Kevin Lemmer
Security Analyst at Bosch CERT
Ever since Robert Bosch founded the “Workshop for Precision Mechanics and Electrical Engineering” in Stuttgart in 1886, the company – today known as Bosch – is characterized by innovative strength. As a leading IoT company, Bosch today offers innovative solutions for smart homes, smart cities, connected mobility, and connected manufacturing. It goes without saying that security plays a huge role in those innovations, which led Kevin Lemmer to stay at the company after his
internship. Kevin Lemmer is quite the rookie at security, he is the fi rst to admit. “A year and a half ago I graduated from Stuttgart Media University. I studied Computer Science and Media. There wasn’t a focus on security in particular, but I did my internship at Bosch and got into security when I was working in the antivirus-team.” He wrote his bachelor thesis in the fi eld of Cyber Threat Intelligence whilst he was at Bosch, made many connections with colleagues while he was working there and when he graduated, was offered a job as a security analyst.
“There are so many things related to security. It is really hard. You have to continuously work to gain and keep knowledge and expertise”
Security is hard “It is hard,” says Lemmer, who followed the SEC504 course (Hacker Tools, Techniques, Exploits, and Incident Handling) at SANS a few months ago to get up to speed in his new fi eld of expertise. “There are so many things that are related to security. If you really want to be good at it, you better know all the products in use, all the system and network components
CASE STUDY
“You have to continuously work to gain and keep knowledge and expertise”
including their confi gurations in detail. Plus all the latest relevant security knowledge that you have to keep up to date.” But Lemmer is determined. “You have to educate yourself and luckily I have colleagues that push me to a next level, so I can elevate my skills.” He also praises his employer for sending him to the SANS course. “I am grateful Bosch sends me out to different courses to help me gain the knowledge I need for my job.”
Improving quality of life The Bosch Group is a leading global supplier of technology and services. Its operations are divided into four business sectors: Mobility Solutions, Industrial Technology, Consumer Goods, and Energy and Building Technology. The company uses its expertise in sensor technology, software and services as well as its own IoT cloud to offer its customers connected, cross- domain solutions from a single source. The Bosch Groups strategic objective is to deliver innovations for a connected life. Bosch improves quality of life worldwide with products and services that are innovative and spark enthusiasm.
Huge skillset That enthusiasm and drive can be found in Lemmer as well. “The team I work for takes care of the Bosch IT infrastructure. We do a lot of incident response, including network and host forensics, vulnerability management, and malware analysis. If any kind of potential security incident happens, like a system is compromised or we see suspicious network traffi c, we step into action.” Therefore, Lemmer is highly motivated to keep up with his teammates. Lemmer would also like to get additional training and take a course in incident response and forensics at SANS.“I have this colleague, and he has been doing forensics for decades now. His skillset is impressive, and he is somebody that I really look up to.”
“The cheat sheets by SANS are absolutely brilliant!”
Awesome teacher Lemmer is really enthusiastic about the previously mentioned SANS course he followed a few months ago. “The teacher was awesome! Not like in school, but super knowledgeable with a great skills perspective. He shared a lot of personal insights on security issues. Also from a didactic point of view, the course was very professional.” The free resources SANS offers, like the Reading Roomand webinars, are frequently used by the young security analyst. “If I come across something I don’t know yet, I prefer using SANS resources to do research for the challenge I’m faced with. Also, the cheat sheets they provide are absolutely brilliant.”
Netwars and table top exercises The one thing Lemmer regrets is that there wasn’t enough time to really built relationships during the course. “We attended with a few colleagues, and you know how that goes. People that already know each other, have a tendency to stick together.” His favorite part of the SEC504 course? “Defi nitely Netwars. We were all in the same room and had to solve various challenges. Another thing I really liked was the table top exercise where we acted like there was a real incident, but only had pen and paper to resolve it. That was a great idea, that I took back to our own company.”
Lemmer is still young, but very ambitious in his new fi eld. “I want more experience in the fi eld of forensics, and after that I would really like to learn more about penetration testing and eventually move up to a strategic level.” We’re sure this won’t be the last we hear of Kevin Lemmer.
SANS COURSES THAT KEVIN HAS TAKEN:
SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling
VISIT SANS ON S TAND 9 -3 5 6
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56 |
Page 57 |
Page 58 |
Page 59 |
Page 60 |
Page 61 |
Page 62 |
Page 63 |
Page 64 |
Page 65 |
Page 66 |
Page 67 |
Page 68 |
Page 69 |
Page 70 |
Page 71 |
Page 72 |
Page 73 |
Page 74
