systems), selective error detection and recovery mechanisms.
IT Environment Red Hat Enterprise Linux, SuSE Enterprise Server 11, IBM AIX, Win32, Java/JEE with Glassfish, Apache CXF WebServices, IBM GPFS (General Parallel File System), Cisco ASA (VPN/Gateway), strongSwan, Brocade Encryption Switch, Thales TEMS, Sun XFS, Oracle RAC, Luna Box, Utimaco LIMS with Gateway, Vmware Virtualization, Virus & malware scanning, Web Application Firewalls (WAF), Identity Enabling Services (IDES), managed Security Information and Event Management (mSIEM), Network Intrusion Detection System (NIDS), Network Shared Disk (NSD), SAN-Systems (Storage Area Networks), Mail Transfer Agents (MTA), One Time Password Tokens (OTP), Lifetime Key Management (LKM), Lawful Interception Management System (LIMS), Load Balancer (LB), Hardware Security Modules (HSM), Soft-PSE (Personal Security Environment), Hard Disk Assembly (HDA), NAT-Traversal, DMZ (Demilitarized Zone), Advanced Mezzanine Card (AMC), TCOS 3.0, Triple Key certificates.
Tools: Visio, Enterprise Architect, MS Project, Eclipse, Elliptic Curve Cryptography (ECC), Hitachi Storage Navigator, Hitachi Device Manager, Hitachi HiTrack Monitor, Brocade Data Center Fabric Manager, TrueCopy, Oracle Database, Oracle OpenDS, HP ArcSight Tools (Base, Web, IT Governance, Admin Console), Squid, Exim, James, Liquibase, Oracle Glassfish v3, Oracle JDK 6/7, Oracle 11gR2 mit RAC, Partitioning, Advanced Security, Database Vault, Advanced Compression, Oracle Text, Diagnostic Pack, Tuning Pack.
Protocols/formats: JDBC, WSDL, http(S), XML/XML Schema (XSD)/XSLT, WS-* Standards, Online Certificate Status Protocol (OCSP), POP3, SMTP, LMTP, IMAP, LDAP, IPSec, SSL, TLS, S/MIME, DNSSEC, DNSCurve, ZFS, NFSv3, NFSv4, X.509v3 with Extended Usages, Data Encoding Rules (DER), Certificate Revocation Lists (CRL), G10 Interface.
Crypto algorithms: Discrete Logarithm Integrated Encryption Scheme (DLIES), Elliptic Curve Integrated Encryption Scheme (ECIES), (Elliptical Curve) Digital Signature Algorithm (EC)DSA, RSA, SHA-2 Hashing, Diffie-Hellman.
Hardware: HP Blade 460 G6, HP Power 750 Systems, Fujitsu RX300 Primergy, Brocade Encryption SAN Switches, Luna SA, Thales TEMS, Cisco ASA (Router/Firewall/VPN), BladeSwitch, Barracuda WAF 860, IBM Proventia Network Intrusion Prevention System, RSA RKM, Certificate Authority (CA: Telesec/V-PKI), Checkpoint/Fortinet/Juniper Firewalls, BigIP Traffic Manager, Load Balancer, RAID systems.
Libraries/Frameworks: JAX-WS, JAXB, Apache CXF, Hibernate, SoapUI, jMeter, Selenium, GWT, ExtGWT/GXT, Vaadin, GWT graphics RIA frameworks, Spring, Dozer, Batik, Atomikos, Drools, jBPM, Selenium, EasyMock, CSP, OpenSSL, HTML5 (canvas, SVG, etc.), BST media player, Gwtrpc-spring, Spring, GWTEventService, Envers, Lucene, EhCache, Dozer, JasperReport, Jasypt, JBoss Drools, Atomikos Transaction Essentials, Apache Tomcat.
Thereby covered technologies UML/UML2, SQL, OOA, OOD, OOP, Domain-Driven Design, WebServices, SOAP, XML, DTD, XSD, XSLT, XPath, XQuery, SOA, EAI, IT security, version/ configuration management, Logging, Tracing, Error Handling, Debugging, Testing, MS Office, MS Project, MS Word, MS Outlook, MS PowerPoint, MS Excel, OTP, CRL, LPAR, LUN, ESP (Encapsulating Security Payload).

