Breaking in before others do

Penetration Test

Pentesting web applications, backends, APIs, mobile apps and more in order to find vulnerabilities before others do.

more details

Mitigating risks the agile way

Agile Threat Modeling

Using agile threat modeling techniques modern architectures are constantly evaluated against risk rules that define mitigation steps.

more details

Securing the AI systems that act on your behalf

Agentic AI Security

Threat modeling for agentic AI systems — attack paths across inputs, tools, memory, and inter-agent communication.

more details

Avoiding cloudbursts

Cloud Security Check

Checking the security and hardening of your cloud environments against security best-practices.

more details

Securing container platforms

K8s Platform Review

Reviewing the security and hardening of your container orchestration platform setups (K8s and others).

more details

Automating security checks

DevSecOps

Let security keep up with the DevOps pace by automating static and dynamic security checks along with a false positive handling process.

more details

Sharpening skills

Custom Training

All trainings can be executed inhouse at your office, external at one of my training sites, or fully online for home-office workers.

more details

0+

Pentests & Reviews

0+

Trainings

0+

Conference Talks

0+

Happy Customers

Upcoming Conference Talks & Trainings

Setting The Stage

As a speaker with international conference experience (Black Hat Arsenal USA, DEF CON AppSec Village USA, RSA Conference USA, Oracle JavaOne, Black Hat Arsenal Europe, Black Hat Arsenal Asia, DeepSec, BruCON, OWASP AppSecEU, OWASP AppSec Days, DevOpsCon Berlin/Munich/London/Singapore, JAX, Heise DevSec, Heise Sec-IT, Heise Herbstcampus, RuhrSec, JCon, JavaLand, Internet Security Days, IT-Tage Frankfurt, OOP, and others) I’m definitely enjoying to speak, present keynotes, and train about IT-Security topics.

My upcoming events

Some of my previous talks

Security Expert

Individual Services

Application Pentest

Application Pentest

Deep penetration testing of web applications, APIs, and mobile apps — including business logic flaws and chained attack paths.

Cloud Security Check

Cloud Security Check

Cloud security audit combining hardening with pentesting experience to improve the security posture in your AWS, Azure, or GCP setup.

Container Platform Review

Container Platform Review

Security review of Kubernetes and OpenShift platforms covering RBAC, pod security, container images, and benchmark compliance.

Individual Education

Hands-on Training and Coaching

Your Trainer
Agile Threat Modeling
Workshop

Agile Threat Modeling

Web Security Bootcamp
Course

Web Security Bootcamp

Agentic AI Security
Coaching

Agentic AI Security

Security Sparring Partner
Support

Security Sparring Partner

Custom security training tailored to your real-world challenges

let's talk

Latest Articles

Security Blog