Andreas Falk

Stuttgart, Germany ·

Scan contact card

Scannable QR code with contact info

Hi, my name is Andreas Falk and I am working as a Managing Consultant for Novatec Consulting located in Stuttgart/Germany.
I’m enthusiastic about the architecture and development of Cloud-Native Java enterprise applications. Mostly these are based on the Spring-Framework-Platform. The cloud platforms I use are CloudFoundry and Kubernetes. And I love to deploy my apps using cloud providers like AWS, Google Cloud and Microsoft Azure.

Agile Security

As a member of OWASP and the OpenID Foundation, I support the development of secure software. In my current role as Practice Lead for Agile Security at Novatec Consulting, I teach and coach internal and external developers. Specifically, my training/coaching portfolio includes:

  • Secure Design, Coding and Testing
  • Identity and Access Management (SAML, OAuth 2.0 & OpenID Connect)

Conference Speaker & Author

I am a frequent speaker appearing at conferences like JAX, Voxxed Days, Devoxx and Spring I/O. These are great places to share my project practical experience with you. This includes among other topics like Authentication of Microservices using OpenID Connect and Kubernetes Security.
From time to time I also like to write articles and blog posts. Some of my articles can be found in Java Magazin, iX or Objekt Spektrum.

Leisure Time

As a balance to work, leisure activities are also needed. Here, I spend time with my family and my dogs. My dogs are a Labrador-Lady and a Golden-Doodle male. If time allows, I also play the electric guitar in my Band Scallywag. And in order to keep my fitness, I try to practice running sessions several times a week.


  • Microservices
  • RESTful APIs
  • Serverless
  • SaaS/PaaS/IaaS
Languages, Operating Systems & Tools
  • Java
  • Spring
  • Python
  • git
  • subversion
  • linux
  • bash
  • Angular
  • typescript
Platform Development & Administration
  • Atlassian
  • Bitbucket
  • GitHub
  • Wordpress
Data Management
  • Microsoft SQL Server
  • Oracle
  • MySql
  • PostgreSql
  • MongoDB
  • Redis
Containers & Cloud
  • Kubernetes
  • Docker
  • AWS
  • Google Cloud Platform
  • Microsoft Azure
  • Linux


A collection of projects authored by Andreas, and likely shared out with the community as an open source project.

OAuth 2.0 & OpenID Connect compliant Authorization Server

An OAuth 2.0 & OpenID Connect (OIDC) compliant authorization server just for demo purposes to be used as part of OAuth2/OIDC workshops.

Read more..

Cloud-Native Microservice Security Boot-Camp

Cloud-Native Microservice Security Boot-Camp.

Read more..

Open Source Contributions

A collection of efforts to which I contributed, but did not create. Contributing back to Open Source projects is a strong passion of mine, and requires a considerate approach to learn norms, standards and approach for each community for a successful merge!

Fix wrong java runtime version mentioned in reference doc (Spring Security)

Fix wrong java runtime version mentioned in reference doc.

Read more..

Add setter for authorities claim name in JwtGrantedAuthoritiesConverter (Spring Security)

Add setter for authorities claim name in JwtGrantedAuthoritiesConverter.

Read more..

Wait! There's more..

See all Open Source Contributions for more examples!

Publications & Talks

A collection of articles, presentations or talks, most likely on Security and Software Development.

Workshop - Cloud-Native Microservices Security Bootcamp (Sec4Dev 2020 Wien)

All developers today are also DevSecOps engineers even if they are not aware of it. In this Bootcamp, you will learn how to secure cloud-native Java microservices.

February 2020

Talk - Kubernetes und Container – Aber Sicher! (Frankfurter Entwicklertag 2020)

Mit dem Siegeszug von Kubernetes ist auch der Java Entwickler vollends im DevOps-Zeitalter angekommen. Neben der eigentlichen Entwicklung muss dieser sich u.a. mit Netzwerken, Containern, Ingress-Controllern, Load-Balancern, Nodes, Services und Pods beschäftigen.

February 2020

Hands-On Lab - Securing Microservices with OpenID Connect and Spring Security 5 (Devoxx Belgium 2019 Antwerp)

Have you ever wondered what the heck is OpenID Connect and how it differs from OAuth 2.0? Are Grant Types, Flows, JOSE, JWT or JWK unknown beings for you? Then this workshop is a great opportunity for you to get to know all these things by getting your hands dirty in code using Spring Security 5.

November 2019

Talk - Spring Cloud on Kubernetes (Spring I/O 2019 Barcelona)

Spring Boot and Spring Cloud are great in helping building cloud-native Java or Kotlin applications. Using Spring Cloud components like Discovery Service, API Gateway or the Config Server have improved the experience in the cloud to a big extent. With the rise of Kubernetes, this has changed.

May 2019

Wait! There's more..

See all Publications & Talks for more examples!


Hochschule für Technik Esslingen

Business Engineer

1994 - 1996

Duale Hochschule Stuttgart

Diplom Technische Informatik (BA)
Computer Information Systems

1990 - 1993

Custom launch script for Spring Boot executable

Introduction In addition to running Spring Boot applications by using java -jar, it is also possible to make fully executable applications for Unix systems. A fully executable jar can be executed like any other executable binary or it can be registered with init.d or systemd. Details on this are described in the Spring Boot reference docs. To achieve this the Spring Boot Maven or Gradle plugins repackage the jar file and add an embedded shell script to the jar.

March 27, 2020
Nifty tech tag lists from Wouter Beeftink

Commit: "cd452ff"

LastMod Date using GitInfo: cd452ff