Time 08/2010 – 03/2011
Industry Healthcare; Alliance Boots Group (German daughter companies: ANZAG, MegaPharm): Approx. 115 000 employees (largest pharmaceutical wholesale corporation in Europe)
Location Bonn, DE and Zug, CH
Project goal Analysis and improvement of the architecture and of the security of a tumor documentation system based on JEE, Google Web Toolkit (GWT), GXT, Hibernate, Spring, Dozer, batik, Atomikos, and Drools Test Automation with JMeter, Selenium and EasyMock.
Role Architect & GWT-/AJAX-Security-Specialist
Tasks 1. Development of a security concept for architecture, development and test automation, based on Common Criteria, BSI full protection as well as various ISO standards. Implementation of key security measures at the level of architecture and development, eg extensive data (flow) validations, taking the countermeasures with the best cost-benefit ratio for the 250 most important attack types according to the 10-key security portals such as (OWASP.org, WebAppSec.org, cwe.mitre.org, etc.) I collected/conceived for each of 250 most important attacks corresponding counter-measures, with all their details and evaluated each scenario and adjusted it according to the above categories. Then it was ranked including potential danger (the expected value of the losses) and a cost-benefit analysis of the individual countermeasures. After the final decision on the measures, the residual risk was be calculated and the results were used for the marketing of the solution. After implementation of countermeasures in the context of quality and penetration tests, a re-assessment was done and improvement measures are implemented. Countermeasures against new threats were similarly re-evaluated and managed.
2. Design and implementation of a validation library for client-and server-based validation, the client side with support for GWT (GXT) and in a mode with JavaScript (Programming of a validation component in JavaScript) or with GWT-JavaScript link via JSNI for performance reasons because JavaScript’s Regular expressions are not supported directly by GWT. On the server side this is implemented in Java and is kept GWT compliant.
3. Creation of a web application test concept which lists explicitly the 50 main attack techniques, in particular with all major types of XSS / XSRF, code injection and other types of attacks in as many representations as possible. This concept is used to test the validation of the Library, and other security measures.
4. Design / supervision of the implementation of the identified countermeasures/mitigations in the frameworks implementing the security concept according to Common Criteria (CC).
5. Creation of a Java Security library incorporating best-practice security libraries, e.g. from OWASP.
6. Data conversion concept for clinical/oncological data / coaching using TalenD Open Studio (ETL).
7. Usage of UML Lab, an Eclipse-based UML round-trip tool from Yatta based on Open ArchitectureWare (OAW) in a friendly user test: Usage/Adaption of Analysis/Generation-Templates in OAW: Xtext, Xpand, JET.
IT Environment Win32/Linux, Java/JEE with Tomcat, Apache CXF WebServices.
Tools: Eclipse.
Protocols/formats: JDBC, WSDL, http(S), XML/XML Schema (XSD)/XSLT, WS-* Standards, SSL, TLS.
Libraries/Frameworks: JAX-WS, JAXB, Apache CXF, Hibernate, SoapUI, jMeter, Selenium, GWT, ExtGWT/GXT, Vaadin, GWT graphics RIA frameworks, Spring, Dozer, Batik, Atomikos, Drools, jBPM, Selenium, EasyMock, OpenSSL, HTML5 (canvas, SVG, etc.), BST media player, Gwtrpc-spring, Spring, GWTEventService, Envers, Lucene, EhCache, Dozer, JasperReport, Jasypt, JBoss Drools, Atomikos Transaction Essentials, Apache Tomcat.
Thereby covered technologies UML/UML2, SQL, OOA, OOD, OOP, Domain-Driven Design, WebServices, SOAP, XML, DTD, XSD, XSLT, XPath, XQuery, SOA, EAI, IT security, version/ configuration management, Logging, Tracing, Error Handling, Debugging, Testing, MS Office, MS Project, MS Word, MS Outlook, MS PowerPoint, MS Excel, OTP, CRL, LPAR, LUN, ESP (Encapsulating Security Payload).

Time 06/2010 – 08/2010
Industry German Government: Government Printing and Official ID/Passport/Paper Documents Company (Bundesdruckerei) / Maurer Electronics: Verification of travel documents (German identity cards / passports and new electronic identity cards, visas, foreign travel documents).
Location Hanover and partly Berlin, Germany
Project goal Resumption of two discontinued software developments for the authenticity checking of travel documents, one in C + + with Qt and gSOAP, one app. in Java / JEE. Analysis / understanding / debugging of the existing code, integration of systems, creation of GUI prototypes, coaching the development team regarding the JEE technologies: JBoss Seam, RichFaces, Drools, jBPM, Hibernate, Ajax, Smart Client, Grails.
Role Coach, six team members
Tasks Functional:
Coaching, training and guidance of a new team to develop the overall application in JEE, Seam, Hibernate, Ajax, Grails. In addition to general coaching, design / implementation of WebServices / Ajax interfaces for communication between the application parts, creating a Tool-Market overview and discussion of the direction of development with the management, creation of GUI prototypes and discussing the results and development directions with the management.
Technical:
1. Setting up / configuring the development environments for C + +, and JEE application source code.
2. Analysis of the existing application documents and source code in C + + and in Java / JEE.
3. Configuration, debugging, logging / tracing: private coaching, and debug / fix the major errors, especially in the JEE application.
4. Automatic insertion of a systematic tracing / logging in the JEE application to understanding the data and control flows, and to trouble-shoot and for the incorporation and adaptation of the system.
5. Create / Customize WSDLs / WebServices to integrate systems and data exchange with the GUIs with Apache CXF JAXB or XMLBeans with the use of (or even with Apache AXIS2).
6. Preparation of market surveys regarding Java GUI tools, Ajax tools, rapid prototyping tools: Java / JEE GUI frameworks and Ajax frameworks.
7. Coaching and creation of own GUI-/Functional prototypes in different technologies: jQuery / Ajax, Smart Client, SmartGWT, Tersus, ExtJS, Adobe Flash / Flex, Groovy/Grails and Seam / RichFaces.
8. Documentation, training / training of the team.
IT Environment Win32, Java, C + + with Qt and gSOAP, JBoss Drools with, jBPM, Seam, Apache CXF web services.
Tools: Eclipse, Subversion / SVN, JBoss with JSF / RichFaces, Ajax4jsf, Adobe Flash / Flex, Smart Client, SmartGWT, jQuery, Tersus, ExtJS, Groovy/Grails, SpringSource Tool Suite.
Protocols / formats: JDBC, WSDL, HTTP (S), and XML / XML Schema (XSD) / XSLT, WS-* standards.
Libraries / Frameworks: RegExp, JAX-WS, JAXB, Apache CXF, Axis2, log4j, dom4j, RichFaces, Ajax4jsf.

