MARKUS "FLAKE" SCHMALL

Curriculum Vitae

CISO-level security executive with deep technical roots — from writing Amiga antivirus engines to building enterprise security organizations.

Executive Summary

Security leader with 37+ years of hands-on and executive experience spanning telecom, finance, manufacturing, software development, and antivirus industries. Track record of building and scaling security organizations from the ground up — from establishing SOCs and CERTs to designing enterprise security frameworks. Rare combination of deep technical expertise (started writing antivirus engines in 1987) and C-level leadership with budget responsibility exceeding €15M and teams of up to 80 people. PhD in malicious code classification. Open-source contributor and builder of security management platforms.

37+
Years in Security
80
People Led
5
Industries
Professional Experience
Chief Information Security Officer
Covestro
Oct 2020 — Present · Manufacturing / Chemicals
Chief Information Security Officer
Deutsche Börse Group
Feb 2019 — Oct 2020 · Finance / Capital Markets
Vice President Application Security & Testing
T-Systems International
Jan 2017 — Feb 2019 · Telecom / IT Services
Vice President Application Security & Testing
Deutsche Telekom HQ
Jul 2014 — Dec 2016 · Telecom
Vice President Application Security
Deutsche Telekom HQ
Jul 2009 — Jun 2014 · Telecom
Head of VoIP & Product Security
incl. Head of Communication Department (Dec 2007)
T-Online
Jul 2003 — Jun 2009 · Telecom / ISP
3 teams · 19 people · Progressive: Head of Product Security & Abuse (Jul 2003, 11 people) → Head of VoIP & Product Security (Dec 2005, 18 people) → incl. Communications (Dec 2007, 19 people)
  • Created and built the Product Security department from the ground up
  • Technical lead for T-Online customer email platform — 10+ million users (SMTP/POP3/IMAP, PHP webmail)
  • Technical product lead for VoIP platform and T-One handset (OpenSER, provisioning, billing, customer UI)
  • Designed standard tools for security clearance of products
  • VoIP (SIP) security research and test suite design
  • Implemented caller identification system for misuse detection (Perl, PHP)
  • Automation tools for Abuse department, network-based SPAM prevention
  • Support of initial Android security evaluation
  • Legal consulting including court support (IP data retention)
Expert Web Security
T-Mobile
Apr 2001 — Jun 2003 · Telecom / Mobile
  • Security research on Java 2 Micro Edition (J2ME)
  • Created security requirements for secure development — web servers, application servers, databases
  • Designed the first T-Mobile CERT including communication platforms
  • Penetration testing for web servers, application servers, and databases
  • Designed and executed external security audits
  • Evaluated security solutions (ISS SafeSuite, Siteprotector, Sanctum AppScan, Spidynamics Webinspect)
  • Security QA methods for chip cards; chip-card-based alarming solution (Java prototype, project lead)
  • Designed first T-Mobile WLAN offering including security aspects
  • Created SLAs for security operations
Manager Security
COIN/OAR Consulting
Oct 2000 — Apr 2001 · Consulting / eCommerce
  • Application server research (WebLogic, WebSphere) and security architecture
  • Client/server architecture design for eCommerce platform (J2EE, BEA WebLogic 6)
  • Java EE development — workflow engine, CI/CVS/VCS structures
  • Team lead for eCommerce runtime environment development
  • Collaboration platform design with external developers
Antivirus Expert
Computer Associates
Sep 1998 — Oct 2000 · Antivirus Industry
Global — Cologne, New York, Tel Aviv, Melbourne
Professional antivirus development at global scale — the direct continuation of the VirusWorkShop years.
  • Implementation of new detection routines for malicious code
  • Design and implementation of macro virus heuristics
  • Analysis of new malicious code samples
  • Crypto analysis and research on new file formats / parsing logic
  • Research on WAP 1.1 security
  • Common coding and design work for file system drivers
Independent Developer — Amiga Demoscene
Time of Perfects → The Special Brothers → Mystic → D-Tect → TRSi
1987 — 1998 · Where it all began
Developed VirusWorkShop, one of the most comprehensive Amiga antivirus tools (310+ virus detections, heuristic scanning). Also created Saddam Viruskiller, Pointerclearer, VectorChecker, DosTouch, Bootutilitie, and various cracktros and demos. 31 productions archived on Demozoo.
Technical Skills

Languages

Kotlin, Java, Python, Go, JavaScript/TypeScript, Perl, PHP, 68k Assembly

Frameworks

Micronaut, Astro, React, Spring Boot, J2EE/Jakarta EE

Security — Offensive

Penetration Testing, Red Teaming, Bug Bounty, Vulnerability Analysis, Exploit Research, Honeypots

Security — Defensive

SOC/CERT, EDR, SIEM, IAM/PAM, Incident Response, Threat Intelligence, OT Security

Security — Governance

ISO 27001, NIST, OWASP, Risk Management, Compliance, M&A Security, Framework Design

Infrastructure

AWS, Docker, Linux, CI/CD, PostgreSQL, SMTP/IMAP, VoIP/SIP, REST APIs

Malware Analysis

Heuristic Detection, Macro Virus Analysis, File Format Parsing, Crypto Analysis, AV Engine Development

Leadership

Budget €15M+, Teams up to 80, MSSP Management, International Rollouts, Patent Processes

Key Projects & Open Source
SecMan — Security Management Platform
Kotlin / Micronaut / Astro / React · GitHub
Full-stack platform for security requirement management, vulnerability tracking, risk assessment, and compliance. 61 REST controllers, 90 business services, multi-tenant workgroup support, OAuth2/OIDC, passkeys, and MCP integration for AI assistants. AGPL v3.
Sicherheitstacho / DTAG Honeypot Project
Deutsche Telekom · sicherheitstacho.eu
Founded and led the Deutsche Telekom honeypot initiative — development of custom honeypots and threat intelligence visualization, serving as a public-facing security dashboard for the telecom sector.
VirusWorkShop — Amiga Antivirus Engine
1987–1998 · Full history
One of the most comprehensive antivirus tools for classic Amiga systems. 310+ virus detections, heuristic scanning engine that directly informed the PhD thesis on malicious code classification. 31 productions on Demozoo.
Education
Dr. rer. nat. (PhD) — Computer Science
University of Hamburg — Virus Test Center
Defended 2002 · Supervisor: Prof. Dr. Klaus Brunnstein
Thesis: "Classification and identification of malicious code based on heuristic techniques utilizing Meta languages." Introduced the MetaMS meta language for describing malicious functionality in programs, building on heuristic techniques developed for VirusWorkShop. Repository · PDF
Diploma in Computer Sciences
University of Hildesheim
1998
Thesis: "Heuristic virus detection"