svc-01
External cybersecurity manager
I take over security leadership — governance, reporting, priorities, escalation. CISO-level accountability, no CISO budget required.
01 / services
What I do
Three things that most companies actually need when they get serious about security.
svc-02
Compliance and audit readiness
I prepare you for what's coming — NIS2, ISO 27001, customer audits — with a concrete plan, not a document dump.
svc-03
Incident and resilience readiness
I make sure you know what to do before something happens. Most companies find out they aren't ready during an incident.
02 / positioning
Who I work with
Most of my clients come from one of four situations. See which one sounds like yours.
op-01
No one owns security
You have IT, you have risk, but no one is actually responsible for cybersecurity. I step in as that person — without adding a full-time headcount.
op-02
IT meets OT and nobody knows the boundary
Your factory or plant connects to your corporate network. That boundary is where most industrial incidents start. I know how to close it.
op-03
The board is asking questions
Owners, investors, or the supervisory board want to understand cyber risk. I translate it into language and priorities they can work with.
op-04
Your customers are asking for evidence
Questionnaires, audits, supplier requirements. I help you answer them properly — and build the substance behind the answers.
03 / differentiator
Why IT/OT matters
Many companies have an OT side even if they do not call it OT: production lines, site control systems, industrial connectivity, cameras, access control, BMS, energy systems, or remote maintenance. This is where IT/OT, ISP thinking, network operations, and critical infrastructure reality meet.
it-01
Not just classic IT
it-02
How I position this
NIS2
ISO 27001
Risk Governance
Industrial Security
You name it
04 / offers
How to work with me
Four ways to engage, depending on what you need right now.
pkg-01
Security Sprint
A focused 2–4 week review. You get a clear picture of where you stand, what your biggest risks are, and what to fix first.
pkg-02
Ongoing leadership retainer
I run your security function on a monthly basis — reporting, governance, stakeholder coordination, and advisory.
pkg-03
Transformation program
6–12 months of structured work to build a real security function. Governance, controls, resilience, and compliance — done properly.
pkg-04
Executive workshops
Half-day or full-day sessions for your leadership team on cyber risk, crisis decisions, and what security ownership actually means.
05 / contact
Get in touch if this is relevant
If any of this sounded familiar, send a few lines about where things got stuck. We will quickly see whether I can help.
disclaimer
Security operations are rarely a one-man show. When the scope needs it, I work in a small 2-3 person setup with trusted specialists, so delivery does not depend on one person improvising alone. Any specialist involvement is handled under appropriate NDAs, verified certifications, and client-side approvals.