Time 01/2010 – 05/2010
Industry Banking/building-saving (Schwaebisch-Hall/Kreditwerk, Market Leader Germany/Eastern Europe: 14.500 employees; Eastern European daughter building savings societies: PSS.sk, CMSS.cz, RBL.ro, CFgermana.ro, Fundamenta.hu)
Location Schwäbisch Hall, DE
Project goal Design of new web services as part of an ESB / SOA concept for the International building savings package (especially for partner/ daughter building savings societies, many of them in Eastern Europe), exemplary implementation, the connection of Cobol-based back-ends; generalization to the definition of templates and based on this code generation of Java/Cobol source codes. Integration into a JBoss-based system accessing SAP DMS (document management system) and Data Mining / Business Intelligence (SAP BI).
Role Architect/Project Manager, template implementation, 3 team members.
Tasks Functional:
1.) Enable building savings societies to exchange information (using WebServices, JMS) regarding clients and contracts between the departments as well as information with the parent Schwaebisch-Hall as well as information with the parent Schwaebisch-Hall using the ESB. This connection between Java clients and Java or Cobol back-ends is an important step towards the use of an ESB (Enterprise Service Bus) and its further evolution as vital part of a SOA approach.
2.) Application of the framework in a JBoss JEE-based system for scheduling and inventory management for procurement. In particular, integration of the WebService functionality into a JBoss-based system communicating with SAP DMS (document management system) and Data Mining / Business Intelligence (SAP BI); development of relevant JEE-application functionality of the GUI down to the database.
Technical:
1. Creating a generic client and server implementations using XML, http, etc. directly as a fallback solution.
2. WSDL definition with ws-* standards, for example ws-addressing, ws-enumeration, ws-security.
3. Code generation with JAX-WS and JAXB with the use of xjc.
4. Cross-validation and testing, and exploration of features with the use of tools / implementations based on SoapUI tcpmon, SoapMon (AXIS2) and Apache CXF / xmlbeans.
5. Direct connection of AS/400 and iSeries systems with implementations in COBOL using IBM WebSphere Development Studio Client (WDSC).
6. Design / development by tracing / logging / monitoring / error-diagnostic tools for development and operation.
7. Design / development of a persistent layer with HyperJAXB and Trace tool against XML files, databases, text dump and binary data structures.
8. Development of a Java-Cobol integration layer for the IBM server to basis of jt400/jtopen with Program Call beans (Java-> Cobol) with the use of COBOL and PCML copy structures. Exemplary implementation as a template for code generation.
9. Support for integration into Web-based client components using RichFaces JSF and Spring.
10. Help with the migration of the new web service-based views into the existing international standing building societies package.
11. ESB-based conception of further communication structures in the form of Web Services / JMS (definition of the interfaces and data formats) for the whole in backend / frontend functionality needed.
12. Definition of data mappings / ETL with WebSphere Transformation Extender and Talend Open Studio.
13. Creation of templates for code generation with open ArchitectureWare (OAW). Support for the master formats: UML, annotated Java classes, WSDL / XSD as well as XMI.
14. Assistance regarding integrating into the code generation system on the basis of OAW: development of templates and modifications for the generation of all required artifacts for clients and servers (Cobol, Java, PCML).
15. Integration of web service client and server functionality into the JBoss system interfacing with SAP DMS (Document Management System) and Data Mining / Business Intelligence (SAP BI) using SAP NetWeaver Infrastructure Development (NWDS).
16. Design and development of the entire application stack using JBoss RichFaces, Hibernate Criteria API, EJB, named Queries, HQL, EJB stack for Services (EJBs), DTOS, DAOs, Entities / POJOs, conception of the HQL queries as well as the JavaScript-based AJAX functionality with Ajax4jsf.
17. Documentation, training / education of colleagues.
IT Environment Win32/Unix (AIX, Linux), Java, iSeries/POWER6-Systeme, AS/400, z/OS (CICS, RACF, RMF, SMF, IMS, DB2, JCL, ..), WebSphere Data Power, WebSphere MQ, WebSphere Message Broker, WebSphere Transformation Extender, partly Oracle DB, SAP NetWeaver Development Infrastructure (NWDS), SAP BI, SAP DMS.
Tools: Eclipse, IBM WebSphere / Rational Tools, javadoc, Subversion, TalenD Open Studio (ETL), Lotus Notes 7, JBoss with JSF/RichFaces, Ajax4JSF.
Protocols/Formats: JDBC, WSDL, WS-Security, HTTPS, XML/XML Schema (XSD)/XSLT, WS-* Standards (WS-Addressing, WS-Enumeration, WS-Security, WS-Policy, ..), REST.
Libraries/Frameworks: RegExp, JAX-WS, JAXB, Apache CXF, AXIS2, log4j, dom4j, RichFaces, Ajax4JSF.

