I write software since the nineties, work as a freelance software developer since 1997 (with Java since 1999) and focus on IT-Security since 2005.
Aside from the traditional software engineering tasks I support clients in the field of IT-Security. This includes penetration testing, security audits, architectural reviews, and web application hardening. Several times a year I conduct inhouse training courses on topics like web application security (focussing on Java) as well as on SecDevOps concepts for bringing security into agile projects.
Sometimes I enjoy writing articles about web application security and speak/train at conferences about web application hacking and hardening. As an Advisory Board member of JAX 2014, WJAX 2014 and JAX 2015 developer conferences responsible for their Security Days I constantly try to guide developers to include security aspects in their projects.