About Me

About Me

I am currently pursuing a B.Sc. in Cyber Security at the University of Applied Sciences Mannheim, with a strong interest in secure system design, cryptography, infrastructure, and offensive security.

After developing BASF’s internal platform for quantitative risk management from the ground up, I have now transitioned to penetration testing at ERNW in Heidelberg. My current focus is on building a solid technical foundation through systematic training and real-world preparation, particularly in web application exploitation and structured adversary techniques.

Experience

ERNW – Penetration Tester

Sep 2025 – present, Heidelberg

• Member of the Offensive Security Team
• Current focus on PortSwigger Web Security Academy training and applied web exploitation
• Gradually advancing into client-facing penetration tests under senior supervision
• Preparing for work in infrastructure assessments, Active Directory security, and structured attack paths

BASF – Lead Architect, Cyber Security Risk Platform

Jan 2023 – Aug 2025, Ludwigshafen

• Led the architecture and implementation of BASF’s internal quantitative cyber risk platform
• Designed modular metric systems, cost-benefit models, and ML-powered automation pipelines
• Initiated platform use as a potential testbed for post-quantum cryptographic evaluations (e.g. NIST PQC candidates)
• Delivered scalable internal tooling and infrastructure across global teams (China, Singapore, Spain, US)
• Drove secure software design decisions and supported engineers across cybersecurity and development units

ITK Engineering (Bosch) – Software Engineer

Jan 2022 – Dec 2023, Rülzheim

• Developed production software as part of a cross-functional team
• Experience with larger enterprise codebases and secure engineering
• Worked on global projects with devs in Spain, Singapore, and the US

Freelance – Developer & Systems Support

2019 – Dec 2021, Ludwigshafen

• Built websites, small-scale software, and local IT systems
• Examples:
  • reiterhof-kinderhilfe.de
  • blauersalon-lu.de
  • this one hehe

Education

Cyber Security B.Sc.: Mannheim University of Applied Sciences
2023–present

Mathematics B.Sc.: Heidelberg University
Focus: Probability theory, optimization
2022–2023

Mathematics B.Sc.: KIT Karlsruhe
2021–2022

Abitur: Max-Planck-Gymnasium, Ludwigshafen
Graduated with 1.1 GPA and four distinctions

Research & Offensive Focus

My work centers on the intersection of security, automation, and mathematics. I focus on turning theoretical concepts into practical tools and methodologies, and I document parts of this process on niklas-heringer.com .

CERN Whitehat Challenge – Summer 2025

Certified participant in CERN’s real-world penetration test program.

• Selected for the CERN Whitehat Challenge, conducting security assessments under strict ethical guidelines
• Developed Cherry Picker , a reconnaissance tool leveraging entropy filtering, TTL clustering, and cloud targeting
• Focused on web exploitation
• Certificate of participation:

Forensic Log Tracker – Open-Source Tool

Modular logging framework for digital forensic casework.

• Developed a CLI tool for documenting and verifying forensic investigations
• Implements cryptographic GPG signing and hash verification
• Provides legally consistent documentation in German legal language
• Used in university-level forensic training at Hochschule Mannheim
• Supports Markdown reporting, dry-run documentation, and structured evidence tracking

→ GitHub: Forensic Log Tracker

Current Areas of Focus

• Practical web application security: PortSwigger Web Security Academy
• Capture the Flag (CTF) experience: HackTheBox (university courses and private practice)
• Bug bounty exposure: Initial reports and testing on HackerOne
• Active Directory security: Starting to get familiar with enumeration and misconfiguration analysis
• Programming: Learning Go for tooling and performance-sensitive applications, see other points below
• Ongoing academic interest in probability-based risk models and secure computation

️ Technical Stack

Languages & Frameworks

Proficient in building secure, scalable systems with a strong foundation in systems programming, scripting, and cloud-native development:

• Languages: Python, Java, C/C++, JavaScript, SQL, Assembly, PHP
• Scripting & Shell: Bash, PowerShell
• Currently learning: Go
• Frameworks & Tooling:
  • FastAPI (deep experience with high-performance APIs)
  • Dagster (production-grade data orchestration)
  • Streamlit (interactive, data-driven dashboards)
  • Django, PyTorch, TensorFlow, Scapy

Cloud & DevOps

Fluent in full-stack data pipelines and service orchestration using DAG-based frameworks like Dagster, tightly integrated with Azure-native monitoring, auth, and deployment tooling:

• Azure: DevOps, DevOps Repository, Data Factory, Functions, Monitor, Key Vault, DevOps Pipelines, Event Grid
• Other Platforms: Databricks, Docker, GitHub Actions

️ Security Expertise & Threat Engineering

Experienced in cyber security risk management and adversarial modeling at the enterprise level:

• Deep fluency with NIST Cybersecurity Framework, ISO 27001/27005, CIS Controls, and internal control mapping strategies
• Build and apply enterprise threat models, red team/blue team collaboration frameworks, and structured attack graphs for proactive defense
• Skilled in advanced threat intelligence, exposure modeling, and integration of security automation into CI/CD pipelines

Contact

Email: ping@niklas-heringer.com

Let’s connect if you’re working on anything at the intersection of risk, research, red teaming, and automation — or if you just love well-documented attack paths.