About Me

👋 Hey, I’m Niklas

I’m currently studying Cyber Security B.Sc. at the University of Applied Sciences Mannheim, with a deep passion for elegant code, cryptography, infrastructure, and real-world offensive security.

After building BASF’s internal platform for quantitative risk management from the ground up, I’m now transitioning to full-time penetration testing at ERNW starting September 2025, focusing fully on pentesting and red teaming.

💼 Experience

🛡️ ERNW – Penetration Tester (starting Sep 2025)

Starting Sep 2025, Heidelberg

• Joining the Offensive Security Team at ERNW
• Focus: Red teaming, infrastructure assessments, web exploitation, and Active Directory security
• Engaging in hands-on security evaluations of enterprise environments
• Advancing deep technical skills in adversary simulation, exploit development, and structured attack paths

🔐 BASF – Lead Architect, Cyber Security Risk Platform

Jan 2023 – Aug 2025, Ludwigshafen

• Led the architecture and implementation of BASF’s internal quantitative cyber risk platform
• Designed modular metric systems, cost-benefit models, and ML-powered automation pipelines
• Initiated platform use as a potential testbed for post-quantum cryptographic evaluations (e.g. NIST PQC candidates)
• Delivered scalable internal tooling and infrastructure across global teams (China, Singapore, Spain, US)
• Drove secure software design decisions and helped engineers across cybersecurity and development units

🧪 ITK Engineering (Bosch) – Software Engineer

Jan 2022 – Dec 2023, Rülzheim

• Developed production software as part of a cross-functional team
• Experience with larger enterprise codebases and secure engineering
• Worked on global projects with devs in Spain, Singapore, and the US

💻 Freelance – Developer & Systems Support

2019 – Dec 2021, Ludwigshafen

• Built websites, small-scale software, and local IT systems
• Examples:
  • reiterhof-kinderhilfe.de
  • blauersalon-lu.de
  • this one hehe

🧠 Education

Cyber Security B.Sc.: Mannheim University of Applied Sciences
2023–present

Mathematics B.Sc.: Heidelberg University
Focus: Probability theory, optimization
2022–2023

Mathematics B.Sc.: KIT Karlsruhe
2021–2022

Abitur: Max-Planck-Gymnasium, Ludwigshafen
Graduated with 1.1 GPA and four distinctions

🧪 Research & Offensive Focus

At the core of my work lies the intersection of security, automation, and mathematics — I thrive on translating complex theory into practical tools and techniques. I document these intersections here on niklas-heringer.com , blending real-world red teaming, structured forensics, and offensive research into repeatable methodology.

🏆 CERN Whitehat Challenge – Summer 2025

Officially certified participant in CERN’s real-world penetration test program.

• Selected for the CERN Whitehat Challenge, targeting real infrastructure under strict ethical rules
• Developed Cherry Picker , a smart recon tool using entropy filtering, TTL clustering, cloud targeting and more..
• Focussed on web exploitation
• Certificate of participation:

🔍 Forensic Log Tracker – Open-Source Tool in Active Use

Secure, modular logging framework used by in forensic casework.

• Built a full-featured CLI tool for legally compliant command tracking
• Logs are cryptographically GPG-signed, hash-verified, and accompanied by formal explanations in German legal language
• Actively used by forensics students at Hochschule Mannheim
• Supports Markdown reporting, dry-run documentation, and case-based evidence tracking
• Ensures integrity of involved material

→ GitHub: Forensic Log Tracker

📚 Current Areas of Focus

• Regular Hack The Box labs and writeups – aiming for Pro Hacker rank
• Studying for CPTS and OSCP certifications
• Advancing in Active Directory exploitation and web pentesting
• Learning Go for tooling and high-performance backends
• Continuing Mandarin studies (~HSK2)
• Research in Bayesian cyber risk models, secure computation, and Kolmogorov-Arnold networks
• Hands-on exploration of Linux internals, exploit development, and structured attack graph simulation

⚙️ Technical Stack

Languages & Frameworks

Proficient in building secure, scalable systems with a strong foundation in systems programming, scripting, and cloud-native development:

• Languages: Python, Java, C/C++, JavaScript, SQL, Assembly, PHP
• Scripting & Shell: Bash, PowerShell
• Currently learning: Go
• Frameworks & Tooling:
  • FastAPI (deep experience with high-performance APIs)
  • Dagster (production-grade data orchestration)
  • Streamlit (interactive, data-driven dashboards)
  • Django, PyTorch, TensorFlow, Scapy

Cloud & DevOps

Fluent in full-stack data pipelines and service orchestration using DAG-based frameworks like Dagster, tightly integrated with Azure-native monitoring, auth, and deployment tooling:

• Azure: DevOps, DevOps Repository, Data Factory, Functions, Monitor, Key Vault, DevOps Pipelines, Event Grid
• Other Platforms: Databricks, Docker, GitHub Actions

🛡️ Security Expertise & Threat Engineering

Experienced in cyber security risk management and adversarial modeling at the enterprise level:

• Deep fluency with NIST Cybersecurity Framework, ISO 27001/27005, CIS Controls, and internal control mapping strategies
• Build and apply enterprise threat models, red team/blue team collaboration frameworks, and structured attack graphs for proactive defense
• Skilled in advanced threat intelligence, exposure modeling, and integration of security automation into CI/CD pipelines

🛠️ Security Tooling & Red Team Focus

• Currently building foundational knowledge in Active Directory security — working hands-on with tools like BloodHound, WinPEAS, and SharpHound to understand enumeration, misconfigurations, and attack paths.
• Comfortable with tools like Burp Suite, nmap, Responder, Wireshark, and CrackMapExec as part of CTFs and lab work.
• Long-term involvement in Hack The Box and HTB Academy, focusing on understanding real attack techniques beyond solving challenges.
• Gradually improving at writing simple payloads, experimenting with obfuscation and automation — still early, but progressing each week.
• Also familiar with basic network forensics and detection tuning, e.g. writing simple YARA rules or logic-based alerting patterns.

Developed own tools for structured forensic analysis and mathematically enhanced scanners, shared on GitHub .

📬 Contact

Email: ping@niklas-heringer.com

Let’s connect if you’re working on anything at the intersection of risk, research, red teaming, and automation — or if you just love well-documented attack paths.