Time 09/2009 – 12/2009
Industry Banking/stock exchange trading / investment banking (Deutsche Boerse – German stock exchange, 2500 employees)
Location Frankfurt/Main
Project goal Conception of an AJAX based systems for graphical modeling of rules/programs/value calculations/buy-/sell rules as well as (on the server side) the real time calculation of finance instruments and indices by using these programs/rules.
Role Architect/project manager, prototype implementation, initially 2, then 8 team members.
Tasks Functional: architecture, project planning / effort / cost estimates and implementation of a graphical rule system with editor in JavaScript and real time C++ backend for calculating finance / stock exchange indicators and indexes.
Technical:
1. Evaluation of IBM, ILOG JRules, JBoss Drools, Bosch / Innovation Visual Rules, Jitterbit Integration Server / Environment, Jamocha, Jess Rules, Open Rules, PowerLOOM / STELLA, Protégé, Jena OWL framework; Architecture with Enterprise Architect, Visio, and Dreamweaver.
2. Creation of GUI design variants for an own business rules/programming/SQL editor, and SQL query editor with the editing modes UML activity diagrams, activity overview diagrams, UML action language and program flow diagrams (alternatively Nassi-Shneiderman diagrams). Based on this, design of a custom notation for a rule editor with practical elements for loop and subroutine visualization and editing.
3. Business Logic Conception/Implementation: Storage of the control structure as AST (Abstract Syntax Tree / parse tree) Business Objects with layout information. Serialization/Deserialization in JSON/XML using JavaScript and C++. For the created programs/rules code generation of JavaScript and C++ implemented in JavaScript under real time requirements and execution in the client as well as in the server. Connection to the server side finance instruments data base via XMLRPC or WebServices in the formats/protocols JDBC, XML, CSV, JSON. Possible application areas: Conception of indices, investment strategies, calculation of the value of finance instruments and algorithmic/high frequency trading.
4. Review/extension of data base structures and DB models for finance instruments.
5. Conception/creation of a Data base for Investment and value calculation models, calculation components (selection, norming, capping, sorting, etc.) with version control.
6. Server-side conception/implementation/integration: Interpretation (JavaScript using the SeaMonkey interpreter engine) / code generation of C++/JavaScript sources and execution in real time in the browser or in the backend in a C++ Linux environment with the libraries tntnet, tntdb, cxxtools, platinum, boost, xparse. Reporting of errors, results, watch-/trace-information to the browser-based thin client.
7. Client implementation of the business rule editor and SQL query editor as web browser based AJAX applications with drag and drop construction mechanisms in JavaScript / HTML / CSS with jQuery and wz_graphics DIV based drawing library, Raphael graphics library and canvas / Excanvas using tricky DIV placement, and event handling; Graphic Design with Corel Draw / Paint, Adobe Photoshop and Dreamweaver & MS Frontpage.
8. Conception / graphical entering of rules and library functions for calculating values/stock exchange ticks of: bonds, stock portfolios, (customized/dynamic) indices, (event-based) buy-/sell criteria. Creation of rules/infrastructure for the evaluation of a wide range of finance products and its news: OTC products, funds/ETFs (exchange-traded funds), investment banking portfolios, variable/fixed income OTCs, foreign exchange (FX) trading/forex, interest rate swaps (IRS), currency carry trades, structured bonds, derivatives ([stock] options, futures). For all these management/evaluation of corporate news/ad hoc publicities. Implementation using boost, quantlib, xlw-lib.
9. Project management/architecture using Scrum with 4-week sprints.
IT Environment Win32/Unix, JavaScript/AJAX (Client), C++/Java (in the server), HTML5, CSS3, Canvas, Scrum.
Tools: Eclipse (Aptana, Spket), Venkman, Firebug, Firebugmonkey, CSS Viewer, UML-Tool Enterprise Architect, Adobe Photoshop, Adobe Dreamweaver, Adobe GoLive, MS Fontpage, MS Internet Explorer, Firefox, SeaMonkey, putty, WinSCP, git/github, make, autotools, jam, PowerLOOM, Protégé, OpenRules, JBoss Drools Flow/Govnor, Stella, Jess, Subversion.
Protocols/Formats: JDBC, XML, CSV, JSON, WS-Security, HTTPS, XML/XML Schema (XSD)/XSLT, WS-Security with WS-Policy, REST.
Libraries/Frameworks: jQuery, jQuery UI, jQuery flot, many jQuery Libraries, base2/Base.js, Raphael, wz_jsgraphics, wz_grapher, yui, cufon, SmartGWT, GWT, dojo/dojoX, Google Gears, Google Closure Templates, Open-jACOB, qooxdoo, Oracle JDBC/Sql*plus, Eclipse RCP/RAP, boost, quantlib, xlw-lib, tntnet, tntdb, cxxtools, platinum, xparse.

