How do you convey complex security concepts in a comprehensible way? And how do you get students excited about a topic that is often considered dull? We spoke with our colleague Maximilian Müller, Managing Consultant at usd AG, about his lecture "Information Security Management" at TU Darmstadt and its real-world relevance, and looked behind the scenes.
You have been teaching at TU Darmstadt for some time now. How would you describe your lectures?
Maximilian Müller: In my lectures, I want to take students out of the theoretical realm and into the practical world. Information security is not an abstract concept; it affects companies every day. We look at how companies implement information security in terms of organization and processes. Topics include, for example, setting up an ISMS in accordance with ISO 27001, determining protection requirements and risk analyses, incident management, and general security awareness within the company. My goal is to provide a holistic view that highlights connections and provides insights from practical implementation. I don't want to just go through standards from top to bottom but rather show how they are actually implemented in the real world.
What drives the cooperation between TU Darmstadt and usd AG?
Maximilian Müller: We want to share knowledge. The cooperation with Professor Waidner and the Department of Computer Science has been in place since 2021, and this year I am giving the lecture for the fifth time. The TU brings strong research to the table, and we provide the practice perspective. Together, we design a lecture that not only imparts knowledge but also provides practical approaches. After all, if you want to manage information security, you need to understand how organizations work and how to make risks truly tangible. I'm especially excited that this year, we're opening the doors not just to TU Darmstadt students, but to all interested students from the Rhine-Main Universities (RMU).
How do the students react to this approach?
Maximilian Müller: Very well. Many of them quickly realize that information security is more than just technology. It's about processes, communication, and responsibility. At first, they have to get used to the fact that there is often no “right” or “wrong.” In cryptography, it's easy to say “This approach is wrong” or “The proof is incorrect” – but here, there's no black and white; the answer is usually “It depends” – as is often the case in practice. Gradually, a genuine understanding develops, and often enthusiasm as well.
What are you aiming for in the long run?
Maximilian Müller: I would like to see more active exchange with students and more practical experience in other courses as well. Information security is a topic that comes from practical experience, and this must also be reflected in lectures. With this teaching cooperation, we not only want to educate students, but also show them how exciting the topic is. Ultimately, it's about taking responsibility for data, systems, and people and developing an understanding that information security is not a niche topic but is closely linked to business processes and responsibility within a company. Those who take this on board and find the topics enjoyable will be well prepared for their future careers.
We wish you a successful semester and an enjoyable lecture!
