here you find a description
about my services

contact me - even for unusual, ethical security projects.

my security services

with all the technology - the cause of security problems are complexity, defective processes and lacking security awareness - this is why it is important for me to look further than the technology to get to the root of the issues.

I am contracted because of:

  • my technical competence I obtained by over 20 years of dedicated work and research in it-security
  • professional execution of projects, which does not insignificantly come from my years at kpmg as head of audit in it-security projects
  • high thrustworthiness and confidentiality - I only talk about my customers/projects if authorized; all customer data is encrypted.

through my work you obtain clarity on the vulnerabilities in your critical infrastructure
i cover a large area with competence and experience

security assessments

security analysis by penetration tests and configuration review of:

  • complex DMZ infrastructure
  • heterogeneous global networks w/ routing
  • automotive it-security and pentests
  • swift financial transaction data flows
  • ipv6 based networks
  • web applications and web services of any kind
  • operating systems (all unix'es and windows)
  • databases (oracle, mysql and ms-sql only)
  • wireless lans / wardriving
  • phone systems / pabx / wardialing

source code audits for C/C++, Java, PHP, Perl, Delphi/Pascal, Shell and more languages.

reverse engineering / binary disassembling of programs for security issues or backdoors.

forensic analysis after intrusions.

any uncommon hardware or software - I dig myself into topics. the larger the challenge, the more interesting for me (e.g. medical devices, cashpoint systems, etc.).

conception & design

technical security design and supported implementation of:

  • complex dmz infrastructure (reference)
  • ipv6 based infrastructure
  • hardening guidelines for unix/windows and router/switches

organisational design and supported implementation:

  • it-security strategy for companies
  • developing security standards and procedures based on iso 27001++
  • risk management based on iso 27003 / iso 13335 / CRAMM

I perform in-house trainings for all mentioned service areas in audit and design up to expert level.

Additionally I can incorporate threat modelling and attack trees in projects.

you can always expect practical and down-to-earth recommendations from me, because I look behind technology and consider the organisation and existing processes. Additionally, I am not secretive of my audit actions, therefore knowledge transfer and increased security awareness happens when I guide through my audits and the results. On project closure you will always receive a detailed report in either english or german.

I work internationally and have successfully performed many projects in north america, asia and of course europe.
Read my CV for more details on my person.