Time Beginning of 2009 – 08/2009
Industry Banking, Switzerland
Location Bern, Switzerland
Project goal Extension / Hardening / Modernization of the central corporate security (authentication/authorization) components (Identity Management System: Authentication/Authorization and its management) as well as integration of external partners as part of a SOA / ITIL concept, in-sourcing of various applications and integration with the central identity management system based on SOA.
Role Architect / project manager in the security sector including implementation, about 10 team members.
Tasks 1. Functional: Extension of an enterprise security solution with new SOA (WebService), audit and enterprise role functions, roles as well as extension / improvement and hardening of the existing solution. BPEL process definitions served as the basis for rights granting and withdrawal process definitions as well as standards regarding Information Security Management Systems (ISMS): ISO/IEC 27000, ISO/IEC 27001, ISO/IEC 27002 and regarding Public-Key-Infrastructure (PKI) with Sun Directory Server and LDAP. Porting the whole application from WebLogic 8 to WebLogic 10.3/11, in particular porting of the Web services / SOA interface by adding annotations to the web service implementation; based on this automatic generation of Web services via a ported Ant build (ported from WebLogic 8 to 10.3/11) using MBeans and Jython programming.
Technical: Reverse engineering of the data base and class structure of the applications as UML/ER diagrams with Enterprise Architect and Sybase PowerDesigner, conception and application development in Java/JEE, (penetration/safety/security) test of the existing J2EE applications, identification of weaknesses and their removal with Eclipse/Bea Workshop, Oracle/Bea Weblogic 8.x-11.0, automated (ear/exploded/split) deployment and building with ant; Libraries: Struts, JBoss Seam (JSF), xdoclet, Hibernate, Spring, ClearCase, ClearQuest, Splunk. Understanding and porting of complex Ant builds with circa 500 targets: Visualization of the Ant target dependencies, calculation of Ant call stacks, porting of Ant build files to WebLogic 11 ant tasks, introduction of incremental building and logging/tracing in Ant and integration into the entire build system.
2. Functional: Conception/implementation of hybrid tools for the identification, communication, tracing and management of source code weaknesses (crashes/errors/security problems) sorted based on relevance. Developers are informed by E-Mail/JSP-Web-interfaces about existing weaknesses / errors in code created by them and the progress is tracked. In addition various open source tools were integrated.
Technical: Calling of the tools PMD, FindBugs, ESC/Java, Hammurapi, Checkstyle, Lint4j, jLint, (Java) compiler (errors/warnings), analysis of the output and conversion into a neutral format as well as storing it locally as XML / or on the server side or in a data base via HyperJAXB. Subversion blame/praise computation (SvnKit), annotation of source codes with author/error messages/warnings, etc.; Weighting of each error hint per identifying tool in terms of precision and coverage so that the most urgent code weaknesses are highly prioritized, sending e-mails regarding the most relevant vulnerabilities, automatic insertion of annotations regarding the manual classification of weaknesses (relevance, priority, required steps) or store the information in XML or DB, tracking the progress of resolving the weaknesses.
3. Functional: Insourcing of J2EE applications developed by external suppliers.
Technical: Reverse engineering of the database and class structure of the applications as a UML or ER diagrams with UML tool Enterprise Architect and Sybase PowerDesigner, porting the build system to Maven2/Maven3 using XDoclet / annotations, development/adaptation of Maven Mojos/plugins, Artifcatory, Sonatype Nexus, migration from WebLogic 8.1.6 to WebLogic 10.3/11.0. Further Tools: Struts, XDoclet, Hibernate, LDAP.
4. Functional: Design / refinement / extension of the SOA/ITIL future:
a) Development of a concept of a common security layer for both client and server applications and also web services and JMS systems to ensure uniform authentication / authorization, and caching of permissions.
b) Development of a concept for granting and withdrawing of authorizations for persons / applications / resources based on BPEL/BPM.
c) Concept for creating a common basis for rich and thin clients by using AJAX code generation with JET (Java Emitter tem-plates) or the GUI framework Captain Casa (generates both thin clients and thick clients with JSF Swing), and alternatively using Eclipse RCP / RAP based on UML modeled or generated business classes in Java (Domain-Driven Design).
IT Environment Win32/Unix: JEE-/J2EE, Oracle 10, Oracle/BEA WebLogic 8-10, Glassfish, Java Management Extensions (JMX), ITIL, SOA/ESB, AIX, Solaris.
Tools: Eclipse, BEA Workshop, UML-Tool Enterprise Architect, XmlCopyEditor, Stylus Studio, Sybase Power Designer, ClearCase, ClearQuest, putty, WinSCP, Oracle Sqlplus, TOAD, Squirrel SQL, Python, perl, ant, maven, MS Project, Splunk, JProfiler, Cobertura, Bamboo.
Protocols: WS-Security, HTTPS, XML/XML Schema (XSD)/XSLT, WS-Security with WS-Policy, t3, Radius, Diameter, Triple-A, RFC 3539, 3588, RAS.
Libraries: HyperJAXB, SvnKit, JSP, Struts, XMLBeans, JAXB (Binding), JAXWS (Web Services), Digester, SAX/DOM/StAX, JAAS, SAAJ, BouncyCastle, Oracle, JDBC/Sql*plus, Hibernate, OpenJPA/JPA, xdoclet, Spring, poi (Excel-File-Processing), spring, log4j, junit, JCA, Captain Casa, Eclipse RCP/RAP, OC4J.

Time 08/2008 – 12/2008
Industry Banking (Deutsche Bank, Citigroup GCB, Sal. Oppenheim, Sparda Bank, Norisbank, Commerzbank)
Location Frankfurt/Main
Project goal Capital Gains Compensation Tax/Withholding Tax project and interfacing/data exchange with external partners via JMS, secure file transfer, secure web services.
Role Architect, later Transition Manager/Project manager, also implementation regarding security topics
Tasks 1. Functional: Architect for an outsourced cooperative project for implementing a capital gains compensation tax / withholding tax solution on the basis of the Tributum software. This was done to the service of the functional departments for tax affairs/projects with effects on numerous banking processes: From accounting and interest rate calculation for savings accounts via stock trading to derivative trading; Supervision and quality control of a software supplier.
Technical: Architecture with governance functions, creation of interface definitions and managing the implementation, quality assurance of the supplier/audit, code review, configuration/release/build management (manual and XML-XSLT based build file and configuration file creation for standalone/cluster systems), mass data processing, build and release management / J2EE deployment with Web¬Logic/WebSphere, WebSphere Transformation Extender (WTX), connection of JMS based queues of WebSphere MQ (MQSeries) with WebLogic using .binding files (created using JMSAdmin) and XML files, Oracle XA connectivity (2-phase-commit), testing, troubleshooting, manual/automatic log file analysis with regular expressions, Splunk, creation of DTA-, COMPTAX-, COTAX-, and RITAX formats as well as connectivity to derivative systems (ETD – exchange traded derivatives: e.g. (stock) options and futures) also via Rolfe & Nolan (RAN) systems and connectivity with COBOL applications, handling of COBOL data structures, also via Java/J2EE, connectivity with C++/C#.net systems (CLI).
Project management:
• Functional and technical project management of a team of 25 employees and external suppliers
• Project management and coordination in consultation with the overall project management
• Communication with other (sub-)projects / project partners, regarding project-related requirements, actors, interfaces, in particular the required changes regarding business processes (BPM), change management
• Documentation of results and project progress
• Developing decision templates and presentation on the steering committee level
• IS-Analysis of business processes
• Design of target processes, particularly data flows of trade transactions between bank departments and between IT systems
2. Functional: Realization of an information accumulation system based on external sources, e.g. from Equens (previously Interpay). Application: international credit standing and seriousness examination e.g. before accepting new customers.
Technical: Development of sure web services in Java with Apache AXIS 2 as well as the standards WS-Security (WS-Policy / WS-Addressing). Realization of the business logic in XMLBeans. Code generation on the basis of XML schema (XSD) and WSDL. Data formats: UNIFI/MX formats/ISO 20022, COTAX, RITAX, CSV, SWIFT.
Project management:
• functional and technical project management of a team of 25 employees and external suppliers
• Project management and coordination in tight coordination with the overall project management
• Coordination with other sub-projects / project partners regarding project related requirements, actors, interfaces, and in particular the necessary changes to business processes (BPM) and change management
• Documentation of results and project progress
• Development of decision-making models and presentation on the level of steering committees
• Analysis of existing business processes
• Design of target processes, particularly data flows regarding bank transactions between bank departments and their IT systems
3. Functional: Development of a JAVA / JSP layout and tag set basis for internet and intranet information systems.
Technical: Creation of JSP-based GUI templates on the basis of JBoss RichFaces, JBoss Seam, JBoss Portal, Hibernate / OpenJPA, XTHML. Eva-luation/Testing of backbase, dojo, JSF IceFaces, Spring WebFlow, ExtJS Toolkit, script.aculo.us/ scriptaculous based on prototypeJS, GWT (Google Web Toolkit), jQuery.
IT Environment Win32/Unix: Oracle 10, BEA WebLogic 10, IBM WebSphere MQ 7, WebSphere JMSAdmin & WTX, Tributum, Java Management Extensions (JMX), Oracle RAC (Real Application Cluster), ITIL, SOA.
Tools: Eclipse, BEA Workshop, UML-Tool Enterprise Architect, Altova XML Spy, XmlCopyEditor, Stylus Studio, Liquid XML Studio, Sybase Power Designer, putty, WinSCP, Oracle Sqlplus, TOAD, Squirrel SQL, Oracle JDeveloper, WebSphere MQ Explorer, rfhutil, MS Visual Studio 2003/2005 with C#.NET (CLI), Python, perl, awk, bugzilla, Lotus Notes, ant, maven, Splunk.
Protocols: WS-Security, SFTP, HTTPS, XML/XML Schema (XSD)/XSLT, WS-Security with WS-Policy and WS-Addressing, t3.
Libraries: XMLBeans, JAXB, JAXWS, saxon, vtd-xml Parser with XML-Indexing for Acceleration, Xerces, Xalan, Digester, SAX/DOM/StAX, Apache AXIS2 (also AXIS 1), WSS4J, JAAS, SAAJ, SignEnvelope, Rampart, Rahas, Sun Crypto Provider, BouncyCastle, JBoss RichFaces, JBoss Seam, JBoss Portal, Spring WebFlow, Oracle TopLink, Hibernate, OpenJPA/JPA, poi (Excel file processing), spring, log4j, junit, jasypt encryption, icu4j, regexp, pcregex, Jasper Reports, Crystal Reports, JCA (Java Connector Architecture, Java Cryptography Architecture), OC4J.

