// about me // my services     

// deutsche version








// news

15 October 2015 // news
Presentaions, keynotes & trainings in Singapore, Spain, Netherlands, Austria, ... and I'm booked out until beginning of next year :)



contact //
// my security services

// here you find a description of my it-security services


// references

impressum //

// partner











// media links // downloads



// my security services

with all technology - the cause of security problems are defective processes and lacking security awareness - this is why it is important for me to look further than the technology to get to the core.

companies hire me for:
* my technical competence I obtained by 15 years of dedicated work and research in it-security
* professional execution of projects, which does not insignificantly comes from my years at KPMG as head of audit in it-security projects
* high thrustworthyness and confidentiality - I only talk about my customers/projects if authorized; all customer data is encrypted.

Through my work you obtain clarity on the vulnerabilities in your critical infrastructures
I cover the following areas with competence and experience:

Audit

Design

Security analysis by penetration tests and configuration review of:
* complex DMZ infrastructures
* heterogeneous global networks w/ routing
* ipv6 based networks
* web applications and web services of every kind
* operating systems (all unix'es and windows)
* databases (oracle, mysql and ms-sql only)
* Wireless LANs / Wardriving
* phone systems / PABX / Wardialing

source code audits for C/C++, Java, PHP, Perl, Delphi/Pascal, Shell and more languages.

Reverse Engineering / Binary Disassembling of programs for security issus or backdoors.

Forensic analysis after intrusions

any uncommon hardware or software - I dig myself into topics. the larger the challenge, the more intesting for me (e.g. medical devices, cashpoint systems, etc.)

technical design and supported implementation of:
* complex dmz infrastructures (reference)
* ipv6 based infrastructures
* hardening guidelines for unix/windows and router/switches

organisatorical design and supported implementation:
* it-security strategy for companies
* creation of security standards and procedures based on iso 27001++
* risik management based on iso 27003 / iso 13335 / CRAMM

I perform in-house trainings for all mentioned service areas in audit and design up to expert level.

Additionally I can incorporate threat modelling and attack trees in projects.

you can always expect practical and down-to-earth recommendations from me, because I look behind technology and consider the organisation and existing processes. Additionally, I am not secretive on my audit actions, therefore knowledge transfer and increased security awareness happens when I guide through my audits and the results. On project closure you will always receive a detailed report in either english or german.

I work internationally and have successfully performed many projects in north america, asia and of course europe.
Read my CV for more details on my person.