
About Me
๐ Hey, I’m Niklas
I’m currently studying Cyber Security B.Sc. at the University of Applied Sciences Mannheim, with a deep passion for elegant code, cryptography, infrastructure, and real-world offensive security.
After building BASF’s internal platform for quantitative risk management from the ground up, I’m now transitioning to full-time penetration testing at ERNW starting September 2025, focusing fully on pentesting and red teaming.
๐ผ Experience
๐ก๏ธ ERNW โ Penetration Tester (starting Sep 2025)
Starting Sep 2025, Heidelberg
- Joining the Offensive Security Team at ERNW
- Focus: Red teaming, infrastructure assessments, web exploitation, and Active Directory security
- Engaging in hands-on security evaluations of enterprise environments
- Advancing deep technical skills in adversary simulation, exploit development, and structured attack paths
๐ BASF โ Lead Architect, Cyber Security Risk Platform
Jan 2023 โ Aug 2025, Ludwigshafen
- Led the architecture and implementation of BASFโs internal quantitative cyber risk platform
- Designed modular metric systems, cost-benefit models, and ML-powered automation pipelines
- Initiated platform use as a potential testbed for post-quantum cryptographic evaluations (e.g. NIST PQC candidates)
- Delivered scalable internal tooling and infrastructure across global teams (China, Singapore, Spain, US)
- Drove secure software design decisions and helped engineers across cybersecurity and development units
๐งช ITK Engineering (Bosch) โ Software Engineer
Jan 2022 โ Dec 2023, Rรผlzheim
- Developed production software as part of a cross-functional team
- Experience with larger enterprise codebases and secure engineering
- Worked on global projects with devs in Spain, Singapore, and the US
๐ป Freelance โ Developer & Systems Support
2019 โ Dec 2021, Ludwigshafen
- Built websites, small-scale software, and local IT systems
- Examples:
- reiterhof-kinderhilfe.de
- blauersalon-lu.de
- this one hehe
๐ง Education
Cyber Security B.Sc.: Mannheim University of Applied Sciences
2023โpresent
Mathematics B.Sc.: Heidelberg University
Focus: Probability theory, optimization
2022โ2023
Mathematics B.Sc.: KIT Karlsruhe
2021โ2022
Abitur: Max-Planck-Gymnasium, Ludwigshafen
Graduated with 1.1 GPA and four distinctions
๐งช Research & Offensive Focus
At the core of my work lies the intersection of security, automation, and mathematics โ I thrive on translating complex theory into practical tools and techniques. I document these intersections here on niklas-heringer.com , blending real-world red teaming, structured forensics, and offensive research into repeatable methodology.
๐ CERN Whitehat Challenge โ Summer 2025
Officially certified participant in CERNโs real-world penetration test program.
- Selected for the CERN Whitehat Challenge, targeting real infrastructure under strict ethical rules
- Developed Cherry Picker , a smart recon tool using entropy filtering, TTL clustering, cloud targeting and more..
- Focussed on web exploitation
- Certificate of participation:
๐ Forensic Log Tracker โ Open-Source Tool in Active Use
Secure, modular logging framework used by in forensic casework.
- Built a full-featured CLI tool for legally compliant command tracking
- Logs are cryptographically GPG-signed, hash-verified, and accompanied by formal explanations in German legal language
- Actively used by forensics students at Hochschule Mannheim
- Supports Markdown reporting, dry-run documentation, and case-based evidence tracking
- Ensures integrity of involved material
โ GitHub: Forensic Log Tracker
๐ Current Areas of Focus
- Regular Hack The Box labs and writeups โ aiming for Pro Hacker rank
- Studying for CPTS and OSCP certifications
- Advancing in Active Directory exploitation and web pentesting
- Learning Go for tooling and high-performance backends
- Continuing Mandarin studies (~HSK2)
- Research in Bayesian cyber risk models, secure computation, and Kolmogorov-Arnold networks
- Hands-on exploration of Linux internals, exploit development, and structured attack graph simulation
โ๏ธ Technical Stack
Languages & Frameworks
Proficient in building secure, scalable systems with a strong foundation in systems programming, scripting, and cloud-native development:
- Languages: Python, Java, C/C++, JavaScript, SQL, Assembly, PHP
- Scripting & Shell: Bash, PowerShell
- Currently learning: Go
- Frameworks & Tooling:
- FastAPI (deep experience with high-performance APIs)
- Dagster (production-grade data orchestration)
- Streamlit (interactive, data-driven dashboards)
- Django, PyTorch, TensorFlow, Scapy
Cloud & DevOps
Fluent in full-stack data pipelines and service orchestration using DAG-based frameworks like Dagster, tightly integrated with Azure-native monitoring, auth, and deployment tooling:
- Azure: DevOps, DevOps Repository, Data Factory, Functions, Monitor, Key Vault, DevOps Pipelines, Event Grid
- Other Platforms: Databricks, Docker, GitHub Actions
๐ก๏ธ Security Expertise & Threat Engineering
Experienced in cyber security risk management and adversarial modeling at the enterprise level:
- Deep fluency with NIST Cybersecurity Framework, ISO 27001/27005, CIS Controls, and internal control mapping strategies
- Build and apply enterprise threat models, red team/blue team collaboration frameworks, and structured attack graphs for proactive defense
- Skilled in advanced threat intelligence, exposure modeling, and integration of security automation into CI/CD pipelines
๐ ๏ธ Security Tooling & Red Team Focus
- Currently building foundational knowledge in Active Directory security โ working hands-on with tools like BloodHound, WinPEAS, and SharpHound to understand enumeration, misconfigurations, and attack paths.
- Comfortable with tools like Burp Suite, nmap, Responder, Wireshark, and CrackMapExec as part of CTFs and lab work.
- Long-term involvement in Hack The Box and HTB Academy, focusing on understanding real attack techniques beyond solving challenges.
- Gradually improving at writing simple payloads, experimenting with obfuscation and automation โ still early, but progressing each week.
- Also familiar with basic network forensics and detection tuning, e.g. writing simple YARA rules or logic-based alerting patterns.
Developed own tools for structured forensic analysis and mathematically enhanced scanners, shared on GitHub .
๐ฌ Contact
Email: ping@niklas-heringer.com
Letโs connect if youโre working on anything at the intersection of risk, research, red teaming, and automation โ or if you just love well-documented attack paths.