Time 01/2008 – 08/2008
Industry Automotive (Daimler, Third-biggest German automaker, known for “Mercedes cars” and highest quality)
Location Stuttgart/Böblingen
Project goal Development of an integrated PDM system (product data management) with Rich Client, CATIA V5 CAA Plugins, Thin Clients, Web Services and Tools.
Role Software-Architect, approx. 40 guided employees
Tasks Functional:
Automation / optimization of the product (i.e. car/truck) creation process at Daimler and its suppliers, first of all, in the area of CAD/construction with CATIA and IT. The focus was on the efficient coordination of the participants in development projects and it was particularly on the efficient automatic propagation and examination of specifications, changes and their abidance.
Technical:
Generally: Creation of the whole architecture for all rich clients of the corporation-wide PDM system for CATIA and under Eclipse RCP (Rich Client Platform) in CAA C++ and in Java with sufficient performance and parallelism for mass data processing.
Project management:
• Functional and technical project management of a team of 15 employees and external suppliers
• Inception and elaboration of the project plan in MS Project
• Project management and coordination in consultation with the overall project management
• Communication with other (sub-)projects / project partners, regarding project-related requirements, actors, interfaces, etc.
• Documentation of results and project progress
• Developing decision templates and presentation on the steering committee level
• IS-Analysis of business processes
• Design of target processes, particularly IT security processes
1. Coordination of the onsite and offshore teams.
2. Architecture/conception of CATIA based Rich Clients in the form of plug-ins in C++ for the CAD program CATIA of Dassault Systemes with the CAA/RADE frameworks for connecting CATIA to the Daimler product management system Smaragd on basis of team center enterprise/engineering via web services. Architecture for Java based PLMXML and PLM Services XML components, framework for resources production and validation, partially also the implementation of complex components. One design goal was the support/compatibility with the CMI system of T-Systems (especially regarding server API and usability).
3. Architecture/Review/Code Inspection of a generalized PDM system for arbitrary Siemens PDM (previously UGS) team center enterprise/ team center engineering systems.
4. Architecture for Tool developments: PLMXML Validator and extension of the continuous integration server Luntbuild/Continuum for CATIA/CAA, makechecksource, PMD, and other code quality tools. Notification of exactly those developers responsible for warnings/errors (subversion praise/blame) based on the relevant file and line numbers.
5. Architecture of the new Daimler Common engineering client (CEC), as well as in parts of the Eclipse RCP-/RAP-based Smaragd rich clients, which represent a common basis for all rich clients in the Daimler Corporation. In particular Conception on basis of Java of the web services, SOA/ESB concepts, Service Data Objects (SDOs), Security with Web services Security, CA eTrust SiteMinder as well as the Daimler Proactive Infrastructure (PAI) Framework, Higgins Framework. Further emphasis: Build and release management, operating RCP applications for multi-users, RCP deployment, RCP bundle security, RCP perspective security, credential caching, resource pooling, JMS, multithreading, RCP printing (PaperClips Framework), GUI automation with XForms on the basis of a self-developed RCP XForms framework and the Chiba JSP framework as well as a self-developed code generator, VRML-/3D-/JT-viewer on basis of Ogre3D/Ogre 3D, GUI/reporting libraries: swt (Standard Widget Toolkit), JFace, Jasper Reports.
6. Architecture of a general Supplier Client: A tools for mapping and converting/transforming of various declarative data formats for integration into a central (PDM) repository. Conception of an own engine following the WebSphere transformation Extender (WTX). Substantial data formats: PLMXML, PLM Services XML, STEP/ProSTEP, VDAFS.
IT Environment Win32/Win64/x64/Unix, CATIA CAA, RADE, C++, Java 1.6/1.7, OpenJDK, Eclipse RCP 3.4, Eclipse RAP 1.1, Java JEE-/J2EE, Groovy, Scala, ScalaCheck, UML-Tools Enterprise Architect/Borland Together, Visio, Subversion, Continuous Integration Server, XForms, PLM Services XML, PLMXML, Java Management Extensions (JMX), ITIL/SOA, ESB.
Tools: MS Visual Studio 2003/2005 with .NET, ant, maven, Luntbuild Build Server, Continuum, Anthill, Cruise Control, CATIA CAA/RADE with makechecksource, truc (Requirements Management), Lotus Notes, eclipse/JBuilder, Teamcenter Enterprise, Teamcenter Engineering.
Libraries: XML processing with Apache XML Beans, Apache Digester, xstream, Saxon parser, xfire, stax, JibX, spring, log4j, junit, Eclipse RCP, Eclipse RAP, SWT (Standard Widget Toolkit), JFace, Jasper Reports, OpenJPA/JPA, Higgins Framework, PaperClips, Eclipse Nebula Widgets, Jetty http, jaxen XPath, Oracle TopLink, JCA (Java Connector Architecture, Java Cryptography Architecture).

