Information Security

Information Security and Data Privacy are among our core values: both are a process, not a state. As a logical implication, we achieve our mission by enabling you to make sound decisions yourself, understand their risks and focus your resources on where they make the most security impact.

Uniting a diverse community of expert individuals is a unique strength of our community.

Our specific combination of skill sets and fields of expertise enables us to support you with what we love to do:

Security Consulting

We enable our partners to live and practice solid process-oriented Information Security throughout all levels of their organisation.

We tackle tricky individual challenges with them, or actively support them as long-term partners with the implementation of processes and frameworks, a milestone of which can be one of the relevant Information Security certifications.

We love to play on our unique strength to bring together a diverse team of highly-skilled specialists to ensure deep contribution in all relevant fields.

Management frameworks and certifications in which we have particularly solid implementation experience include ISO 27000+, BSI IT-Grundschutz, C5, TISAX and PCI DSS.

Penetration Testing

Our many years of experience in comprehensive penetration tests of a broad range of customer systems and applications have led to a solid testing methodology and utilization-oriented customer reporting.

Our security engineers simulate the actions of a potential attacker, placing special focus on identifying vulnerabilities that cannot be found automatically by scanning tools.

Our conclusive reporting based on industry best practice evaluate the target’s information security level and make concrete recommendations for its improvement, ensuring the highest level of operative value for our customers.

Lastly, our experience in the field translates into our regular activities in security research and contributions to the development of penetration testing standards inside the expert community.

Security Auditing

The wide field of independent security audits is where we combine all our strengths and skills from our long and diverse work experience in the security sector.

We both love to support IT teams with code security and infrastructure audits of customer applications where we help them introduce and harden a sustainable security routine into their products, as well as conducting compliance audits in the scope of security certifications and due diligence procedures in M&A scenarios where we perform a stock analysis and evaluation of the actual performance and effectiveness of Information Security operations of an organization.

Data Protection

If we’re being honest, the GDPR isn’t new anymore and it is here to stay. Yet, it is still felt by many as complex and unwieldy.

We think that data privacy is, above all else, important.

We officially serve as external Data Protection Officer for a diverse group of customers, where we translate relevant regulations to their individual business operations, enable them to make decisions in the field and sensibly utilize available budget.

We accompany our customers throughout the process, whether it comes to setting up an initial structure for a data privacy management system or working on either specific industrial standards or certification requirements.

Our individual strength lies in the interface between Data Privacy and Information Security and by this in our ability to effectively work with our customers on all legal, operational and technical levels.

Additional fields of expertise

We also regularly work with our customers in the following fields: