Zurück zur Startseite

IT Security Consulting

IT Security Consulting

As an independent IT security consultant, I support organizations of all sizes with planning and implementing IT security measures. My approach is grounded in current peer-reviewed research at CISPA Helmholtz Center for Information Security.

Services Overview

  • Strategic Security Consulting: Analysis of your security posture, identification of risks, and development of a security strategy. I consider technical, organizational, and human factors, because security incidents often arise from process gaps and lack of awareness, not technical weaknesses alone.
  • NIS2 Compliance: Assessment of whether your organization falls under the NIS2 directive, gap analysis of existing measures, and development of a concrete action plan. The NIS2 implementation law affects significantly more organizations than the previous NIS directive — many organizations are not yet aware of this.
  • GDPR Requirements: Technical and organizational measures to comply with the General Data Protection Regulation, including secure processing of personal data, access controls, encryption concepts, and documentation of processing activities.
  • Risk Assessment: Systematic identification and evaluation of IT security risks using established methodologies. Each risk is assessed by likelihood and potential impact, enabling informed prioritization.
  • Action Planning: Concrete, prioritized recommendations with implementation support. You receive a detailed action catalog with clear responsibilities, timelines, and estimated effort.

Typical Engagement Process

Each engagement is unique but follows a proven framework:

  1. Free Initial Consultation (30–60 min): We discuss your current situation, identify the most pressing needs, and clarify open questions. You then receive a tailored proposal.
  2. Status Quo Analysis: Systematic assessment of your IT infrastructure, existing security measures, and organizational processes — on-site or remote.
  3. Risk Assessment and Strategy Development: Based on the analysis, I identify and evaluate risks and develop a security strategy for your situation.
  4. Results Presentation: You receive a clear report with concrete recommendations, prioritized by urgency and effort.
  5. Implementation Support: On request, I support you during implementation of recommended measures and remain available for questions.

Why Evidence-Based Consulting?

Many security recommendations are based on outdated assumptions or generic best-practice lists that do not account for an organization's specific situation. As an active researcher at CISPA Helmholtz Center, I work on studies examining real-world security problems — such as how development teams handle confidential credentials in code repositories, or why cryptographic updates fail in practice. These insights flow directly into my consulting, ensuring that my recommendations are not only theoretically sound but also practically implementable in daily work.

Who Is It For?

My consulting is available for organizations in Hannover, Braunschweig, Bremen, Hamburg, and across Germany — on-site and remote. Particularly suited for:

  • Mid-sized companies that need to meet regulatory requirements such as NIS2 or GDPR and require external expertise to assess their security posture.
  • Technology companies and startups that want to integrate security into their products and processes from the beginning.
  • Organizations handling sensitive data, such as in healthcare, financial services, or public administration, that must meet elevated protection requirements.

Interested? Contact me for a free initial consultation.