About

Between management and IT — and at home in both worlds.

Stefan Georg Schneider — independent advisor for information security, based in Salzburg. Proven expertise, leadership experience and a pragmatic style — working with you as equals.

Stefan Georg Schneider, information-security advisor

For over ten years I have worked in security — as an auditor, advisor and CISO sparring partner. The foundation was laid in 2011 with certification as an IT-security auditor to ISO 27001. Since then I have carried out more than 100 information-security audits for TÜV Süd: to NISG, ISO 27001 and TISAX.

I am at home in two worlds: business and IT. With an MBA in business and an MA with a focus on ethics, I began as an advisor at the interface of business and technology — and that is exactly where I still work today. Technical gaps are real and must be closed. But just as often, the snag is that management and IT talk past each other. I translate between the two, so that requirements become lived practice.

I know leadership from my own experience. Both as managing director of the IT consultancy aiccooma it co management (Salzburg/Hamburg, 2010–2012) and as a board assistant at the IT consultancy cellent AG and at the logistics group Gebrüder Weiss, I learned how decisions are really made at leadership level — and how to steer projects and teams through them. When building an ISMS, that's the decisive point: it is half organisational and leadership work, half technology. In the NIS2 context, which expressly raises responsibility to management, exactly this bridge is what makes the difference.

How I work. On equal footing. Pragmatic rather than formalistic — as much structure as necessary, as little bureaucracy as possible. Organisations are living systems, not machines: security must be carried by the people who live it every day. That is why I combine proven expertise with respectful communication — and stay reachable. You speak with the same person throughout, no anonymous consultancy. I use advanced tools deliberately for routine work — so that more time and attention remains for what matters: your situation, your judgement, your responsibility.

Professional qualifications & credentials
  • Certified IT-security auditor to ISO 27001 since 2011
  • 100+ audits for TÜV Süd (NISG, ISO 27001, TISAX)
  • Data protection officer training (GDPR, 2019)
  • CISSP training (TecTrain, 2023) — current security frameworks
  • Reteaming Coach (2019) and Diagnosing and Initiating Change (2016) — change facilitation
Career & background
  • MA (University of Vienna, focus on ethics) and MBA (Webster University Vienna)
  • Managing director, aiccooma it co management — IT consultancy Salzburg/Hamburg (2010–2012)
  • Board assistant at the IT consultancy cellent AG and at Gebrüder Weiss
  • Bridge between management and IT — project and team leadership
  • Focus on Austrian mid-sized companies and NIS2 / NIS Act 2026
  • Based in Salzburg, active in Austria and the DACH region
  • Doctorate in theology (ongoing) — a personal background in ethics & responsibility
Industry experience

These are the sectors whose requirements I know.

Several of these industries are directly affected by the NIS Act 2026 as "essential" or "important" entities.

Let's get to know each other.

A first conversation is without obligation — and usually already clarifying.

Request a consultation →