Over 10 years in security and more than 100 audits for TÜV Süd. I bring Austria's mid-sized companies to a security level that is verifiable — and that holds when it really counts.
Security is half technology — and half a question of organisation: whether management and IT speak the same language. With leadership experience from management and the depth of more than 100 audits, I build exactly that bridge. Pragmatic, working with you as equals.
Most mid-market engagements begin with one of these starting points — if one sounds familiar, an initial consultation is the right next step.
A major client suddenly demands an ISO 27001 certificate — and you have months, not years.
ISO 27001 & Audits →A letter on NIS2 / NIS Act applicability is on the table — and no one knows what to do next.
NIS Act 2026 check →Management asks: are we actually protected? — and needs a solid answer.
CISO Advisor →Your team has no dedicated security function — you need an experienced counterpart on demand.
CISO Advisor →One field — information security — in three forms of collaboration: from certification through leadership on demand to regulation. My home for over ten years.
Building an ISMS and preparing for certification audits — as separate packages or one continuous project. TISAX included.
NIS Act 2026, risk management and reporting processes — toward demonstrable fulfilment of your regulatory duties.
A sparring partner for your management and IT leadership — reviews, roadmap, a counterpart who thinks with you. Responsibility stays with you.
With Austria's implementation of the EU NIS2 directive, information security becomes a legal obligation for many mid-sized companies — with personal responsibility for management. Find out in two minutes where you stand.
From the first conversation to ongoing support — a clear, predictable path with no surprises.
We clarify your starting point, your goal and whether it's a fit — personally and professionally.
Free & without obligationGap analysis and roadmap. You get a clear picture of where you stand and a fixed-price proposal by scope.
ISMS, policies and registers take shape — in focused workshops, translated between management and IT.
Preparation for certification and NIS audits and, on request, long-term ongoing support.
A selection from more than 100 audits and projects.
For nine months, two days a week, Stefan accompanied us as our external security lead. In that time, more moved on the security side at our company than in all the years before. Structures, responsibilities, a real roadmap — and at the end, a clean handover to the internal team. Exactly what we needed.
We faced the challenge of introducing an ISMS quickly and without much bureaucracy. With a range of templates, Stefan helped us build a simple and effective ISMS very efficiently. Today we have a lean, livable security structure.
We do the audits with Stefan because the result lands with us internally. The findings are easy to follow, the recommendations actionable. That moves us forward — and not every auditor manages that.
ISO 27001 was meant to bring us real security value, not to spiral into unnecessary bureaucracy. Together with Stefan, we found exactly that balance.
Compliance that only exists on paper won't survive a real incident. I combine proven expertise with what really decides whether measures are truly lived.
Standardised audits are delivered by any tool today. What a security context needs is a person who stands behind the result. Four qualities I bring:
Not "what the standard says", but "what matters in your specific situation".
A counterpart who carries the process and stands behind it — no deliver-and-leave.
Professionally honest, even when it's uncomfortable. No scaremongering, no overselling.
On equal footing, pragmatic rather than formalistic. You book the person you believe in.
Without obligation, we clarify where your organisation stands and which path makes sense for you.
Request a consultation →