Für wen eignet sich eine IT-Sicherheitsberatung?

IT-Sicherheitsberatung eignet sich für Unternehmen jeder Größe — vom Startup bis zum Konzern. Besonders profitieren Organisationen, die sensible Daten verarbeiten oder ihre Sicherheitsstrategie auf ein wissenschaftlich fundiertes Fundament stellen möchten. Da Datenschutz und IT-Sicherheit eng miteinander verwoben sind, werden regulatorische Anforderungen wie NIS2 und DSGVO dabei selbstverständlich berücksichtigt.

Wie läuft eine Erstberatung ab?

Die Erstberatung ist kostenlos. Wir besprechen gemeinsam Ihre aktuelle Sicherheitslage und Ihren Bedarf. Darauf aufbauend erstelle ich Ihnen ein individuelles Angebot — die anschließende Beratung, Risikoanalysen, Sicherheitskonzepte und konkrete Handlungsempfehlungen sind kostenpflichtig.

Unterstützen Sie bei NIS2-Compliance?

Ja, NIS2-Compliance ist ein Schwerpunkt meiner Beratung. Ich unterstütze bei der Einordnung, ob Ihr Unternehmen unter die NIS2-Richtlinie fällt, bei der Gap-Analyse bestehender Maßnahmen und bei der Erstellung eines Maßnahmenplans. Die Beratung berücksichtigt sowohl die technischen Anforderungen als auch die organisatorischen Pflichten nach dem NIS2-Umsetzungsgesetz.

Welche Themen decken Ihre Vorträge ab?

Die Vorträge behandeln aktuelle Themen der IT-Sicherheit — von Usable Security und Kryptographie über Secret Management bis hin zu Sicherheitspraktiken in der Softwareentwicklung. Jeder Vortrag basiert auf peer-reviewter Forschung und wird auf Ihr Publikum zugeschnitten.

Was kostet eine IT-Sicherheitsberatung?

Die Kosten richten sich nach Umfang und Komplexität des Projekts. Nach einem kostenlosen Erstgespräch erstelle ich Ihnen ein individuelles Angebot. Kontaktieren Sie mich für eine unverbindliche Anfrage.

Bieten Sie auch Remote-Beratung an?

Ja, Beratung ist deutschlandweit sowohl vor Ort als auch remote verfügbar. Workshops und Trainings können hybrid durchgeführt werden — je nach Bedarf Ihres Teams. Kunden in Hannover, Braunschweig, Bremen und Hamburg berate ich auch gerne persönlich.

Was unterscheidet Ihre Beratung von anderen Anbietern?

Mein Ansatz verbindet aktuelle peer-reviewte Forschung mit praxisnaher Beratung. Als aktiver Forscher am CISPA Helmholtz-Zentrum bringe ich Erkenntnisse aus Studien zu realen Sicherheitsproblemen direkt in die Beratung ein — evidenzbasierte Empfehlungen statt generischer Checklisten.

Dr. Alexander Krause — IT Security Consultant Hannover

Services

IT security grounded in current research

IT Security Consulting

IT security consulting for organizations of all sizes: NIS2 compliance, GDPR requirements, establishing an ISMS based on ISO 27001. My approach draws on current research and addresses the human factor alongside the technical side.

Strategic security consulting
NIS2 & GDPR compliance
Risk assessment & action planning

Security Concepts

I create IT security concepts: status quo analysis, threat modeling, actionable recommendations. Aligned with BSI IT-Grundschutz and ISO 27001, informed by research on developer workflows, authentication, and secret management.

Status quo analysis
BSI IT-Grundschutz & ISO 27001
Threat modeling

Talks & Keynotes

Talks on IT security topics including usable security, AI in cybersecurity, and secure software development. Each talk draws on peer-reviewed research and is adapted to your audience.

Conference talks & keynotes
Research-backed content
Individually tailored

Trainings & Workshops

IT security trainings and workshops: security awareness for the whole team or technical deep dives for developers. I adapt format and content to your team's existing knowledge.

Security awareness training
Technical deep dives
Custom content

About Me

I am an independent IT security consultant, supporting organizations with consulting, security concepts, talks, and trainings. Alongside my consulting work, I conduct research at CISPA — Helmholtz Center for Information Security and Leibniz University Hannover as part of the TeamUSEC research group, focusing on usable security and privacy. I completed my MSc in Computer Science in 2021 with distinction (1.0) and my doctoral degree in computer science with very good (1.0).

