Dr. Anatoli Kalysch

Helping organizations make sense of

About

I am a Senior Information Security Officer and Deputy Chief Security Officer at Taurus SA in Geneva, with extensive experience in information security leadership. Previously, I served as Chief Information Security Officer at Deutsche Bahn Connect GmbH and as a cybersecurity researcher at the IT Security Infrastructures Lab at Friedrich-Alexander University Erlangen-Nürnberg. In parallel, I actively teach cybersecurity and mobile security topics at universities of applied sciences like DHBW Mannheim and others.

My professional focus lies in the design and rollout of enterprise-wide security programs aligned with ISO 27001, ISAE 3402, and regulatory frameworks like DORA and NIS2. I have led multiple successful ISO 27001:2022 certification initiatives and implemented security maturity programs based on CMMI, enabling organizations to benchmark and improve their security posture across people, processes, and technologies. This includes third-party risk management, business continuity planning, and building audit-ready compliance structures for fast-moving financial and cloud-based environments. I hold a Ph.D. in Computer Science, and several internationally recognized certifications, including CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), and CIPM (Certified Information Privacy Manager). These credentials reflect both my technical depth and my understanding of data protection and privacy governance at an enterprise level.

I combine deep technical knowledge with clear communication, enabling me to drive security strategies that are pragmatic, risk-aligned, and understandable across executive and technical audiences alike.

IT Security Frameworks and Technologies

The following keyword list provides a short excerpt of the frameworks, regulation, and technologies I have worked with in recent years.

  • ISMS, Audit: ISAE 3402 + 3000, SOC 2, ISO 27001:2022, IT Grundschutz, DB RRiL 114.02ff., TISAX, CMMI-based Maturity Models
  • Regulatory Compliance:DORA, NIS2, FINMA Circulars, GDPR, nLDP, CRA, EU AI Act
  • Security Assessment: OWASP, MITRE ATT&CK, ISO 27001 Audit, Security Maturity Assessments
  • Personal Certifications: CISSP, CISM, CIPM
  • Security Areas: Mobile (Android, iOS, Flutter, Fuchsia OS), Web, AWS and Azure
  • Reverse Engineering: x86/x64, dex bytecode, WASM
  • Security Testing: Mobile Apps, Web Apps, API (REST, SOAP, gRPC), Cloud Infrastructures
  • Security Tools: Wireshark, Burp, Nmap, Nessus, IDA Pro, angr, manticore, Mobile Development SAST, DAST, and IAST Pipelines

Resume

Professional Experience (excerpt)

Senior Information Security Officer & Deputy CSO

2023 - Present

Taurus SA, Geneva, Switzerland

  • Lead the successful ISO 27001:2022 certification and handled ongoing compliance with controls matching requirements from FINMA circulars, ISAE 3402, and emerging EU regulations (DORA, NIS2, CRA).
  • Developed security maturity models (CMMI-based) to measure and improve the overall cybersecurity capabilities, aligning strategic planning with best practices and regulatory obligations.
  • Orchestrate the convergence of cybersecurity measures with business objectives, strategically investing in solutions that secure vital assets and reduce risk exposure.
  • Continuously improve security policies, processes and operations to match global standards and organizational goals, and implement a maturity model for the organisation reflecting its security strategy.
  • Manage the vulnerability management programme and the integration of Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) within development pipelines to enhance software security.

Chief Information Security Officer

2020 - 2023

DB Connect GmbH, Frankfurt am Main, Germany

  • Guide the design, development and deployment of secure technical architectures and organization processes to build organizational capabilities and ensure compliance with international information security standards.
  • Drive business and cyber risk strategy alignment to manage risk through value investments, thereby protecting business assets through an understanding of the threat landscape and an effectively managed cyber risk program.
  • Management and continuous improvement of the organization's security policies, information security operations, and security-relevant communication policies.
  • Management of internal IT security assessments and incident response procedures.

