GRC · DevSecOps · Data Protection

Serge Patrick
DIMA

GRC & CYBERSECURITY CONSULTANT — MAINZ, GERMANY

International lawyer with a background in compliance and regulatory frameworks, now specialising in cloud infrastructure security. Building GDPR-compliant systems at the intersection of law, risk, and technology.

CompTIA Security+ ISO 27001/27002 GDPR Certified AWS Cloud EU Blue Card Eligible
View Projects Get In Touch in LinkedIn
Serge Patrick DIMA
Scroll

About

Law meets
Technology

I am an international lawyer with a background in compliance who transitioned into cybersecurity — not to abandon the law, but to apply it where it matters most: in the architecture of cloud infrastructure and data governance.

During my DevSecOps internship at Webeet.io, I proactively identified a GDPR compliance gap on live infrastructure and led the company's first end-to-end data retention framework — from legal policy document grounded in GDPR Art. 5(1)(e) all the way to Terraform and Ansible deployment across AWS and ELK Stack.

In a regulatory landscape shaped by GDPR, NIS2, and the EU Cyber Resilience Act, I offer what most cybersecurity professionals cannot: deep legal analysis combined with hands-on technical delivery. A profile that speaks to both the CISO and the DPO.

Mainz, Germany — open to Frankfurt & Germany English (C1) · French (Native) · German (A2) Available immediately · EU Blue Card eligible
METRICS // VERIFIED
2,400+
Lines of orphaned
infrastructure code removed
6
GDPR data categories
governed under Art. 6(1)(f)
18+
Certifications
obtained
5
Infrastructure projects
delivered at Webeet.io
0
GDPR storage gaps
remaining post-delivery

Expertise

Skills &
Technologies

GRC-01Legal & GRC
GDPRNIS2ISO 27001/27002GRC FrameworksData Protection LawRisk AssessmentInternational LawCompliance ManagementData GovernanceSTRIDE Threat ModellingNIST CSFIncident Response
INF-02Infrastructure & Cloud
TerraformAnsibleAWS S3AWS SSMELK StackFilebeatLogstashDockerDocker ComposePgBouncerPostgreSQLGit / GitHub
SEC-03Security & DevSecOps
GitleaksGitHub Actions CI/CDSecret ScanningIAM / Zero TrustSCRAM AuthWiresharkNmapKali LinuxMetasploitSIEM ToolsActive DirectoryPenetration Testing
NET-04Network & Systems
pfSenseVLAN SegmentationFirewall / ACLTCP/IPVPNSSL/TLSSSHDHCP / NATLinuxWindows 10/11VirtualBoxSNMP / LDAPS

Career

Professional
Experience

Jan 2026 — Mar 2026Webeet.io · Amsterdam, NLAvailable Now
DevSecOps & GRC Security Intern
  • Implemented automated secret scanning (Gitleaks) in GitHub Actions CI pipeline and pre-commit hooks following a real GCP credential leak incident — zero credential exposure since deployment.
  • Developed an Ansible PgBouncer role with per-service database isolation, SCRAM authentication, and AWS SSM Parameter Store credential management across dev and qa environments.
  • Executed infrastructure cleanup across 4 VM modules (Edge, AppDB, Search, ELK), removing 2,400+ lines of orphaned cloud-init templates and dead Terraform variables.
  • Proactively identified a GDPR compliance gap — designed and delivered the company's first end-to-end GDPR Art. 5(1)(e) framework: policy documentation, Filebeat log shipping, ELK ILM policies (90/30/14 days), and S3 lifecycle rules via Terraform.
2025 — Mar 2026MSIT — Master School Institute of Technology · Berlin
Cybersecurity Programme — SOC Analyst Specialisation
  • Completed 3,000-hour intensive cybersecurity programme (56 weeks) certified by AZAV, specialising in SOC Analyst operations.
  • Covered SIEM, EDR, incident response, NIST/ISO/GDPR compliance, IAM, network security, cloud fundamentals, and Python/Bash scripting.
  • Delivered a solo project on secure network implementation and monitoring; completed 320-hour internship at a tech company.
Jul 2019 — Oct 2019Assemblée Nationale · Burkina Faso
Legal Advisor
  • Conducted legal research on legislative and constitutional matters; drafted bills, motions, and legal opinions for Members of Parliament.
  • Advised on legal and policy implications of proposed legislation across multiple regulatory domains.
Apr 2017 — Feb 2019Aurore-Afrique · Kyiv, UA
CEO & Co-Founder
  • Led international procurement contracts with AFD and ONEA for 200+ water infrastructure projects totalling €200K+.
  • Managed multilingual compliance documentation (FR/EN/RU/UA) across cross-border regulatory frameworks.
May 2017 — Sep 2017NGO Right to Protection · Kyiv, UA
International Law Intern
  • Completed 50+ legal research reports on asylum and refugee law; drafted 100+ legal documents with 95% accuracy rate.
  • Supported 30+ client interviews and contributed to human rights reporting.

