I help make IT systems measurably safer step by step — with realistic actions, clean implementation, and clear documentation. No “hacking”, no exploit guides: focus on protection, hardening, monitoring, and processes that work in day-to-day operations.
What this is about
Many small environments are not insecure because people are careless — but because time is scarce, knowledge is missing, or processes were never built cleanly. That is exactly where I help: calm, structured, and traceable.
Protection
Reduce risk: shrink attack surface, use standards, avoid typical misconfigurations.
Implementation
Concrete actions over theory: hardening, firewall rules, email security, VPN concepts — aligned with reality.
Traceability
Documentation & testing: what changed, why, how it was verified — so it stays stable long-term.
VPN Book (technical)
A practical security book about VPN usage, risks, countermeasures, and clean configurations — written clearly, but technically deep.
If you already read the book: thank you. If not: you can find a short sample in the downloads section.
Services
I offer bundled security services combining consulting and hands-on implementation. Focus: feasible, affordable, traceable.
Security Check (baseline)
Quick review of the essentials (network, accounts, patching, backups, email, remote access) with a concrete action list.
System Hardening
Linux/Windows baseline hardening, secure configurations, patch strategy, secure remote access.
Monitoring & Logging
Practical SOC thinking for small teams: connect useful log sources and alerts without alert fatigue.
Email Security
Set up SPF/DKIM/DMARC properly, improve deliverability, reduce spoofing & phishing exposure.
VPN Security
Concepts, configuration, split-tunneling risks, keys/clients, secure operating models.
Documentation & Brief Training
Clear docs, short handovers, checklists — so improvements stick long-term.
Framework-based security review
If desired, I structure the current state and derive prioritized, actionable recommendations—no certification promise, but a clear, traceable method.
CIS Controls
Concrete, prioritized controls—ideal for SMBs because they are pragmatic and show impact quickly.
ISO/IEC 27001 (Orientierung)
Mapping to ISMS principles (risk, controls, evidence). Not an audit—but a structured way to derive what’s missing and what to prioritize.
BSI / NIST (bei Bedarf)
Classification along proven models (e.g., BSI IT-Grundschutz, NIST CSF). For regulated environments, additional frameworks can be added if needed.
How the work typically runs
1) First check
Understand what exists — and what actually matters.
2) Action plan
Concrete prioritized steps (fast impact / sustainable).
3) Implementation
Together or done by me — including tests, logs, documentation.
4) Stabilization
Review, tuning, and simple routines (patching, backups, monitoring).
Qualifications & proof
Short, transparent, no exaggeration. Details on request — including links and documents.
- Technical book: VPN security (practice, risks, countermeasures)
- CompTIA certifications & security training (defensive focus)
- Hands-on projects: segmentation, firewall/OPNsense, logging/monitoring, email security
- Responsible disclosure mindset: document cleanly, verify reproducibly, report responsibly
On request I can provide proof (e.g., certificates/publications) or show them in a call. Transparency matters to me.
Project examples (anonymized)
Short cases without secrets: baseline → actions → result. No sensitive client data.
Email security: domain protection
Baseline: Baseline: spoofing exposure & deliverability issues.
Actions: Actions: consistent SPF/DKIM/DMARC, DNS checks, clean policies.
Result: Result: improved deliverability, reduced spoofing exposure, clear audit stance.
Monitoring baseline for small setups
Baseline: Baseline: “We notice incidents too late.”
Actions: Actions: centralize log sources, meaningful alerts, simple runbooks.
Result: Result: faster response, less blind spots, traceable events.
Hardening: Linux server baseline
Baseline: Baseline: default install, unnecessary services, weak defaults.
Actions: Actions: minimal services, hardened SSH, patching, backups, logs.
Result: Result: smaller attack surface, stable maintenance, improved verifiability.
VPN operations: clean daily practice
Baseline: Baseline: VPN works, but keys/clients/rules are messy.
Actions: Actions: key hygiene, secure profiles, clear split rules, tests.
Result: Result: less misconfig risk, better overview, more stable operations.
Quick FAQ
Do you offer “pentests”?
I work defensively and pragmatically. If testing is useful, it is a clearly agreed verification with risk reduction and clean reporting — no “show”.
Do you work with private clients?
Yes — especially for VPN security, email security, and baseline protection. The goal is realistic: fewer effective measures over 100 tools.
How is billing done?
Hourly or as a package depending on scope. We agree upfront so you know what you get.
On-site work?
Depending on region and scope. Many things work remotely, but not everything has to be remote.
Next step
Not sure what is worth doing? Let’s take a quick look. You’ll get clarity and a prioritized action list.