Container and Mobile Application Security

I embarked on my career journey as a chemical technician at Roche Diagnostics GmbH in Penzberg, laying the foundation for my professional growth. Fueled by a curiosity, I pursued higher education, earning both a Bachelor’s and Master’s degree in Computer Sciences from the University of Applied Sciences Kempten. During my academic journey, I blended my technological aspirations with the serene landscapes of the Allgäu region, finding inspiration in the mountains and on the road bike.

My academic voyage reached its zenith with a thesis at Siemens AG in Munich, which provided a practical perspective on the tech world. Today, I proudly serve as a Research Scientist at Siemens AG. In this role, I research and consult on cybersecurity domains such as container security, mobile application security, and privacy, collaborating closely with my talented colleagues.

I’ve also had the privilege of being part of a dynamic team at Siemens, where we collectively developed and conducted container security training programs. As a trainer, I’ve been able to share my knowledge and practical insights, helping professionals stay at the forefront of container security best practices.

Notably, since 2024 my colleagues Patrick Stöckle and I conduct a practicum on container security at the Technical University of Munich.

news

Oct 2, 2024 The summer semester at TUM has come to an end. I’m grateful for the opportunity to teach and learn from the students. Now we embark on a new journey in the winter semester 🚀 at HM. There I work with Thomas Schreck, Erwin Kupris, Patrick Stoeckle to create the lecture Sicherheit in verteilten Systemen.
Aug 24, 2024 I’ve achieved the GIAC Certified Web Application Defender (GWEB) certification! Together with the SEC522 Training its a really interesting learning experience. Great hands on exercises to make web security tangible .
Mar 16, 2024 Recently I took part in the Kraken Hunter Workshop It was great fun with many learnings on how to secure workloads in the cloud, containers, K8s clusters and VMs. And in the End we were Kraken Hunters :).
Nov 25, 2023 If you are searching for a fun challenge try eksclustergames.com. Its a little CTF from wiz.io for learning about eks security. I did it with two collegues and it was great fun.
Oct 13, 2023 I’m excited to share an IETF draft my collegue and I wrote on simplifying OAuth 2.0 for container orchestration. This draft shows how Service Account Token Volume Projection in k8s makes client authentciation easier and more secure for developers. If your interested please join in the discussion and mail us.

latest posts

selected publications

  1. Towards achieving confidentiality in Hyperledger Fabric
    Benedikt Hofmann, Prabhakaran Kasinathan, and Martin Wimmer
    In IEEE International Conference on Blockchain, Blockchain 2022, Espoo, Finland, August 22-25, 2022, 2022
  2. Secure Remote Maintenance via Workflow-Driven Security Framework
    Prabhakaran Kasinathan, Davide Martintoni, Benedikt Hofmann, and 2 more authors
    In 2021 IEEE International Conference on Blockchain, Blockchain 2021, Melbourne, Australia, December 6-8, 2021, 2021
  3. Best Current Practice for Workload Identity
    Benedikt Hofmann, and Hannes Tschofenig
    Oct 2023
    Work in Progress