Breaking in before others do

Penetration Test

Pentesting web applications, backends, APIs, mobile apps and more in order to find vulnerabilities before others do.

more details

Avoiding cloudbursts

Cloud Security Check

Checking the security and hardening of your cloud environments against security best-practices.

more details

Sharpening skills

Custom Training

All trainings can be executed inhouse at your office, external at one of my training sites, or fully online for home-office workers.

more details

Securing container platforms

K8s Platform Review

Reviewing the security and hardening of your container orchestration platform setups (K8s and others).

more details

Mitigating risks the agile way

Agile Threat Modeling

Using agile threat modeling techniques modern architectures are constantly evaluated against risk rules that define mitigation steps.

more details

Automating security checks

DevSecOps

Let security keep up with the DevOps pace by automating static and dynamic security checks along with a false positive handling process.

more details

Securing the big picture

Secure SDLC Process Review

Security review of your Software Development Lifecycle Process (SDLC) as part of a Defense-in-Depth approach.

more details

Hardening from within

Whitebox Analysis

Analyzing software and system architectures in order to find weaknesses and define hardening steps.

more details

0+

Pentests & Reviews

0+

Trainings

0+

Conference Talks

0+

Happy Customers

Upcoming Conference Talks & Trainings

Setting The Stage

As a speaker with international conference experience (Black Hat Arsenal USA, DEF CON AppSec Village USA, RSA Conference USA, Oracle JavaOne, Black Hat Arsenal Europe, Black Hat Arsenal Asia, DeepSec, BruCON, OWASP AppSecEU, OWASP AppSec Days, DevOpsCon Berlin/Munich/London/Singapore, JAX, Heise DevSec, Heise Sec-IT, Heise Herbstcampus, RuhrSec, JCon, JavaLand, Internet Security Days, IT-Tage Frankfurt, OOP, and others) I’m definitely enjoying to speak, present keynotes, and train about IT-Security topics.

My upcoming events

Some of my previous talks

Security Expert

Individual Services

Application Pentest

Application Pentest

Manual penetration testing of web applications, APIs, and mobile apps — including business logic flaws and chained attack paths.

Cloud Security Check

Cloud Security Check

Cloud security audit combining CIS benchmarks with pentesting experience to find exploitable misconfigurations in your AWS, Azure, or GCP setup.

Container Platform Review

Container Platform Review

Security review of Kubernetes and OpenShift platforms covering RBAC, pod security, container images, and CIS benchmark compliance.

Individual Education

Hands-on Training and Coaching

Your Trainer
Agile Threat Modeling
Workshop

Agile Threat Modeling

Web Security Bootcamp
Course

Web Security Bootcamp

Agentic AI Security
Coaching

Agentic AI Security

Security Sparring Partner
Support

Security Sparring Partner

Custom security training tailored to your real-world challenges

let's talk

Latest Articles

Security Blog