Open to opportunities

Jan Gennat

@jangennat

Norway

Message

What I'm looking for

I’m looking for a senior cyber role where I can lead SOC operations and detection engineering, advise executives on cyber risk, and drive ISO/GDPR-aligned governance—especially in regulated healthcare or critical infrastructure environments.

I'm a Senior Security Consultant based in Nordhordland, Norway, working at Orange Cyberdefense Norway. I moved here from Germany in August 2025, and I help organisations take their security posture seriously. Right now, my main focus is serving as the primary security advisor for a German ophthalmology group operating 140 clinics across Germany. That means working directly with executive and clinical leadership translating cyber risk into decisions that actually make sense at board level. Not just writing reports, but driving real change: closing audit findings, reducing incident response times, and building governance structures that hold up under pressure. Before that, I spent over a year in security operations managing a portfolio of 10 KRITIS-regulated clients financial services, energy utilities, healthcare covering everything from SIEM and EDR tuning to threat assessments and SOC team development. And before consulting, I spent six years as a security specialist in the Bundeswehr, holding VS-Geheim clearance (NATO SECRET equivalent), which gave me a very different perspective on what real security actually requires. What I bring to the table is the combination of hands-on operational depth and genuine advisory experience. I'm comfortable in a terminal, equally comfortable in a boardroom. I know how GDPR audits work in practice, how ISO/IEC 27001 findings get closed, and how to build detection logic that reflects actual attacker behaviour not just compliance checkboxes.

Experience

Work history, roles, and key accomplishments

Current

Senior Security Consultant

Current

Orange Cyberdefense Norway

Nov 2025 - Present (7 months)

Advised a German ophthalmology clinic chain (140 sites, 3,200 employees) on cyber risk and security investment priorities, translating MITRE ATT&CK TTPs into mitigation roadmaps. Led incident response end-to-end, reducing mean time to containment by 35%, and delivered GDPR/BDSG remediation aligned to ISO/IEC 27001 by closing 14 audit findings in 6 months.

Incident Response Cyber Risk Management GDPR ISO 27001

Cybersecurity Analyst (KRITIS)

Systema Datentechnik Potsdam

May 2024 - Nov 2025 (1 year 6 months)

Managed security operations for 10 KRITIS-regulated clients, monitoring 50–1,000 endpoints per client and optimizing SIEM/EDR rule sets to reduce false positives by 28%. Conducted 25+ threat and vulnerability assessments, remediating 45 high-severity findings, and built SOC onboarding plus phishing awareness and internal campaigns that improved phishing detection by 32%.

KRITIS Security Operations SIEM Tuning EDR Rule Optimization Vulnerability Assessment Disaster Recovery Planning Phishing

Military Security and IT Specialist

German Armed Forces (Bundeswehr)

May 2018 - Apr 2024 (5 years 11 months)

Served in VS-Geheim cleared classified environments for 6 years, conducting security audits and threat assessments of military installations and reporting remediation plans to commanding officers. Developed cybersecurity policies and training simulations for 250+ personnel, achieving 96% compliance with updated security protocols.

Security Auditing Threat Assessment Security Plan Development Security Protocols