Home of @mkoppmann –
Security Enthusiast

About me

My name is Michael Koppmann and I am an Information Security Consultant at SBA Research. I received a master’s degree in “Software Engineering and Internet Computing” at the TU Wien.

My main interests are secure software engineering, functional programming, cryptography, privacy enhancing technologies, cryptocurrencies, and everything open source. Besides technology, I am also interested in environmental protection, Japan, health and fitness, self-improvement, and human rights.

Certifications

• Offensive Security Certified Professional (OSCP)
• Certified Information Systems Security Professional (CISSP)
• Certified Secure Software Lifecycle Professional (CSSLP)
• GIAC Web Application Penetration Tester (GWAPT)

Publications and talks

Here is a list of my publications and public talks I gave:

Publications

• “KI-Assistenten und LLMs – was taugt der Code?”. Article in iX 2024/07. (2024-07, German, Link)
• “Anwendungssicherheit durch einen sicheren Softwareentwicklungslebenszyklus (SDLC)”. Article in USANCEN: TechGuard 00/23. (2023-11, German, Link, Download)
• “Alternatives Autorisierungsmodell”. Article in OCG Journal 01/2023. (2023-04, German, Link, Download)
• “Utilizing Object Capabilities to Improve Web Application Security”. Article in ACIG Journal 2022, Volume 1. (2022-11, English, Link, Download)
• “Object Capabilities and Their Benefits for Web Application Security”. Master thesis. (2021-10, English, Link, Download)

Talks

• “The Era of Green Software”. Talk at sec4dev Dialogues. (2024-06-26, German, Slides)
• “Typed Security: Preventing Vulnerabilities By Design”. Talk at WeAreDevelopers Security Day. (2024-05-08, English, Link, Slides, Video)
• “1.400 hours for the preparation of an ISO27001 certification within 15 minutes and the connex to an espresso”. Talk for SaaS Club group. (2024-04-30, English, Link, Slides)
• “Secure Software Development – A Short Introduction of the OWASP SAMM”. Talk at B2B Software Days. (2023-05-09, English, Link, Slides)
• “The Era of Green Software”. Talk at TEDxTUWien. (2022-12-11, English, Link, Slides, Video)
• “Type-Driven Domain Design: Use the Types, Luke!”. Talk at heise devSec(). (2022-10-05, German, Link, Slides)
• “Object Capabilities and Their Benefits for Web Application Security”. Lightning talk at IKT-Sicherheitskonferenz. (2022-09-15, German, Link, Slides)
• “Typed Security – Preventing Vulnerabilities By Design”. Talk at sec4dev Conference & Bootcamp. (2022-09-09, English, Link, Slides, Video)
• “Type-Driven Domain Design – Security in the Fabric of Your Code”. Talk for Domain-Driven Design Vienna group. (2022-03-25, German, Link, Slides)
• “Type-Driven Domain Design – Security in the Fabric of Your Code”. Talk for Security Meetup by SBA Research group. (2022-01-26, English, Link, Slides, Video)

For verification

You can verify my identity with these services:

• GitHub
• GitLab
• HackerOne
• SBA Research
• ORCID ID
• Fediverse

My PGP fingerprint: E9B3 3326 8618 0E5E 498C 6C97 63CA B0C7 75EB 9C80

My Signal “safety numbers”: 88630 72114 80083 44420 49604 09486