svc-01
External cybersecurity manager
I take over security leadership — governance, reporting, priorities, escalation. CISO-level accountability, no CISO budget required.
01 / services
What I do
Three things that most companies actually need when they get serious about security.
svc-02
Compliance and audit readiness
I prepare you for what's coming — NIS2, ISO 27001, customer audits — with a concrete plan, not a document dump.
svc-03
Incident and resilience readiness
I make sure you know what to do before something happens. Most companies find out they aren't ready during an incident.
02 / outcomes
What changes after the first engagement
The goal is not more security theatre. It is a usable operating picture, a sane roadmap, and decisions your leadership can actually make.
Risk becomes visible
You know where the business is exposed, which risks matter first, and what can wait.
Ownership becomes clear
Roles, escalation paths, decision rights, and reporting rhythm are no longer improvised.
Compliance becomes practical
NIS2, ISO 27001, and customer requirements turn into a prioritized execution plan.
03 / positioning
Who I work with
Most of my clients come from one of four situations. See which one sounds like yours.
op-01
No one owns security
You have IT, you have risk, but no one is actually responsible for cybersecurity. I step in as that person — without adding a full-time headcount.
op-02
IT meets OT and nobody knows the boundary
Your factory or plant connects to your corporate network. That boundary is where most industrial incidents start. I know how to close it.
op-03
The board is asking questions
Owners, investors, or the supervisory board want to understand cyber risk. I translate it into language and priorities they can work with.
op-04
Your customers are asking for evidence
Questionnaires, audits, supplier requirements. I help you answer them properly — and build the substance behind the answers.
04 / differentiator
Why IT/OT matters
Many companies have an OT side even if they do not call it OT: production lines, site control systems, industrial connectivity, cameras, access control, BMS, energy systems, or remote maintenance. This is where IT/OT, ISP thinking, network operations, and critical infrastructure reality meet.
it-01
Not just classic IT
it-02
How I position this
NIS2
ISO 27001
Risk Governance
Industrial Security
You name it
05 / offers
How to work with me
Four ways to engage, depending on what you need right now.
pkg-01
Security Sprint
A focused 2–4 week review. You get a clear picture of where you stand, what your biggest risks are, and what to fix first.
pkg-02
Ongoing leadership retainer
I run your security function on a monthly basis — reporting, governance, stakeholder coordination, and advisory.
pkg-03
Transformation program
6–12 months of structured work to build a real security function. Governance, controls, resilience, and compliance — done properly.
pkg-04
Executive workshops
Half-day or full-day sessions for your leadership team on cyber risk, crisis decisions, and what security ownership actually means.
06 / contact
Get in touch if this is relevant
If any of this sounded familiar, send a few lines about where things got stuck. We will quickly see whether I can help.
disclaimer
Security operations are rarely a one-man show. When the scope needs it, I work in a small 2-3 person setup with trusted specialists, so delivery does not depend on one person improvising alone. Any specialist involvement is handled under appropriate NDAs, verified certifications, and client-side approvals.