EN | DE

IT Security

Security isn't a product — it's a condition.

Security isn't a product — it's a condition. One created through clarity, prioritization, and informed decisions. I combine technical expertise with pragmatic consulting — without buzzwords, without drama.

My Security Services

Risk & vulnerability assessments

Where do you really stand? I analyze your IT infrastructure, processes, and policies – and show you where the real risks are. Not the theoretical ones, but the practical ones.

System & network hardening

I harden your systems to make life difficult for attackers. Controlled, documented, with clear recommendations.

Security concepts (ISO 27001 / NIST aligned)

Compliance doesn't have to be a paper tiger. I help you implement requirements pragmatically without paralyzing operations.

Incident response design

When it's already happened: Rapid response, damage control, forensic analysis. And afterwards: Review and hardening.

Employee awareness & training

Employees are often the weakest link – or the strongest defense. I train your team with practical, real-world scenarios.

Goal

A security level that matches your reality — not a vendor’s marketing brochure.

My Approach to IT Security

Many companies invest in security products without knowing if they’re solving the right problems. Firewalls, antivirus, SIEM systems – all important, but useless if the basics aren’t right.

My approach is different: First understand, then act.

What I don’t do

  • No scaremongering: Yes, the threat landscape is serious. But fear is a poor advisor.
  • No product sales: I’m independent and don’t sell security software.
  • No checklist audits: Compliance is important, but ticking boxes isn’t security.

What I do differently

  • Risk-oriented: Not everything needs to be perfect. But the critical things must be right.
  • Pragmatic: Measures that are perfect in theory but not implementable in practice are worthless.
  • Understandable: Security isn’t secret knowledge. I explain what I do and why.

Details about my qualifications can be found on the Profile page.

Who is this for?

IT security consulting makes sense for companies that...

  • Want to know how their security really stands – without sales pressure
  • Need to meet compliance requirements (GDPR, ISO 27001, SOC 2, etc.)
  • Have had a security incident and need to act now
  • Want to strengthen their employees as the first line of defense
  • Want to use IT security as a competitive advantage, not a cost center

My Approach

  1. Scoping What should be tested? Which assets are critical? Which compliance requirements apply? Together we define the scope.
  2. Analysis Depending on the engagement: Document review, interviews, technical tests. I look at what actually happens – not just what's written in policies.
  3. Assessment Risks are evaluated by likelihood and impact. Not everything is critical – I help you set the right priorities.
  4. Recommendations Concrete, actionable measures. No 200-page reports that nobody reads, but clear action items.
  5. Support On request, I also support implementation – or communication with auditors and stakeholders.

Other Services

IT Restoration

Old systems are often security risks. Modernization and security go hand in hand.

Learn more →

Interim IT Management

Security needs leadership. As interim IT manager, I bring security expertise as well.

Learn more →

Sounds interesting?

Let's talk about your situation – no strings attached. I'll get back to you within 24 hours.

Contact me All Services