// my security services
with all technology - the cause of security problems are defective processes and lacking security awareness - this is why it is important for me to look further than the technology to get to the core.
companies hire me for:
* my technical competence I obtained by 15 years of dedicated work and research in it-security
* professional execution of projects, which does not insignificantly comes from my years at KPMG as head of audit in it-security projects
* high thrustworthyness and confidentiality - I only talk about my customers/projects if authorized; all customer data is encrypted.
Through my work you obtain clarity on the vulnerabilities in your critical infrastructures
I cover the following areas with competence and experience:
Security analysis by penetration tests and configuration review of:
* complex DMZ infrastructures
* heterogeneous global networks w/ routing
* ipv6 based networks
* web applications and web services of every kind
* operating systems (all unix'es and windows)
* databases (oracle, mysql and ms-sql only)
* Wireless LANs / Wardriving
* phone systems / PABX / Wardialing
source code audits for C/C++, Java, PHP, Perl, Delphi/Pascal, Shell and more languages.
Reverse Engineering / Binary Disassembling of programs for security issus or backdoors.
Forensic analysis after intrusions
any uncommon hardware or software - I dig myself into topics. the larger the challenge, the more intesting for me (e.g. medical devices, cashpoint systems, etc.)
technical design and supported implementation of:
* complex dmz infrastructures (reference)
* ipv6 based infrastructures
* hardening guidelines for unix/windows and router/switches
organisatorical design and supported implementation:
* it-security strategy for companies
* creation of security standards and procedures based on iso 27001++
* risik management based on iso 27003 / iso 13335 / CRAMM
I perform in-house trainings for all mentioned service areas in audit and design up to expert level.
Additionally I can incorporate threat modelling and attack trees in projects.
you can always expect practical and down-to-earth recommendations from me, because I look behind technology and consider the organisation and existing processes.
Additionally, I am not secretive on my audit actions, therefore knowledge transfer and increased security awareness happens when I guide through my audits and the results.
On project closure you will always receive a detailed report in either english or german.
I work internationally and have successfully performed many projects in north america, asia and of course europe.
Read my CV for more details on my person.