About

Cybersecurity practitioner with a decade of operational leadership before pivoting into security. Currently Security Lead at Morrow Collective, a Berlin consultancy, where I run the security programme and build the tooling that supports it.

The programme covers GDPR, BDSG, and ISO 27001 alignment. I wrote the company's three core security documents from scratch: a 40-page Team Security Handbook, a 20-page Information Security Policy signed by the Co-Founders, and a 16-page ISO 27001:2022 Gap Analysis covering all 93 Annex A controls. Coverage today sits at 49% fully covered, 37% partial, zero open gaps. The work also handles the operational pieces a programme needs to actually run: incident response, awareness training, joiner-mover-leaver procedures, the annual policy review cycle, and a severity matrix grounded in BSI guidance.

The tooling is MorrowGuard, a phishing simulation and security awareness platform now running in production. It runs phishing campaigns, training modules with quiz-gated progression, leaderboards, badges, and employee report flows. Compulsory policy attestation blocks app access until users pass a 20-question handbook quiz at 75%. Built as a non-technical founder using Claude Code, with product, security architecture, and code review owned directly. I also ran a security audit on the platform and remediated three findings to commercial grade: a row-level security regression, a missing ownership check, and an anonymous access vector. Stack: React, Vite, TypeScript, Tailwind v4, Supabase in Frankfurt for EU data residency, Vercel hosting.

Before security, I spent over a decade running infrastructure delivery and operations across three countries. I started in UK telecoms with MJ Quinn, delivering 15+ fibre infrastructure projects across roughly 100,000 endpoints, managing 1M+ GBP procurement budgets per project and coordinating 250+ engineers against operational KPIs. After identifying an underserved gap in the regional fibre rollout market, I founded my own UK telecoms subcontracting business, ran it for two years with a workforce of 40+ contractors, and held margins between 12% and 15% with a 97% success rate on critical operations. Moving to Germany in 2020, I shifted into operations leadership at Brubaker, scaling the business into a 2M+ EUR e-commerce platform across Germany and the Netherlands. The work cut stockouts by 30%, excess inventory by 25%, operational cost by 15%, and improved delivery speed by 20%.

What pulls these pieces together: I have spent my whole career shipping technical work that holds up under scrutiny, working across both the technical detail and the people who depend on it. Cyber security is where that combination lives most usefully.

Hamburg-based. Native English, German B2.

Open to security analyst, SOC, IR, and security engineering roles in Germany or remote.