Time 05/2007 - 01/2008
Industry Telco / Government (German Telekom (T-Online/T-Home/T-Systems), largest European telecommunications corporation (ca. 247 000 employees)
Location Darmstadt, Ulm, Nuremberg
Project goal Architecture/creation of J2EE systems: IT security, form-based applications, JMS messaging systems
Role Software architect, code generation expert, IT security expert, developer of Java (EJB) web applications:
Tasks
1. T-Online/T-Home: Development of a new component for corporation-wide central authentication and authorization with JAAS based programming API for diverse Java applications with corresponding mechanisms for requesting, granting and withdrawing of rights. This took part in the context of switching to an ESB (Enterprise Service Bus, term of SOA/ITIL) architecture and an ESB/SOA/ITIL IT service structure. A first application was the administration and automation of the configuration, build, and maintenance work regarding the IT infra structure of former T-Online (now T-Home) in the deployment-team/back office, e.g. in the context of a configuration token tool which permits it to assign different values to named tokens - depending on environment and interfaces/connectivity. This was used e.g. for creating deployment descriptoren, services.xml, build.xml (ant/maven configuration files). Inversion of Control and Dependency Injection principles were implemented with Spring 2.x and database-connectivity was used to Oracle and MySQL. Usage of ClearCase, ClearQuest, Remedy for the management of configurations and work packages-/ trouble tickets. UML- and DB specification using Borland Together and Innovator 2007. Mass data processing.
2. T-Systems: Requirements engineering and software architecture for RES (Realtime Enterprise Services), a BEA-based newly developed platform (WebLogic 9.2, ALSB: Aqualogic Service Bus 2.6), Oracle 10i, Nofilis Crosstalk (Edgeware) for tracking and tracing of moving units like goods, trucks, cars. The aim is management and control of logistics chains (e.g. for unveiling theft and abuse) using bar codes and RFID: E-Mail-Services, map matching algorithms, WebService-/EJB/XML schema creation, SOAP concepts (like SAAJ, WS-I, WSIT), security concept, redundancy/clustering, test automation, tool evaluation of jMeter, The Grinder, HP Quality Center, HP QuickTest Professional, mass data processing, Crystal Reports.
3. Architecture and advancement of an existing JSP based code generator; production of approx. 1 million lines of code for the middle and deep EJB tiers of form-based applications with workflow functionalities and Oracle data base connectivity (DB, Hibernate, EJB, business logic, reports), GUI: Swing JGoodies/AppFramework, JSF MyFaces Trinidat, Tobago, Tomahawk. Development of a Java parser based on JavaCC/sableCC with the feature to accept input for EJB, Hibernate or other instructions within Java comments which will then lead to the desired functionality in the generated code.
4. Federal authority project: Creation of a small adjusted ERP solution: Employee administration, library maintenance, resource administration, planning of financing and staffing, security concept. MDA based generation techniques by means of Apache Velocity and a JSP based template engine along the lines of JET (Java Emitter Templates) (open ArchitectureWare, AndroMDA, middlegen, ejbgen, xDoclet were evaluated and appropriate concepts were used), Struts 2.x, inversion of control as well as dependency injection principles with Spring 2.x, partly in EJB2/EJB3 with DAOs, DTOs, POJOs, Validator framework, form objects, object cashing/object transfer assembly. Workflow functionality with states, pre- and postconditions. Data base connectivity via Oracle and MySQL. UML and DB specification using Borland Together and Innovator 2008. GUI support for JSP, JSF, JBoss Portal, JBoss Seam, JBoss RichFaces, MyFaces, ExtJS, Swing as RichClient. As model and migration basis served legacy applications in C#/C++.net (CLI) with nHibernate/T-SQL/H-SQL or LINQ functionality and Windows Forms GUI.
IT Environment BEA WebLogic, ALSB (Aqualogic Service Bus - JMS/ESB solution), Oracle 10i, JSP/J2EE (Tomcat, JBoss, Bea Weblogic mit den Frameworks Struts 2.x/JAAS, AXIS 2, WSO2/WSF (Web Services Framework), Hibernate, Apache Commons/Jakarta, JBoss (J2EE), JBoss Portal, Java Management Extensions (JMX).
Tools: MID Innovator 2007/2008, Bea Workshop, Enterprise Architect 7.0 von Sparx Systems, XML Spy, Polarion, Jira, BEA Workshop, XML Spy, Stylus Studio, Polarion, Jira, Eclipse/JBuilder, Borland Enterprise Server, ant, maven, putty, WinSCP, TortoiseCVS, TortoiseSVN, Apache jMeter, The Grinder, Mercury Interactive WinRunner/TestDirector, Mercury QuickTest Professional - now HP Quality Center, HP QuickTest Professional, Oracle Sqlplus, TOAD, Squirrel SQL, Oracle JDeveloper, MS Visual Studio 2003/2005 mit C#.NET, CLI.
Libraries: POI - Word/Excel/PDF conversion, Batik SVG, jUnit, log4j, graphViz, Lucene, JDBC, Spring 2.x/Acegi, Struts 2.x, JavaMail, J2EE Connectors, JDBC, OC4J, Codecs, Activation, OpenJPA (Java Persistence API). JSF, Swing, JGoodies, MyFaces (Trinidat, Tobago, Tomahawk), Hibernate / OpenJPA/JPA, XMLBeans, Saxon XML parser / XSLT / XPath / XQuery, JavaCC, sableCC, Crystal Reports, ExtJS, JCA (Java Connector Architecture, Java Cryptography Architecture).
Thereby covered technologies UML/UML2, Java, Rich-Client, User-Interface-Programming, Swing, SQL, HSQL, T-SQL, PL/SQL, OOA, OOD, OOP, Domain-Driven Design, WebServices, SOAP, XML, DTD, XSD, RelaxNG, XSLT, XPath, XQuery, SOA, EAI, Oracle, JEE, J2EE, EJB, Hibernate, JPA, Version-/ Configuration Management, Logging, Tracing, Error Handling, Debugging, (Unit)Testing, MS Office, MS Project, MS Word, MS Outlook, MS PowerPoint, MS Excel.