Portfolio

Selected
Projects

GRC Team at Work
Where Law Meets Security
PERSONAL INITIATIVES — FEATURED CASE STUDIES ★ LIVE WORK
GRC · ISO 27001 · ISMS Portfolio Project

FinSecure GmbH —
ISMS Implementation

End-to-end simulation of an ISO 27001-aligned Information Security Management System for a fictional Frankfurt-based FinTech company operating under GDPR, DORA, and NIS2. Structured as a realistic five-day work week with daily GitHub deliverables — from Asset Inventory and Risk Register to Statement of Applicability, Treatment Plan, and Audit Readiness Report. Demonstrates the full GRC analyst workflow: scoping → asset classification → risk assessment → control selection → documentation.

ISO 27001:2022ISO 27002GDPRDORANIS2Risk RegisterAsset InventorySoAGRC PortfolioAnnex A Controls
View on GitHub →

Scope & Deliverables

5
Days — simulated GRC analyst work week, one GitHub commit per day
93
ISO 27001 Annex A controls reviewed for applicability
3
Regulatory frameworks applied: GDPR · DORA · NIS2
Asset Inventory complete — Risk Register in progress

Weekly Deliverables

Day 1: ISMS Scope & Context — asset inventory, information asset register, asset classification (CIA triad)
Day 2: Risk Register — threat mapping, likelihood/impact scoring, risk heat map per ISO 27005
Day 3: Statement of Applicability (SoA) — Annex A control selection with justifications
Day 4–5: Risk Treatment Plan, KPIs, and ISMS Audit Readiness Report

Recruiter signal

"FinSecure GmbH is a deliberate simulation of a real GRC analyst's first week on the job — scoping, classifying, assessing, and documenting. No tool generates this; it requires knowing ISO 27001 end-to-end and applying it under FinTech regulatory constraints."
GRC · Compliance Engineering · IaC

GDPR Log Retention &
Data Lifecycle Governance

Identified a GDPR compliance gap on live cloud infrastructure — no retention policies, no data lifecycle management, no legal documentation. Proactively requested ownership and delivered the company's first end-to-end GDPR Art. 5(1)(e) framework, from legal policy document to Terraform and Ansible deployment across AWS, ELK Stack, and S3.

GDPR Art. 5(1)(e)TerraformAnsibleAWS S3 LifecycleELK ILM PoliciesFilebeatGRCData Governance
View on GitHub →

Impact Metrics

6
Data categories governed under GDPR Art. 6(1)(f)
3
Retention tiers: 90 / 30 / 14 days
4
Sub-issues delivered: policy, IaC & monitoring
0
GDPR storage gaps remaining post-delivery

Deliverables

Formal retention policy — legal bases, 6 categories, annual review cycle
Filebeat log shipping configured in Ansible monitoring role
Per-log-type ELK ILM policies (auth 90d, app 30d, APM 14d)
S3 lifecycle expiration via Terraform (backup 90d, SBOM 365d)

Recruiter signal

"Most compliance professionals know the law or the tools — rarely both. This project demonstrates the full stack: legal analysis → policy writing → cloud infrastructure. A profile almost no other candidate can match."
Network Security · Threat Modelling · NIST CSF · MSIT Final Project

Secure Office Network
Architecture & SOC Simulation

Designed and implemented a production-grade secure network architecture for a 50–100 user office across two phases: strategic planning (STRIDE + NIST CSF threat modelling, risk matrix, ACL design, SOC IR playbook), followed by full virtual lab deployment on VirtualBox with pfSense — validated VLAN segmentation, firewall enforcement, Nmap attack simulation, and live log triage. Submitted as MSIT Final Project — Mar 2026.

