Use links below to go directly to the part you are interested in:
In the photo: Hubert Kromer
I've been dealing with Cybersecurity, in particular Security Information and Event Management (SIEM) for almost 14 years by now. My professional career started while I was still studying Computer Science at the Opole University of Technology – in 2009 at GlaxoSmithKline as a (initially junior) IT Security Specialist, where I was responsible, among other things, for analyzing potential security incidents and implementing the QRadar SIEM system (back then a Q1 Labs product).
During my 4th year of employment at GSK I found out that IBM has opened a Global Services Delivery Center in Wroclaw, Poland. As a Managed Security Service Provider (MSSP) IBM was able to offer me the opportunity to work with many different, often very complex IT environments. I started my adventure with IBM as an Advisory IT Security Specialist. Apart from analyzing potential security incidents for IBM's clients, I was responsible for managing and tuning customer's QRadar environments, including use case creation and translation into rules which QRadar could understand. Broad spectrum of IBM's clients for whom I provided services allowed me to understand what different industries expect from a SIEM solution to satisfy their functional and legal requirements.
Some time later I realized that I'm ready for a new challenge, so I decided to take the Security Services Manager role. Since it focused primarily on direct interactions with customers, I had the opportunity to work on my communication and management skills. On the one hand, I was responsible for the services which IBM provided to the customer (the so-called single point of contact), on the other hand, I had to instruct IBMers involved in the service provision so that these services fulfill the contractual agreements, and that all of the customer's requests and doubts are given due consideration. Working as a Security Services Manager thoroughly prepared me for my next role, which required not only excellent technical knowledge, but also great communication skills, as it tightened interactions with customers even more.
Taking up the next role involved relocation to Munich and working directly at the German branch of IBM as a Senior IT Security Consultant. It was by far the biggest and most enjoyable challenge I've experienced at IBM. Typically advisory role, delivered 8 hours a day, 5 days a week directly at the client's premises, requiring creativity, solid technical knowledge and equally developed communicativeness, involving reporting at the "C" level (CIO, CISO). Working as a Senior IT Security Consultant, I was responsible for maintaining IBM Security QRadar systems in good condition, raising QRadar's effectiveness of threat detection, integration of QRadar with other customer's systems, analysis of potential security incidents in close cooperation with customer's teams, optimizing internal policies and procedures. From time to time I also had to make use of my programming skills – either by creating extensions for QRadar or by creating completely new solutions. In addition I conducted trainings on the IBM Security QRadar at all levels of advancement, for both clients and IBM employees. I reminisce this period particularly warmly, mainly thanks to the wonderful people with whom I was able to work, both on the IBM side and on the client side.
Extensive experience in implementing and managing SIEM class solutions, overcoming any obstacles that have arisen, as well as the ability to translate the client's needs into working solutions prepared me well to take my chance as the Senior IT Security Architect. On that role I had to collect the client's requirements, prepare a solution that meets these requirements using available products and services (provided by both IBM and partners), document it, price it, and keep my fingers crossed for the customer to buy it. For some of projects I also supported the implementation. I also supported the Offering Management team in expanding the XFTM solution to cover the Splunk Enterprise Security and the Microsoft Azure Sentinel products.
The Senior IT Security Architect role was my longest assignment at IBM, during which I crafted dozens of solutions. Those which were sold were successfully implemented. It was during this period of time that I developed the idea of starting my own business. An idea supported by acquired knowledge, experience and passion. An idea, which I finally started to implement. April 2023 was the last month of my employment at IBM. I officially started Kromer Cybersecurity Consulting on May 2, 2023.
During my professional career, I had the opportunity to work with many different solutions in the field of IT Security. Some of them I mastered quite well, namely:
What's worth mentioning is that I really enjoy working with Linux family of systems (in particular Arch, Debian, Gentoo and Red Hat distributions). Linux is my primary operating system for private use. I'm also a huge supporter of FOSS.
Standards I rely on
Thanks to standards, we don't have to reinvent the wheel over and over again. Each standard is a set of good and proven practices, adherence to which not only significantly increases the chance of successful implementation, but also reduces the risk of omitting something important. Specific industries often must demonstrate implementation of required standards, e.g. as a regulatory requirement.
For every engagement I'm involved with, I make sure that the crafted solution adhere to these good and proven practices as much as possible to meet the regulatory requirements that are imposed on the client.
Standards I rely on most often:
- The ISO/IEC 27000 family
- ISO 22301
- NIST Cybersecurity Framework
- AICPA SOC 2
- MITRE ATT&CK guidelines
The certificates I obtained can be validated by visiting my profile on Credly.
- Splunk Enterprise Certified Architect
- obtained in February 2021
- other Splunk certificates I held:
- Splunk Enterprise Certified Admin
- Splunk Enterprise Certified Power User
- Splunk Enterprise User
- (ISC)² Certified Information Systems Security Professional
- obtained in November 2020
- certificate no. 493962
- CompTIA Security+
- obtained in October 2012, expired
- Red Hat Certified Engineer
- obtained in 2009, expired
- Law, master's degree
- University of Wroclaw
- 2021 to present
- Computer Science, engineer's degree
- Opole University of Technology
- 2006 to 2010
- obtained title: Engineer in Computer Science