Consulting services

Cybersecurity Strategy & Governance

High-level direction, frameworks, and organizational processes that define how security is managed across the company.

Key services

• Cybersecurity lifecycle, policies, and process development

• Gap analysis and compliance evaluations

• Alignment with ISA/IEC 62443, NIST, and EU CRA

• Processes and workflows for threat modelling and risk assessments

• Vulnerability management and CVE analysis

• Governance, Risk & Compliance (GRC)

Architecture & System Security

Design guidance and review support for secure architectures, focusing on system interactions, interfaces, and operational environments.

Key services

• Threat modeling (data flows, trust boundaries, attack paths)

• Security architecture design

• Translation of ISA/IEC 62443 requirements (-2-4, -3-3, -4-1, -4-2) into architecture and system controls

• System hardening guidelines and trust model definition

• Network and infrastructure security concepts

• OT and ICS security for industrial control systems

Product & Development Security

Practical support that enables engineering teams to apply security in their day-to-day work and throughout the product lifecycle.

Key services

• Risk assessment based on threat model

• Activities according to your Secure Software Development Lifecycle (SDLC)

• Application security guidance and secure coding practices

• Secure supply chain management (SBOM, component governance, 3rd party components)

• Correct application of cryptographic mechanisms

• Practical coaching for implementing and verifying security requirements

Why Work With Me

Bridge Builder

I unite over a decade of software development and architecture with advanced cybersecurity expertise. This dual perspective ensures security is integrated efficiently into your existing design and lifecycle processes — bridging the gap that often lies between development teams and security experts to create solutions that fit seamlessly into real-world product development.

Hands-On Partner

I focus on pragmatic, results-driven cybersecurity. Rather than delivering abstract reports or idealistic recommendations, I work closely with your teams to create solutions that are feasible, efficient, and directly applicable to your business context — ensuring results that work in production, not just on paper.

Clear Translator

Cybersecurity standards and regulations like ISA/IEC 62443 or the EU Cyber Resilience Act can be complex. I translate these frameworks into clear, actionable guidance aligned with your architecture, workflows, and product goals — empowering your development teams to implement security with confidence.

Strong Cybersecurity Focus

My clients count on expertise that is both proven and up to date. With certifications across industrial cybersecurity, architecture, governance, and offensive security, I bring a well-rounded foundation to help you meet compliance goals, manage risks, and strengthen resilience where it matters most.

Industrial Security

• ISA/IEC 62443 Cybersecurity Expert
  

Architecture

• Information Systems Security Architecture Professional (ISSAP)
  

Governance & Risk Management

• Certified Information Systems Security Professional (CISSP)

• Certified Information Systems Auditor (CISA)

• Certified Information Security Manager (CISM)

• Certified in Risk and Information Systems Control (CRISC)

Offensive Security

• Offensive Security Certified Professional (OSCP)