here you find a description
about my services
contact me - even for unusual, ethical security projects.
my security services
with all the technology - the cause of security problems are complexity, defective processes and lacking security awareness - this is why it is important for me to look further than the technology to get to the root of the issues.
I am contracted because of:
- my technical competence I obtained by over 20 years of dedicated work and research in it-security
- professional execution of projects, which does not insignificantly come from my years at kpmg as head of audit in it-security projects
- high thrustworthiness and confidentiality - I only talk about my customers/projects if authorized; all customer data is encrypted.
through my work you obtain clarity on the vulnerabilities in your critical infrastructure
i cover a large area with competence and experience
security analysis by penetration tests and configuration review of:
- complex DMZ infrastructure
- heterogeneous global networks w/ routing
- automotive it-security and pentests
- swift financial transaction data flows
- ipv6 based networks
- web applications and web services of any kind
- operating systems (all unix'es and windows)
- databases (oracle, mysql and ms-sql only)
- wireless lans / wardriving
- phone systems / pabx / wardialing
source code audits for C/C++, Java, PHP, Perl, Delphi/Pascal, Shell and more languages.
reverse engineering / binary disassembling of programs for security issues or backdoors.
forensic analysis after intrusions.
any uncommon hardware or software - I dig myself into topics. the larger the challenge, the more interesting for me (e.g. medical devices, cashpoint systems, etc.).
conception & design
technical security design and supported implementation of:
- complex dmz infrastructure (reference)
- ipv6 based infrastructure
- hardening guidelines for unix/windows and router/switches
organisational design and supported implementation:
- it-security strategy for companies
- developing security standards and procedures based on iso 27001++
- risk management based on iso 27003 / iso 13335 / CRAMM
I perform in-house trainings for all mentioned service areas in audit and design up to expert level.
Additionally I can incorporate threat modelling and attack trees in projects.
you can always expect practical and down-to-earth recommendations from me, because I look behind technology and consider the organisation and existing processes. Additionally, I am not secretive of my audit actions, therefore knowledge transfer and increased security awareness happens when I guide through my audits and the results. On project closure you will always receive a detailed report in either english or german.
I work internationally and have successfully performed many projects in north america, asia and of course europe.
Read my CV for more details on my person.