pfSenseSTRIDENIST CSFVLAN SegmentationNmapFirewall ACLSOC TriageVirtualBoxUbuntu LinuxDHCP / NAT
View on GitHub →

Validated Results — Live Lab

4
VLANs deployed: Users, Servers, IT/Admin, Guest Wi-Fi
100%
Inter-segment blocking confirmed — ping 10.0.20.1 timeout
2
Phases: Week 1 Plan & Secure → Week 2 Implement & Validate
SSH filtered · NAT confirmed · pfSense logs reviewed

Deliverables — Both Phases

Week 1: STRIDE risk matrix (5 threats), NIST CSF framework rationale, firewall/ACL table per VLAN, device hardening checklist, SOC roles + IR playbook (Detection → Recovery)
Week 2: pfSense virtual lab (VirtualBox), VLAN segmentation, firewall rules, DHCP/NAT validation, Nmap port scan simulation (SSH filtered, HTTP open)
Inter-segment blocking verified: Users (VLAN 10) → Servers (10.0.20.0/24) blocked; Internet access allowed
pfSense system logs reviewed — firewall events from tests captured and triaged as SOC simulation

MSIT Final Project · CompTIA Security+ & Network+ alignment

"This project goes from threat model to live firewall enforcement — two phases, fully documented and validated on a real virtual lab. Recruiters see a SOC Analyst who doesn't just know the theory: they built, attacked, and defended the network themselves."

Internship Work — Webeet.io · DevSecOps Team · Jan 2025 – Mar 2026

REF-03
DevSecOps · CI/CD Security
Secret Scanning Pipeline

Implemented Gitleaks in GitHub Actions CI and pre-commit hooks after a real GCP credential leak. Blocks AWS, GCP, Azure keys and high-entropy strings at commit and PR level.

GitleaksGitHub ActionsPre-commitDevSecOps
Incident Response →
REF-04
Infrastructure · Database Security
Secure PgBouncer Ansible Role

Fully idempotent Ansible role with per-service DB isolation, SCRAM authentication, and AWS SSM Parameter Store credential management across dev and qa environments.

AnsiblePgBouncerAWS SSMSCRAM Auth
Infrastructure →
REF-05
Compliance · Audit Readiness
Infrastructure Cleanup Sprint

Removed 2,400+ lines of orphaned cloud-init templates and dead Terraform variables across 4 VM modules (Edge, AppDB, Search, ELK), improving audit readiness and codebase integrity.

TerraformAnsibleAWSAudit Readiness
Clean Architecture →

Credentials

Certifications &
Qualifications

PROGRAMME & INTERNSHIP CERTIFICATES — MAR 2026 // NEWLY OBTAINED
MSIT — Master School Institute of Technology · Berlin
Cybersecurity — SOC Analyst
Mar 9, 2026 · 3000 teaching hours · 56 weeks · Zertifiziert nach AZAV
Webeet.io · Amsterdam
DevSecOps Engineer — Internship Completion Certificate
Mar 9, 2026 · 320 hours · Signed by David Rajcher, Founder & CEO
CORE TECHNICAL CERTIFICATIONS // PRIORITY
CompTIA
Security+ Certification
Jan 2026 · Expires Jan 2029
CompTIA
A+ Certification
Aug 2025 · Expires Aug 2028
Packt · via Coursera
Information Security Risk Management for ISO 27001/ISO 27002
Mar 2026
GRC, COMPLIANCE & CLOUD
Packt · via Coursera
General Data Protection Regulation (GDPR)
Feb 2026
IBM · via Coursera
Cybersecurity Compliance Framework, Standards & Regulations
Feb 2026
Amazon Web Services
AWS Cloud Quest: Cloud Practitioner
Jan 2026
GOOGLE CYBERSECURITY PROFESSIONAL CERTIFICATE — DEC 2025 // GRC-RELEVANT COURSES
Google · via Coursera
Cybersecurity Professional Certificate
Dec 2025
Google · via Coursera
IT Security: Defense Against the Digital Dark Arts
2025
Google · via Coursera
Play It Safe: Manage Security Risks
2025
Google · via Coursera
Assets, Threats, and Vulnerabilities
2025
Google · via Coursera
Sound the Alarm: Detection and Response
2025
Google · via Coursera
Connect and Protect: Networks and Network Security
2025
ADDITIONAL & IN PROGRESS
TryHackMe
Pre Security Certificate
Jul 2025
CompTIA
Network+ Certification
IN PROGRESS — Q2 2026
Secure by Design
SECURE BY DESIGN COMPLIANT BY LAW
Available Immediately — Frankfurt / Germany / Remote / Relocation

