Andreas Falk

Stuttgart, Germany ·

Scan contact card

Scannable QR code with contact info

Hi, my name is Andreas Falk and I am working as Executive Consultant for CGI located in Stuttgart/Germany.
I’m enthusiastic about the software architecture, security and identity access management. I am a iSAQB certified solution architect and iSAQB accredited trainer for the foundation certification.

Architecture & Security Trainings

As a member of OWASP and the OpenID Foundation, I support the development of secure software and integrate IAM solutions. I am also a teacher. Specifically, my training/coaching portfolio includes:

  • Secure Design, Coding and Testing (From secure requirements to secure operation popagating DevOps approach)
  • Identity and Access Management (SAML, OAuth 2.0/OAuth 2.1, OpenID Connect, Verifiable Credentials)

Conference Speaker & Author

I am a frequent speaker appearing at conferences like JAX, Voxxed Days, Devoxx and Spring I/O. These are great places to share my project practical experience with you. This includes among other topics like Authentication of Microservices using OpenID Connect and Kubernetes Security.
From time to time I also like to write articles and blog posts. Some of my articles can be found in Java Magazin, iX or Objekt Spektrum.

Leisure Time

As a balance to work, leisure activities are also needed. Here, I spend time with my family and my dogs. My dogs are a Labrador-Lady and a Golden-Doodle male. If time allows, I also play the electric guitar in my Band Scallywag. And in order to keep my fitness, I try to practice running sessions several times a week.

Certifications

Skills

Architecture
  • Microservices
  • Domain Driven Design
  • Event Sourcing
  • RESTful APIs
  • Serverless
  • SaaS/PaaS/IaaS
Languages, Operating Systems & Tools
  • Java
  • Kotlin
  • Spring
  • Python
  • git
  • subversion
  • linux
  • bash
  • Angular
  • typescript
Agile Development & DevOps
  • Scrum
  • Kanban
  • Atlassian
  • GitHub
  • GitLab
  • Jenkins
  • Elastic/Kibana
  • Dynatrace
  • Graphana
Data Management
  • Microsoft SQL Server
  • Oracle
  • MySql
  • PostgreSql
  • MongoDB
  • Redis
Containers & Cloud
Security

Publications

A collection of articles, presentations or talks, most likely on Culture and DevOps, because let’s admit it, they are one in the same ;)

Workshop - Cloud-Native Microservices Security Bootcamp (Sec4Dev 2020 Wien)

All developers today are also DevSecOps engineers even if they are not aware of it. In this Bootcamp, you will learn how to secure cloud-native Java microservices.

February 2020

Talk - Kubernetes und Container – Aber Sicher! (Frankfurter Entwicklertag 2020)

Mit dem Siegeszug von Kubernetes ist auch der Java Entwickler vollends im DevOps-Zeitalter angekommen. Neben der eigentlichen Entwicklung muss dieser sich u.a. mit Netzwerken, Containern, Ingress-Controllern, Load-Balancern, Nodes, Services und Pods beschäftigen.

February 2020

Hands-On Lab - Securing Microservices with OpenID Connect and Spring Security 5 (Devoxx Belgium 2019 Antwerp)

Have you ever wondered what the heck is OpenID Connect and how it differs from OAuth 2.0? Are Grant Types, Flows, JOSE, JWT or JWK unknown beings for you? Then this workshop is a great opportunity for you to get to know all these things by getting your hands dirty in code using Spring Security 5.

November 2019

Talk - Spring Cloud on Kubernetes (Spring I/O 2019 Barcelona)

Spring Boot and Spring Cloud are great in helping building cloud-native Java or Kotlin applications. Using Spring Cloud components like Discovery Service, API Gateway or the Config Server have improved the experience in the cloud to a big extent. With the rise of Kubernetes, this has changed.

May 2019

Article - Java Aktuell 06-2018: Agil - aber sicher!

Es vergeht kaum ein Tag ohne Meldung über eine gehackte Software-Anwendung, einhergehend mit dem Diebstahl sensibler Daten wie KreditkartenDaten oder Passwörter. In der Software-Entwicklung sind inzwischen agile Vorgehensweisen wie Scrum oder Kanban weitverbreitet.

June 2018

Article - iX Special 2017: Security in der agilen Softwareentwicklung

Agile Entwicklung mag angesichts der Omnipräsenz von Software und der extrem kurzen Time-to-Market-Zeiten ihre Vorteile haben. Konflikte ergeben sich allerdings beim Thema Security, denn das flexible Arbeiten verträgt sich nicht mit einigen grundlegenden Anforderungen der Informationssicherheit.

June 2017

Wait! There's more..

See all Publications for more examples!

Creations

A collection of projects authored by Andreas, and likely shared out with the community as an open source project.

OAuth 2.0 & OpenID Connect compliant Authorization Server

An OAuth 2.0 & OpenID Connect (OIDC) compliant authorization server just for demo purposes to be used as part of OAuth2/OIDC workshops.

Read more..

Cloud-Native Microservice Security Boot-Camp

Cloud-Native Microservice Security Boot-Camp.

Read more..

Open Source Contributions

Fix wrong java runtime version mentioned in reference doc (Spring Security)

Fix wrong java runtime version mentioned in reference doc.

Read more..

Add setter for authorities claim name in JwtGrantedAuthoritiesConverter (Spring Security)

Add setter for authorities claim name in JwtGrantedAuthoritiesConverter.

Read more..

Wait! There's more..

See all Open Source Contributions for more examples!

Experience

Executive Consultant

CGI Deutschland B.V. & Co. KG

Led in development of fast paced software teams.

  • list
  • of
  • things

June 2025 - Present

Senior Managing Consultant

Novatec Consulting GmbH

Expedited the synergies of collaborative agile tooling.

October 2011 - May 2025

Developer

Previous Company Inc.

Implemented continuous devops pipelines automationing

February 2013 - March 2014

Education

Hochschule für Technik Esslingen

Diplom-Wirt-Ing.(FH)
Business Engineer

1994 - 1996

Duale Hochschule Stuttgart

Diplom Technische Informatik (BA)
Computer Information Systems

1990 - 1993
Nifty tech tag lists from Wouter Beeftink