Pretzels, Weisswurst and more security

1. February 2019

Raphael Heinlein (left) and Christoph Cierpka (right) talk about usd’s “Munich start-up” and why it’s worth it to become a part of it.

In 2018 you decided to go to Munich for usd. What made you do that?

Christoph Cierpka: I’ve been with usd as a pentester for three and a half years working at the HeroLab Headquarters in Neu-Isenburg. When I heard about the opportunity to join the usd team in Munich last year, the decision wasn’t hard to make. Conquering new grounds backed by usd – that sounded cool and it turned out to be.

Raphael Heinlein: Exactly. Be don’t have stiff routines or responsibilities – how could we, with such a small team. We make decisions ourselves, as a team, and we keep growing with each new challenge. That’s exactly what I wanted, that’s the reason I’m here.

What makes Munich as a usd location special to you?

RH: We enjoy all the advantages of a small business, but we already have the big clients and exciting projects that “real” market newcomers don’t have. And, well, it’s Munich.

CC: Munich with its excellent universities and our local client base is a great location for usd. And working here feels like working for a start-up: We have real responsibility and a lot of freedom to grow and innovate, but with the whole of usd as a support network – what start-up can say that about themselves? The Bavarian way of life is a plus – what can I say, I really like being a part of this.

Do you think your clients in Munich appreciate you being based close to them?

RH: Definitely. As an auditor, I naturally travel a lot for our international projects, but I always sense a special mentality here in Munich. My clients always appreciate me coming to their premises and that makes my work much more enjoyable.

CC: Munich locals like Munich locals. I understand that. We’re just around the corner. Even in my field, penetration testing, where many companies perform their services remotely, my Munich clients appreciate the fact that I am on site to do their security assessments. It means I can answer any questions that may come up directly face-to-face.

How do you work together?

RH: We each have our technical and professional focus. I am an auditor and Christoph is a pentester, but in Munich we work across teams and advise our clients as a unified source. This creates a special bond within the team. We also maintain a direct exchange of knowledge, short communication lines and we have lots of fun together. As far as team events are concerned, for example, Munich is probably the place to be – beer gardens, skiing, hiking and, of course, the Oktoberfest. Okay, the usd Carnival enthusiasts at our Cologne office would probably fight me on this and claim the best party atmosphere for themselves.

CC (Laughing): That’s about right. But, in all seriousness, the dimensions of our projects and assignments regularly require us to team up with colleagues in large project teams across divisions and locations anyways. We aso see each other outside of our project work – not only virtually. At Academy events, our annual Kick-off, our outdoor event or for team workshops. We have a strong team spirit and regular exchange across the entire usd.

In 2018 you already made your first contacts in the Munich academic sphere and cooperated with the Elite Network Bavaria. What exactly did you do?

CC: That’s right, together with the Center for Digital Technology and Management (CDTM), a joint institute of the Ludwig Maximilian University (LMU) and the Technical University of Munich (TUM), we offered a cybersecurity seminar during the winter semester. Maintaining close connections to universities and sharing knowledge is important to us and to usd in general, not only in Munich.

In 2019 you want to build up a Munich team. What kind of reinforcements are you looking for?

RH: Above all, we‘re looking for people who would like to join the “usd@Munich” mission. We‘re looking for people who are interested in the professional aspect of our mission, “more security”, and who would also enjoy the “start-up” character of it all. Be it as a consultant, auditor, pentester – it doesn’t matter. The only thing that matters is that they are excited about IT security and about joining our team.

Why do you think the “usd Munich start-up” is an exciting working environment, with all the competition of large corporations in the area?

CC: Whether you think this is cool or not depends on what kind of person you are. Some people want the structures and clear responsibilities a large corporation has to offer, but that’s just not us. But where else do you get the opportunity to take matters into your own hands, bring your skills and knowledge to the table and work as a “tiny Munich player” for such large clients? So, to all those who are interested in this little adventure: We are looking forward to your applications.

Also interesting:

usd AG Partner to PCI SSC GEAR 2022-2024

usd AG Partner to PCI SSC GEAR 2022-2024

The PCI Security Standards Council (PCI SSC) has reappointed usd AG to the Global Executive Assessor Roundtable (GEAR). Since 2018, the GEAR has enabled a direct exchange between PCI assessors and the PCI Security Standards Council (PCI SSC). Every two years, leading...

Security Advisory for CleverReach

Security Advisory for CleverReach

The analysts at usd HeroLab examined CleverReach as part of their security analyses. This revealed a vulnerability in the  Authentication Bypass Using an Alternate Path or Channel, which was reported to the manufacturer as part of the Responsible Disclosure...