Information Technology Security Consultant

2018 - 2020

Self-employed Freelancer, Erlangen, Germany

  • Security assessments and penetration testing on mobile applications and system back-ends with a focus on Android and iOS applications, as well as REST and SOAP back-ends.
  • I worked alone, as well as with other industry experts on projects from the fintech, automotive, and critical infrastructure sectors which required deep understanding of application and network security, and familiarity with the ISO 27001 and NERC CIP standards.
  • I conducted expert workshops with developers and incident response specialists focusing on penetration testing and forensic incident response scenarios, among others for the German Federal Police.

Co-Founder & Data Scientist & Serverless Security Architect

2019 - 2020

Talos Insights, Nuremberg, Germany

  • TALOS Insights extracts openly available company information and leverages reinforcement learning and natural language processing to analyze found data points and minimize manual effort for market analysts.
  • I handled the business model design, funding, and customer acquisition, securing two successful funding applications, including the EXIST Gründerstipendium (roughly 100,000 EUR), and attracted three initial mid-sized company customers.
  • Additionally, I was responsible for the natural language processing routines we applied during our analysis pipelines, working with techniques from the fields of information extraction: knowledge base population, semi-structured information extraction as well as audio extraction.
  • Lastly, my responsibilities covered the serverless architecture including the deployment of the service infrastructure utilizing Docker and several AWS stacks (including Lambda, EC2, ECS, Route 53, S3, CloudFront, RDS, ElastiCache, IAM), focusing on high-availability and auto-scaling.

Education (excerpt)

Lecturer (Cybersecurity, Mobile Security, Reverse Engineering)

2017 - Present

DHBW Mannheim, Hochschule Heilbronn, Hochschule München, Hochschule Albstadt-Sigmaringen

  • Lectured on cybersecurity governance, mobile application security, reverse engineering, IT forensics, and AI security fundamentals.
  • Conducted project-based learning, practical labs, and supervised student research on cutting-edge security topics.
  • Focused on network security, mobile threats, business continuity management, AI regulatory compliance, and secure software development.

Doctor of Engineering in Computer Science

2016 - 2020

Friedrich-Alexander University Erlangen-Nürnberg, Erlangen, Germany

With additional research stays abroad at:

San Jose State University, San Jose, USA

Universidade Federal do Paraná, Curitiba, Brazil

  • While working as a Ph.D. researcher I focused on app security and malware analysis, especially app hardening solutions against reverse engineering, UI security mechanisms, back-end security, and automated vulnerability screening, e.g., fuzzing and vulnerability scanners.
  • In parallel, I also worked as a teaching assistant for courses in “Reverse Engineering”, “IT Forensics”, and “Incident Response”, conveying complex scenarios and techniques to Bachelor’s and Master’s students.
  • During this time I had to familiarize myself with many industry standards in IT security, e.g., ISO 27001, OWASP, and ITIL, and leading analysis tools used in penetration testing & forensic analysis, like IDA Pro, Wireshark, Burp Suite, and the Nessus Vulnerability Scanner.
  • My research resulted in more than ten publications, my successful participation in bug bounty programs, among others Google's bug bounty program, and a more secure and transparent mobile ecosystem we use every day.

Doctoral thesis: Android Application Hardening: Attack Surface Reduction and IP Protection Mechanisms

Visiting Researcher Cybersecurity

2019

Universidade Federal do Paraná, Curitiba, Brazil

  • Research project: Security assessment of mobile solutions and back-end security of Brazils four major banks.
  • The project resulted in several design flaws and vulnerabilities that were responsibly disclosed and the publication “The internet banking [in] security spiral: Past, present, and future of online banking protection mechanisms.” which was published and presented at the 14th International Conference on Availability, Reliability and Security 2019.

Master of Science in Computer Science

2014 - 2016

Friedrich-Alexander University Erlangen-Nürnberg, Erlangen, Germany

  • Major focus: IT security & cryptography, software development & architectures, distributed systems & cloud computing.
  • During my Masters I participated in IT security capture the flag events, gaining expertise in diverse IT security areas, especially about internals of operating systems based on UNIX, several exploit techniques and program analysis.

Master Thesis: Dynamic Deobfuscation of Virtualization-based Packed Binaries