Information Security Officer

Security & Infrastructure

David
Lahoz.

I build and run the security function for a six-entity group — ISO 27001-aligned governance, awareness programs that actually change behavior, and incident response that holds up under audit. IT must be an enabler, not a bottleneck.

David Lahoz
10+
years in IT & security
06
entities under governance
27001
ISO-aligned practice
06
languages spoken
01

About

Originally from Barcelona, based in Munich since 2021. Over a decade of hands-on IT — from Windows Server rooms to multi-entity cloud governance — before moving into the security office. I specialize in making security programs that people can actually live with: stable, scalable, and measured against real standards rather than checkbox theater.

Firm believer that every office
should have a dog. Or a small pack.

02

Experience

Nov 2025 — Present

Information Security Officer

pure11 GmbH (Dastex Group)

  • Overseeing information security governance across Dastex Group entities, aligning practices with ISO 27001 and group-wide compliance standards.
  • Leading security awareness initiatives and phishing simulations to enhance user resilience and reduce risk.
  • Coordinating risk assessments, incident response, and access-control policies across Cloud M365 and hybrid environments.
  • Advising executive management on cybersecurity strategy, policy frameworks, and audit readiness.
Risk AssessmentIncident ResponseSecurity AwarenessCompliance
Mar 2024 — Nov 2025

IT Manager

pure11 GmbH (Dastex Group)

  • Led infrastructure and security consolidation post-acquisition, co-owning IT policy governance with executive leadership to standardize systems and access controls (MFA, Conditional Access) across six entities.
  • Defined and executed a unified IT strategy post-acquisition, balancing strategic oversight with hands-on implementation.
  • Led internal automation initiatives to reduce operational workload and improve productivity across business units.
Microsoft 365Conditional AccessAutomationGovernance
Feb 2022 — Mar 2024

System Administrator

Stryber

  • Project-managed the MDM migration to Kandji, aligning policies with CIS benchmarks across international teams.
  • Regional IT lead supporting global offices (Dubai, Singapore, Kyiv, Zurich, Valencia, Munich).
macOSKandji (MDM)CIS BenchmarksGoogle Workspace
Mar 2021 — Feb 2022

System Administrator

Grifols

  • Administered Citrix, VMware, and Windows Server environments; led End-of-Support infrastructure replacements and cross-border deployments during post-acquisition integration.
CitrixVMwareWindows Server
Jun 2018 — Jun 2020

Solutions Engineer

char desarrollo de sistemas

  • Technical pre-sales for PBX middleware solutions — demos, proof-of-concepts, and deployment alignment for enterprise and hospitality clients.
PBXVoIPPre-Sales
Jul 2010 — May 2018

System Administrator

Abertis

  • Windows Server administration, lifecycle management, and internal audit support across business units.
Windows ServerAuditingLifecycle Management
03

Selected Work

04

Skills

Operating Systems & Platforms

WindowsmacOSLinux (basic)VMware

Cloud & Identity

Microsoft 365Entra IDIntuneExchange Online

Cybersecurity & Governance

Conditional AccessCIS ControlsIT PolicyAccess Standards

Device Management

IntuneKandjiApple Business Manager

ITSM & Automation

Jira SMWorkflow AutomationAsset LifecycleSLA Monitoringn8n
05

Education & Languages

2020 — 2022

Associate Degree in Systems and Network Administration

La Salle Gràcia, Spain

2007 — 2009

Associate Degree in IT Systems Operations

Salesians de Sarrià, Spain

Catalan (Native)Spanish (Native)English (Fluent)French (Intermediate)German (Basic)Italian (Basic)
06

Contact

Let's talk security.

Open to conversations about security leadership, governance, and pragmatic hardening. The form goes straight to my inbox and is Turnstile-protected — bots need not apply.

Prefer LinkedIn?
0/500
© 2026 David Lahoz — Munich, DE · 48.14°N 11.58°ECSP strict-dynamic · HSTS · no cookies · Lighthouse a11y 100