Michael Brügge
Managing Consultant
Profile
After completing his training to be an IT systems technician, Michael Brügge studied Computer Science at Münster University of Applied Sciences. During his studies, he worked as a software engineer and was, for example, involved in implementing the cycling navigation software Naviki. He spent one practical semester abroad in the United States, where he was the head of the development team in a leading IT company. In the context of an international university cooperation, he then did his Bachelor’s thesis on successfully accessing contactless readable smartcards using an NFC-enabled Android device.
To become an IT security expert, Michael Brügge then started the master’s program “IT Security / Networks and Systems” at the University of Bochum, switching to cirosec GmbH for his thesis. In this context, he analyzed and compared standards for penetration testing.
After finishing his studies, he started working as a consultant at cirosec GmbH at the beginning of 2015.
Since then, Michael Brügge has gained experience in different areas, such as in carrying out demanding penetration tests and insider analyses as well as conceptual reviews of security architectures. He also consults customers on building a security operations center, is a trainer of the “Hacking Extreme Web Applications” cirosec training and has the OSCP+ certification.
As a Managing Consultant, he has been having personnel responsibility for a team of ten since 2021. In addition, Michael Brügge heads the cirosec red team and, together with his colleagues, carries out several red team assessments each year. In doing so, he is not only responsible for project management but also has specialized in carrying out social-engineering attacks and bypassing physical security controls. His knowledge of how to protect a company from such attacks is passed on by him to cirosec’s customers in the form of security awareness campaigns, live hacking presentations and workshops.
Michael Brügge is also part of the incident response management team, regularly assisting customers in handling various IT security incidents and carrying out forensic analyses.