About Me

👋 Hey, I’m Niklas

I’m currently studying Cyber Security B.Sc. at the University of Applied Sciences Mannheim, with a deep passion for elegant code, cryptography, infrastructure, and real-world offensive security.

Since early 2023, I’ve been working at BASF in the Cyber Security Risk Management department — focusing on intelligent risk modeling, automation, and the intersection of machine learning with real security work.

💼 Experience

🔐 BASF – Lead Architect, Cyber Security Risk Platform

Jan 2023 – present, Ludwigshafen

• Leading the architecture and implementation of BASF’s internal quantitative cyber risk platform
• Designing metric systems, cost-benefit modeling, and ML-driven automation for cyber security workflows
• Preparing the platform as a potential testbed for future post-quantum cryptographic algorithm evaluations (e.g. NIST PQC)
• Building scalable internal tools and infrastructure in a global team setting (China, Singapore, Spain, US)
• Driving software design decisions and mentoring contributors across engineering and cyber teams

🧪 ITK Engineering (Bosch) – Software Engineer

2022 – 2023, Rülzheim

• Developed production software as part of a cross-functional team
• Experience with larger enterprise codebases and secure engineering
• Worked on global projects with devs in Spain, Singapore, and the US

💻 Freelance – Developer & Systems Support

2019 – 2022, Ludwigshafen

• Built websites, small-scale software, and local IT systems
• Examples:
  • reiterhof-kinderhilfe.de
  • blauersalon-lu.de
  • this one hehe

🧠 Education

Cyber Security B.Sc.: Mannheim University of Applied Sciences
2023–present

Mathematics B.Sc.: Heidelberg University
Focus: Probability theory, optimization
2022–2023

Mathematics B.Sc.: KIT Karlsruhe
2021–2022

Abitur: Max-Planck-Gymnasium, Ludwigshafen
Graduated with 1.1 GPA and four distinctions

⚙️ Technical Stack

Languages & Frameworks

Proficient in building secure, scalable systems with a strong foundation in systems programming, scripting, and cloud-native development:

• Languages: Python, Java, C/C++, JavaScript, SQL, Assembly, PHP
• Scripting & Shell: Bash, PowerShell
• Currently learning: Go
• Frameworks & Tooling:
  • FastAPI (deep experience with high-performance APIs)
  • Dagster (production-grade data orchestration)
  • Streamlit (interactive, data-driven dashboards)
  • Django, PyTorch, TensorFlow, Scapy

Cloud & DevOps

Fluent in full-stack data pipelines and service orchestration using DAG-based frameworks like Dagster, tightly integrated with Azure-native monitoring, auth, and deployment tooling:

• Azure: Data Factory, Functions, Monitor, Key Vault, DevOps Pipelines, Event Grid
• Other Platforms: Databricks, Docker, GitHub Actions

🛡️ Security Expertise & Threat Engineering

Experienced in cyber security risk management and adversarial modeling at the enterprise level:

• Deep fluency with NIST Cybersecurity Framework, ISO 27001/27005, CIS Controls, and internal control mapping strategies
• Build and apply enterprise threat models, red team/blue team collaboration frameworks, and structured attack graphs for proactive defense
• Skilled in advanced threat intelligence, exposure modeling, and integration of security automation into CI/CD pipelines

🛠️ Security Tooling & Red Team Focus

• Currently building foundational knowledge in Active Directory security — working hands-on with tools like BloodHound, WinPEAS, and SharpHound to understand enumeration, misconfigurations, and attack paths.
• Comfortable with tools like Burp Suite, nmap, Responder, Wireshark, and CrackMapExec as part of CTFs and lab work.
• Long-term involvement in Hack The Box and HTB Academy, focusing on understanding real attack techniques beyond solving challenges.
• Gradually improving at writing simple payloads, experimenting with obfuscation and automation — still early, but progressing each week.
• Also familiar with basic network forensics and detection tuning, e.g. writing simple YARA rules or logic-based alerting patterns.

Developed own tools for structured forensic analysis and mathematically enhanced scanners, shared on GitHub .

🧪 Research & Current Focus

My core curiosity lives at the intersection of security, automation, and mathematics — I like connecting patterns across domains and translating knowledge between them. In my day job, I work on orchestration and large-scale automation in a cyber risk context — and I actively bring those patterns into my personal research in pentesting, forensics, and attack modeling, as documented on my blog niklas-heringer.com .

Current areas I’m focused on:

CERN Whitehat Challenge

Currently participating in the CERN Whitehat Challenge — a real-world penetration test in the context of CERN’s infrastructure. As part of the challenge, I’m developing Cherry Picker, a smart IP selection tool that uses entropy filtering, TTL clustering, and cloud targeting to make reconnaissance more efficient. → GitHub: Cherry Picker

• Building skills in ** webpentesting** and Active Directory security
• Regular labs + writeups on Hack The Box, aiming for Pro Hacker rank
• Studying for the CPTS and OSCP certifications
• Learning Go for tooling and backends
• Continuing Mandarin (currently ~HSK2 level)
• Researching topics like Bayesian cyber risk modeling, Kolmogorov-Arnold networks, and secure computation
• Exploring Linux internals, exploit development, and structured attack graph simulation

📬 Contact

Email: ping@niklas-heringer.com

Let’s connect if you’re working on anything at the intersection of risk, research, red teaming, and automation — or if you just love well-documented attack paths.