Dr. Michael Falk

Partner, Consulting, Cyber Security

KPMG AG Wirtschaftsprüfungsgesellschaft

I am a partner in KPMG’s Security Consulting division. I can provide advice to you and your company not only with my many years of experience, but above all through innovative approaches.

Cyber security, privacy and risk assessment of new technologies – my focus here is on the continuous development of organisations, processes and people. That’s because only those who know their cyber risks can take advantage of the opportunities of digital transformation.

With comprehensive analyses and accurate measures, I provide targeted advice on protection against industrial espionage, ransomware and DDoS attacks - without losing sight of costs & benefits.

After obtaining my doctorate at the Justus Liebig University in Giessen with a thesis on IT compliance in corporate governance, I am currently responsible for the topics “Cyber Security Strategy, Governance and Risk” and “Privacy Management” at KPMG and am also a guest lecturer and speaker.

I was recently involved in the following projects:

  • Mapping and assessment of current security maturity and capability levels of companies and continuous development of cybersecurity capabilities as part of transformation programmes
  • Management consulting for the strategic alignment of cybersecurity in the context of technological developments and changing threat situations ("agile security")
  • Establishment of transparent and business-driven cyber risk management methods with a focus on quantitative cyber risk management
  • Introduction of security technologies and processes with a focus on vulnerability management, incident management, SIEM, security operations, red teaming and security awareness
  • Establishment of management systems based on ISO 27001, NIST and/or BSI IT basic protection
  • Evaluation and improvement of technical and organisational measures in the area of data protection/privacy
  • CISA – Certified Information Systems Auditor (ISACA, 2015)

  • ITGCP - IT Governance & Compliance Practitioner (ISACA, 2014)

  • certified data protection officer, specialist knowledge in accordance with Section 4f para. 2 BDSG (Bundesdatenschutzgesetz [Federal Data Protection Act]) (FFD, 2013)

  • ISO/IEC 27001 Certified Lead Implementer (IBITGQ/IT Gov. Institute, 2012), ISO/IEC 27001 Lead Auditor (KPMG, 2010)

  • Doctor of political science (Justus Liebig University of Giessen, 2012), Diploma-Kaufmann (Business Admin Graduate) (Justus Liebig University of Giessen, 2006)

  • Lecturer and Member of Advisory Board Master’s Degree in IT-GRC, Open Competence Centre for Cyber Security (C3S), http://www.open-c3s.de

  • Various activities as a Lecturer of Information Security, Cyber Security and IT Compliance

  • Member of numerous expert groups including Information Security Forum (ISF), ISACA