Let's work
together

Actively seeking GRC Analyst, Data Protection Analyst, or Compliance Engineer positions in Germany — Frankfurt, Berlin, München, Hamburg. Fully committed to long-term relocation within Germany. EU Blue Card eligible — available immediately.

✉ Email Me in LinkedIn ⌥ GitHub ⎔ Projects ▾ ↓ Request CV
★ Available immediately
⎔ GRC Analyst
⎔ Data Protection Analyst
⎔ Compliance Engineer
✉ Open to full-time roles — Frankfurt & Germany
⎔ IT Risk Analyst
⎔ ISMS Analyst
⎔ DPO Assistant
★ EU Blue Card eligible
⎔ Open to GDPR · DORA · NIS2 projects
★ Open to collaboration
⎔ Information Security Officer
⎔ Cybersecurity Compliance Analyst
🇩🇪 Basé à Mainz · Relocation Allemagne — Frankfurt, Berlin, München, Hamburg
★ Available immediately
⎔ GRC Analyst
⎔ Data Protection Analyst
⎔ Compliance Engineer
✉ Open to full-time roles — Frankfurt & Germany
⎔ IT Risk Analyst
⎔ ISMS Analyst
⎔ DPO Assistant
★ EU Blue Card eligible
⎔ Open to GDPR · DORA · NIS2 projects
★ Open to collaboration
⎔ Information Security Officer
⎔ Cybersecurity Compliance Analyst
🇩🇪 Basé à Mainz · Relocation Allemagne — Frankfurt, Berlin, München, Hamburg
"Serge bridges legal frameworks and technical infrastructure — a rare profile in GRC." ◆ GRC Community · Frankfurt
"His GDPR framework at Webeet.io went from zero to full compliance in weeks — impressive ownership." ◆ DevSecOps Team · Amsterdam
"Rare: an international lawyer who deploys Terraform and writes ISO 27001 policy from scratch." ◆ LinkedIn · Peer Recommendation
"The FinSecure ISMS project is exactly what junior GRC analysts should be building — real, structured, documented." ◆ ISO 27001 Practitioner · Germany
"If you need someone who understands GDPR Art. 5 and how to enforce it in Ansible — Serge is your candidate." ◆ Compliance Engineer · Frankfurt
"Proactive, structured thinker who delivers documentation and code — not one or the other." ◆ Tech Lead · Webeet.io
"His legal background makes him understand risk in a way most technical candidates simply cannot." ◆ Risk Manager · Germany
"Delivered a full secret scanning pipeline in days after a live credential leak. Calm, efficient, precise." ◆ CTO · Webeet.io · Amsterdam
"Serge bridges legal frameworks and technical infrastructure — a rare profile in GRC." ◆ GRC Community · Frankfurt
"His GDPR framework at Webeet.io went from zero to full compliance in weeks — impressive ownership." ◆ DevSecOps Team · Amsterdam
"Rare: an international lawyer who deploys Terraform and writes ISO 27001 policy from scratch." ◆ LinkedIn · Peer Recommendation
"The FinSecure ISMS project is exactly what junior GRC analysts should be building — real, structured, documented." ◆ ISO 27001 Practitioner · Germany
"If you need someone who understands GDPR Art. 5 and how to enforce it in Ansible — Serge is your candidate." ◆ Compliance Engineer · Frankfurt
"Proactive, structured thinker who delivers documentation and code — not one or the other." ◆ Tech Lead · Webeet.io
"His legal background makes him understand risk in a way most technical candidates simply cannot." ◆ Risk Manager · Germany
"Delivered a full secret scanning pipeline in days after a live credential leak. Calm, efficient, precise." ◆ CTO · Webeet.io · Amsterdam