Together with a large team of highly technical engineers and talented colleagues in product and design, I’m building CodeQL, the analysis engine that powers GitHub code scanning. As part of GitHub Advanced Security, code scanning helps thousands of open-source developers, contributors, and enterprises catch security vulnerabilities before they reach production deployments.
My path to GitHub in 2021 was paved through my experiences at SolarWinds, where I played a crucial role in shaping tech strategy, advancing technical business development, and reinforcing our security measures following a notably sophisticated supply chain attack. Beyond these roles, my expertise spans engineering management, startup bootstrapping and founder mentorship, and engaging with the public on IT security matters through speaking engagements, media appearances, and policy consultancy. I am based in Berlin.
Follow me on LinkedIn for more updates.
- GitHub (2021 - current)
- SolarWinds / Protected Networks (2017 - 2021)
- Prior Work (2014-2017)
- Additional Qualifications
GitHub (2021 - current)
At GitHub, I’m responsible for managing the product strategy for CodeQL, including its performance, capabilities, language support, and AI-powered features. Here’s a short demo that demonstrates CodeQL code scanning’s ability to catch vulnerabilites at pull request time as part of the normal developer workflow, and how it now also automatically suggests code fixes for those vulnerabilities using the power of AI and CodeQL:
Code scanning is free for open-source and security researchers, so go set it up on your repos and receive actionable security alerts right on your pull requests!
You can find me on GitHub at github.com/turbo.
SolarWinds / Protected Networks (2017 - 2021)
In 2017, I joined Protected Networks, a rising star in the Berlin startup scene. PN’s success story was built on their main product 8MAN, an access rights management solution for Active Directory networks. At PN, I led the newly founded engineering team for cloud-connected functionality (mostly Azure Active Directory). During my time, I also helped document and shape the future tech strategy for PN’s product portfolio, especially during EU research grant negotiations and the M&A process that was ramping up at the time. Shortly after, SolarWinds (NYSE:SWI) acquired PN and it’s Berlin employees, integrating 8MAN into their 70+ product portfolio as Access Rights Manager. I moved to SWI’s Tech Strategy team and spent the next few years iterating on internal and external special projects, including everything from employee engagement platforms to Kubernetes security management.
Later, I moved to the release management team as Technical Program Manager. Here I helped establish better systems for tracking and securing the supply chain of releases for the majority of our products, mostly in response to the SWI security breach. As you can imagine, this posed interesting challenges and eventually motivated a massive industry movement to reinforce the importance of supply chain security.
Prior Work (2014-2017)
Prior to PN, I worked as a founder and consultant in the the German IT security startup scene, which included public speaking at industry and government events, writing and interviews in various media from Radio to TV.
- SPIEGEL: Collaboration with the German newspaper on uncovering nearly 200,000 unsecured file servers and analyzing the potential impact of the leaks, affecting large companies such as BMW. I later repeated this experiment and published the results as openftp4
- MDR: The German public broadcaster did profile me here
- ENIGMA / MDR: An industry-meets-the-hackers conference organized in collaboration with an event management company. I demo’d a rootkit for Windows 10 that allowed me to extract a user’s password at boot time and send it to the TV presenter’s phone.
- Other events / interviews include: guest writing for IDG’s ComputerWeek, presenting at IDG’s Channel Partner Chances conference, performing live hacks for the state of Saxony-Anhalt at IT conference CeBit, analyzing the IT threat landscape at Saxony-Anhalt’s Foreign Trade conference, and others…
- Also seen in or highlighted by: SPIEGEL ONLINE, PCGH, PC Magazin, WinFuture, DerStandard, future zone, Almakos, MDR, CSO Online, Security Intelligence, ChannelPartner, Volksstimme, Cost Logis, BR Netzwelt, TopTarif, Avira, Softpedia, DeFrag This, Bleeping Computer, SecurityLab.ru
Additional Qualifications
Certificate in Lean Product Management (educative.io)
Product managment techniques optimized for accelerated go-to-market motions.