Marco Baldauf


IT Security Insights #3: Karl-Friedrich helps customers protect themselves from cyber attacks

As part of our new blog series "IT Security Insights", I met Karl-Friedrich. As Squad Lead in Security Consulting for Cyber Defense he has a varied and exciting job. I talked to him about what makes his work special and how the cooperation with the customers works.

The LED screen at the Cyber Defense Center

Setting up cyber defense centers is one of Karl-Friedrich’s tasks.

Karl-Friedrich, what are your duties?

Karl-Friedrich: I lead a team of consultants that deals with all topics related to cyber defense at our enterprise customers. This includes the establishment of Security Operations Centers (SOCs), improving operations security to better protect against cyberattacks, and the introduction of threat intelligence services. We provide strategic consulting and support customers with the implementation and operation of SOCs. Our customers tend to be larger companies that have a great deal to lose from being hacked. They range from large SMEs to DAX-listed corporations.

What does your typical work week look like?

Karl-Friedrich: Before corona came, we had a lot of customer visits, holding workshops and providing consulting on-site. But the pandemic has taught customers that lots of things don’t require face-to-face contact; they can be discussed and solved virtually – even when confidential or delicate topics like security are involved. A security consultant usually supports several customers in parallel. Thanks to videoconferencing and phone calls, we can now advise our customers even more flexibly and with less travel effort.
The heterogeneity of our customers and their requirements, the rise of new defense technologies, and of course the constantly increasing amount and sophistication of cyberattacks makes our work very diversified. No one project is like another.

Hooded person

“We are often approached by customers who have been attacked and have realized how vulnerable they are. Others haven’t been attacked yet, or at least not seriously, but realize that they need to act.”

What interesting projects are you and your team currently working on?

Karl-Friedrich: Right now we are advising many companies with regard to developing and implementing a custom-tailored cyber defense strategy. This includes the planning, identifying which employees are needed, what the processes have to look like, what technology provides the best support, and whether it makes sense to run everything in-house or outsource it externally. It’s all very complex and exciting. We usually hold 4-5 workshops for a customer to find out together what’s best for that specific customer.

Does everything always go according to plan? What difficulties have you faced in your projects and how did you resolve them?

Karl-Friedrich: Things are going more and more according to plan, because we contribute a lot of experience from different projects. But it would be presumptuous to say that everything always goes as planned: the projects and challenges are too different, the external influences are too unpredictable, and the working methods are too agile. We often have to make changes to the plan that nobody had on their radar. On the upside, this makes the customers appreciate us and our work even more, because we are open to changes and react quickly.

That all sounds very agile. Do you use agile methods in your consulting projects?

Karl-Friedrich: To the extent that we can, yes. We have an agile organizational structure ourselves and, of course, use agile methods to conduct our projects, if customers want and enable us to do so. We have a diverse range of training measures in the Group to teach consultants agile methods. Ultimately, the customer specifies the pace and the method, which is often a mixture of all possible approaches.

People in a logistics warehouse

“Every company we advise is different. Each has specific assets they need to protect and targets they present, so they need customized solutions. The expertise that we contribute from a wide range of customer projects and our experiences with the Group’s own Cyber Defense Center is invaluable here.”

Why new employees should choose Cyber Defense. Who are you looking for and what skills should they bring?

Karl-Friedrich: We’re looking for people in different areas. First of all, classic IT and process consultants who are capable of conceptual thinking and taking an analytical approach. Always paired with extensive security expertise, to give our customers the best possible support in terms of methods and expertise for solving the challenges they face.

We are also setting up a Customer Support Service, which is able to implement the processes and technologies we design for our customers. Examples of this in the cyber defense area include SIEM (Security Incident & Event Management) and SOAR (Security Orchestration, Automation and Response) solutions. You need to have profound expertise in IT and know your way around products from many different vendors. At the same time, consulting skills are essential here as well, because it’s always about developing and implementing a customer-specific solution.

That’s why we’re looking for both: concept- and strategy-oriented consultants with strong communication and presentation skills, and architects and engineers who can implement it with their sound technical backgrounds. 

Why should people decide to come work for us?

Karl-Friedrich: Aside from the many benefits that working for a major corporation like Deutsche Telekom provides, Deutsche Telekom Security GmbH is characterized by the fact that its 1,600 employees and its service portfolio cover nearly the full spectrum of IT security needs. There are recognized experts for every security subject area who are happy to share their knowledge. Within Consulting we draw on the expertise of colleagues from non-consulting units on topics like security analytics, pentesting, forensics, threat intelligence, fraud management, emergency & continuity management, and security awareness. This improves our expertise and productivity in our customers' eyes and makes it easy for our consultants to constantly acquire new knowledge.

In addition, the offers a wide range of training measures, as online courses and/or on-site training. I’d particularly like to mention the Technical Security Summit, where we have intensive interaction over several days and receive training from internal and external instructors and experts.

Karl-Friedrich, thanks for the interview and for the insights into your everyday work!