Time 06/2007 - 08/2007
Industry Banking (Joint Venture Allianz/Dresdner Bank with BNP Paribas, ca. 170 000 (Allianz) + 142 000 employees (BNP Paribas))
Location Munich
Project goal Extending Jira with precise actual vs. expected functionality (calculated fields with business logic and display components) and reporting.
Role Software architect and developer
Tasks Part-time project for the development of Atlassian Jira extensions for integral expected vs. actual time recording, cost control (additional calculated fields) and reporting under Java with JDBC/MySQL.
IT Environment Server-side Java on Linux with JDBC/MySQL and the frameworks/tools WebWork, XWork, Apache Velocity, Jelly, OfBiz (Open for Business ERP Framework), maven, eclipse, OpenJPA/JPA.
Thereby covered technologies UML/UML2, Java, JSP, Java Beans, SQL, OOA, OOD, OOP, XML, HTML, CSS, DTD, XSD, RelaxNG, XSLT, XPath, XQuery, JEE, J2EE, EJB, Process Analysis, Version-/ Configuration Management, Logging, Tracing, Error Handling, Debugging, (Unit)Testing, MS Office, MS Project, MS Word, MS Outlook, MS PowerPoint, MS Excel.

Time 12/2006 - 05/2007
Industry Banking (Commerzbank, third-largest German bank, ca. 25 000 employees) in cooperation with Tembit and Kobil.
Location Frankfurt/Main, Berlin
Project goal Combination of the advantages of HBCI and cash cards by development of appropriate drivers/controls (IT security project). On this basis then a distributed authentication/authorization solution had to be implemented to let for instance an accountant enter payments which will then finally be electronically cleared/authorized by higher ranking persons.
Role Software architect and developer, IT security expert
Tasks Functional: Creating a possibility for safe distributed authentication and authorization of payments with commonly used cash cards. Apart from reaching the goal this solution became also CeBIT-2007-Highlight and the article about it can be found on-line, e.g. under www.heise.de searching with the keywords “Commerzbank“ and/or “Kobil“.
Technical:
1. First adjustment of a sample program as Proof of Concept. Then conception and development of the full middle ware and full driver ZKA signature API level in C++/Java for accessing a new generation of SIM-/SECCOS smartcards/chips/bank cards (EC cards with cash card function) of G& D in mobile phones, in PCs under Windows, in Linux (gcc/gdb, shell) and in Apple Macintosh/MacOS X/Tiger on the levels of the APDUs, CCID, PC/SC, Smart Card File System and PKCS#11.
2. JNI interface; Controller programs as Java applets and Java applications.
3. Support functions for the secure authentication/authorization of electronic purchases (e-commerce/e-payment) and for using the smart card for encryption, digital signature and DRM (digital rights management), e.g. for secure electronic content download and controlled usage. In the SIM form factor, the smart card and the developed software can also be used in mobile phones / cell-phones for electronic purchases and IT security. The SECCOS smart cards are produced by G& D and belong to the most important and most common smart the cards in the German banking landscape, like EC card and money card.
IT Environment Windows, Visual Studio classical and with CLI C#/C++, Linux (g++/gcc/gdb, shell, xemacs) und Apple Macintosh/MacOS X/Tiger, Xcode, Darwin, Jira, Card reader by Kobil, fltk, pipe/socket programming for remote smartcard control, JCA (Java Cryptography Architecture).
Thereby covered technologies UML/UML2, Java, OOA, OOD, OOP, C/C++, Refactoring, Reverse Engineering, CLI, g++, MacOS, Tiger, CCID, Sockets, RPM, Process Analysis, Configuration Management, Logging, Tracing, Error Handling, Debugging, (Unit)Testing, MS Office, MS Project, MS Word, MS Outlook, MS PowerPoint, MS Excel.

Time 09/2006

Temporal and spatial availability.:
Worldwide on-site available

Contact freelancer

Name: *		Company: *
Email address*:		Phone:
Your website:
ZIP & City*		Country*:

*Subject:**

*Inquiry:**
Security code: *
I accept your conditions: (You agree that you do not send any spam messages to the freelancer, see § 4.8 our terms of use. There are no fees or contracts.)