5+

Years Security Research

10+

Publications

A*

Top Conferences

2025

Dr. rer. nat. in Computer Science

CISPA, Leibniz University Hannover

2021

MSc in Computer Science

Leibniz University Hannover

2019

BSc in Computer Engineering

Leibniz University Hannover

Experience

January 2026 – PresentHannover, Germany

Independent IT Security Consultant

Self-Employed

IT security consulting for organizations
Creation of IT security concepts
Expert talks and keynotes on IT security
Trainings and workshops

June 2021 – PresentHannover, Germany

Researcher in Usable Security and Privacy

CISPA — Helmholtz Center for Information Security

Leading research projects in Usable Security and Privacy
Contributing to the EU project DAISEC2.0
Supervising Bachelor and Master theses
Teaching courses in Usable Security and Privacy
Publishing scientific papers at top conferences (USENIX Security, CCS)
Administration of IT infrastructure

January 2020 – May 2021Hannover, Germany

Scientific Software Developer

Leibniz University Hannover

Development of a remote study infrastructure for a research project

Publications

Selected scientific publications

Featured Publication

"That's my perspective from 30 years of doing this": An Interview Study on Practices, Experiences, and Challenges of Updating Cryptographic Code

Alexander Krause, Harjot Kaur, Jan H. Klemmer, Oliver Wiese, Sascha Fahl

USENIX Security 2025 (A* conference) · 2025

Keeping cryptographic code up to date and free of vulnerabilities is critical for overall software security. We conducted an interview study with 21 experienced software developers to understand their experiences, approaches, challenges, and needs regarding cryptographic updates.

Slides Video USENIX Summary

Der regulatorische Rahmen für Code Secret Leakage

Niklas Krause, Alexander Krause

Datenschutz und Datensicherheit - DuD · 2026

DOI Summary

Human Factors on Secret Security: Case Studies on Code Secret Leakage, Cryptographic Updates, and Password Update Procedures

Alexander Krause

Doctoral Thesis · 2025

DOI Summary

Skipping the Security Side Quests: A Qualitative Study on Security Practices and Challenges in Game Development

Philip Klostermeyer, Sabrina Klivan, Sandra Höltervennhoff, Alexander Krause, Niklas Busch, Sascha Fahl

CCS 2024 (A* conference) · 2024

DOI Summary

"We've Disabled MFA for You": An Evaluation of the Security and Usability of Multi-Factor Authentication Recovery Deployments

Sabrina Klivan, Sandra Höltervennhoff, Nicolas Huaman, Alexander Krause, Lucy Simko, Yasemin Acar, Sascha Fahl

CCS 2023 (A* conference) · 2023

DOI Summary

Pushed by Accident: A Mixed-Methods Study on Strategies of Handling Secret Information in Source Code Repositories

Alexander Krause, Jan H. Klemmer, Nicolas Huaman, Dominik Wermke, Yasemin Acar, Sascha Fahl

USENIX Security 2023 (A* conference) · 2023

Slides Video USENIX Summary

Talks

Invited talks on IT security and research

IT Infrastructure Threat Landscape and Available Support Services

FIS Erfa (Fachinformationstagung Erfahrungsaustausch) — Zentralverband des Deutschen Handwerks (ZDH) · Leibniz Haus, Hannover · 2026-05-18

Talk at the FIS Erfa (knowledge exchange information event) of the German Confederation of Skilled Crafts (ZDH). Topics: current threat landscape for IT infrastructure in skilled trades and concrete support services available for businesses.

AI and Cybersecurity: New Threats and Attacks

KI mAI — Transferstelle Cybersicherheit im Mittelstand · Online · 2026-05-05

What should you keep in mind when it comes to AI and cybersecurity? Opening session of the KI mAI event series with an overview of new attack vectors and risks posed by AI-powered threats.

KI mAI

AI Between Attack and Risk: How Companies Can Protect Themselves Against the New Threat Landscape

FranKI — Mittelstand-Digital Zentrum Franken · Online · 2026-05-12

Talk on AI-powered cyberattacks, risks of using LLMs in enterprises, and strategies for protecting AI systems and IT infrastructure.

FranKI

AI & Cybersecurity: Attack Vectors Against LLMs and Chatbots

IT-Security Awareness Days (IT-SAD) Sommersemester 2026 — TU Braunschweig · Online (WebEx) · 2026-05-06

Overview of attack vectors against LLMs and chatbots, including prompt injection, jailbreaks, and exfiltration of system prompts. The talk addresses what to consider when deploying language models in production.

IT-Security Awareness Days (IT-SAD) Sommersemester 2026

AI & Cybersecurity – Opportunities and Risks

Webinar — Handelskammer Hamburg · Online · 2026-04-16

How AI makes cyberattacks faster, cheaper, and more professional – even without deep technical knowledge. Plus: risks of internal AI deployment including data breaches, uncontrolled outputs, and manipulated training data.

