Bernd Janzen
Cybersecurity Analyst — GRC & Security Operations
Career changer: I spent years running operations — including my own coffee shop — before moving into security. Now interning at Panos.ai, mapping GDPR and EU AI Act requirements to real compliance controls and building cloud compliance tooling. CompTIA Security+ certified.
Background & Skills
My path into security is not the usual one. I trained as an IT clerk in the early 90s, then spent two decades elsewhere: professional dance, carpentry, and six years running my own specialty coffee bar in Berlin with my wife. Hiring and training a team, HACCP compliance, reconciling the till every single night — small-business operations teach you what process discipline actually costs, because every shortcut lands on your own desk.
Those years gave me resilience, an eye for detail, and the habit of staying calm when everything happens at once. After a full-stack bootcamp brought me back to tech, Masterschool's cybersecurity program turned that operational mindset toward security — and GRC turned out to be a natural fit: it is the craft of making rules workable for real people doing real work.
Today I work at the intersection of compliance and engineering: GDPR and EU AI Act mapping, NIST CSF 2.0, and Python tooling for cloud compliance. And yes — every working day still starts with a properly brewed cup of coffee.
Work & Projects
Cybersecurity Engineer Intern — Panos.ai
- Researched and documented GDPR and EU AI Act (Low Risk) compliance requirements; created structured documentation in Linear and GitHub
- Mapping NIST SP.1300 (Quick Start Guide for Small Businesses) to NIST CSF 2.0 controls
- Collaborating with a software engineer intern on asset inventory automation in a multicloud environment (AWS, Azure, GCP)
Aurora AI Security — Capstone Lab
4-segment capstone project for a fictional German AI consultancy. Designed a 13-VLAN enterprise network, built a virtualized lab with pfSense and Wazuh SIEM, executed red team/blue team simulation using Kali Linux, and validated detections mapped to MITRE ATT&CK. Aligned to NIST CSF 2.0, GDPR, and NIS2.
gcp-cloudscope
Live GCP project: an asset-inventory pipeline that classifies real cloud resources against a YAML rules engine into a GDPR/EU AI Act compliance report, plus a GDPR chatbot using Gemini and pgvector. Found and fixed a real internet-facing firewall exposure along the way.
Movie Database Application
Full-stack web application with a secure RESTful API and React frontend. Implemented JWT authentication, role-based authorization, and secure API integration principles.