Webinar

Artificial Intelligence in IT Security: Opportunities and Risks for Businesses

KIWI – KI-Netzwerk der Wirtschaftsregion Hannover — Wirtschaftsförderung Region Hannover · Hannover · 2026-04-14

Using LLMs securely – attack vectors, risks, and best practices for businesses. Talk on prompt injection, jailbreaking, and secure LLM deployment in enterprise contexts.

KIWI – KI-Netzwerk der Wirtschaftsregion Hannover

AI in Skilled Trades: Opportunities and Challenges

CYBERsicher – Transferstelle Cybersicherheit — Handwerkskammer Magdeburg · Online · 2026-03-12

Talk on opportunities and risks of using AI in skilled trades, with practical examples and cybersecurity guidance.

CYBERsicher – Transferstelle Cybersicherheit

Post-Quantum Cryptography

IT-Sicherheit neu gedacht — hannoverimpuls · Hannover · 2025-11-04

Overview of how quantum computers threaten classical cryptographic schemes and the steps companies should plan for when migrating to quantum-resistant algorithms.

IT-Sicherheit neu gedacht

Gallery

Impressions from research, talks and projects

FAQ

Answers to common questions about IT security consulting

Who benefits from IT security consulting?

The consulting is for organizations of all sizes. Those that process sensitive data or want to ground their security strategy in research benefit the most. Since data protection and IT security go hand in hand, regulatory requirements like NIS2 and GDPR are always part of the engagement.

What does an initial consultation look like?

The initial consultation is free. We discuss your current security posture and needs together. Based on this, I provide a customized quote — the subsequent consulting, risk analyses, security concepts, and concrete recommendations are paid services.

Do you support NIS2 compliance?

Yes, NIS2 compliance is a focus of my consulting. I help determine whether your organization falls under the NIS2 directive, conduct gap analyses of existing measures, and develop action plans. The consulting covers the technical requirements and organizational obligations under the NIS2 implementation law.

What topics do your talks cover?

Topics range from usable security to AI in cybersecurity to secure software development. I adapt each talk to the audience and draw on current, peer-reviewed studies. Get in touch if you have a specific topic in mind.

How much does IT security consulting cost?

Costs depend on the scope and complexity of the project. After a free initial consultation, I provide a customized quote. Contact me for a non-binding inquiry.

Do you also offer remote consulting?

Yes, consulting is available both on-site and remotely across Germany. Workshops and trainings can be conducted in a hybrid format — depending on your team's needs. Clients in Hannover, Braunschweig, Bremen, and Hamburg can also be served in person.

What sets your consulting apart from other providers?

I do research on real-world security problems at CISPA Helmholtz Center for Information Security and bring those findings directly into consulting. Recommendations are based on peer-reviewed studies, not generic checklists.

Contact

Let's discuss your project

Email

contact@akrause.de

Location

Hannover, Lower Saxony, Germany

Discuss a project?

I look forward to your inquiry. Send me an email and we will find a time to meet. I typically respond within 24 hours.

Send Email

Referenzen

Erfolgreiche Zusammenarbeit mit ausgewählten Kunden und Partnern.

IT Security. Strategically Designed. Scientifically Grounded.

Services

IT Security Consulting

Security Concepts

Talks & Keynotes

Trainings & Workshops

About Me

Experience

Publications

"That's my perspective from 30 years of doing this": An Interview Study on Practices, Experiences, and Challenges of Updating Cryptographic Code

Der regulatorische Rahmen für Code Secret Leakage

Human Factors on Secret Security: Case Studies on Code Secret Leakage, Cryptographic Updates, and Password Update Procedures

Skipping the Security Side Quests: A Qualitative Study on Security Practices and Challenges in Game Development

"We've Disabled MFA for You": An Evaluation of the Security and Usability of Multi-Factor Authentication Recovery Deployments

Pushed by Accident: A Mixed-Methods Study on Strategies of Handling Secret Information in Source Code Repositories

Talks

IT Infrastructure Threat Landscape and Available Support Services

AI and Cybersecurity: New Threats and Attacks

AI Between Attack and Risk: How Companies Can Protect Themselves Against the New Threat Landscape

AI & Cybersecurity: Attack Vectors Against LLMs and Chatbots

AI & Cybersecurity – Opportunities and Risks

Artificial Intelligence in IT Security: Opportunities and Risks for Businesses

AI in Skilled Trades: Opportunities and Challenges

Post-Quantum Cryptography

Gallery

FAQ

Contact

Discuss a project?

Referenzen

IT Security.

Strategically Designed.

Scientifically Grounded.