We are a security accelerator that
frees companies from the pain of
planning and executing security programs

Some of our services

We provide a range of bespoke security services. What makes us unique is that we don’t disrupt culture, organization, or frankly your budget. We help you gain traction with your security, take away the overhead and get things done yesterday. Our belief is that security has to be built into technology and processes from the outset, which saves cost, reduces headache and scales in the long run.

Rent-a-CISO

With our rent-a-CISO model, you can think of us as your remote security team. Decades of experience, management know-how and problem solving ability, at the fraction of the cost of in-house staff. We provide decision makers with clear transparency on current security posture, work out priority areas and deliver an actionable security program for future steps.

But we don’t stop there. We also roll up our sleeves and execute the strategy we’ve developed with you: conduct assessments, build up attack detection infrastructure and reduce information security risk overall. The program is bespoke, aligned with business direction and all stakeholders expectations.

Secure Software Development Lifecycle (S-SDLC)

Especially technology centric companies often struggle with designing security into their software development lifecycle. That’s because there is no one shoe that fits everybody.

We bring in proven methods and tactics to incorporate security at key steps during your development projects, which adds continuity, enables fruitful discussion among team members and detects security problems long before they are written in code. These pro-active techniques have extremely high leverage and tend to provide everyone with a high level of confidence as well.

Penetration testing

Reactive penetration testing against implemented code and configuration in a production environment are key to ensuring that noone can hack into your systems.

We anaylse and assess web applications, mobile apps, microservices, network and other critial components to discover vulnerabilities hiding in them. Our fee can be capped based on time or we charge per bug.

Customer data, credentials, business secrets: securing valuable assets

Whether it is personally identifyable information (PII) that has to be protected, sensitive access credentials or simply business secrets that must remain well secured inside your perimeter:

We provide detailed assessment projects that unmantle if, how and where such data can be stolen, compromised or is otherwise at risk. These engagements not only cover low-hanging-fruit but sophisticated attacks through insiders and partners. We work with you to control the situation and get on with your day.

Services overview

Strategy

Operational CISO
Security Program Development & Strategy
Security Delivery Team

 

.

i

Compliance

Assessment & Readiness
GDPR
PCI-DSS
PSD2
ISO/IEC 27000
BSI IT-Grundschutz
more

Assessment & Protection

Cyber Security Assessment
ISMS Assessment
Infrastructure & Architecture Reviews
Development of Target Models
Executing Penetration Tests & Plans
Integrating Security in the SDLC
Hardening Applications & API
Building Identity & Access Management
more

U

Detection & Response

Cyber Defense Infrastructure
Network Security Monitoring
Endpoint Security Monitoring
Vulnerability Management
SIEM
Threat Intelligence
Incident Response Management
more
.

The CISO and the CISO Orchestra

The CISO (Chief Information Security Officer) is responsible for information security in the company. His topics and tasks are wide-ranging. We invented the CISO Orchestra to depict his themes.
The roles of CISO are diverse and require extensive skills and capabilities: the CISO must be at the same time strategist, protector, technologist, communicator, consultant and doer.
At CISOCON we specialize in providing optimal advice and support to CISO and its organization.

Some of our customers

And of course we still have many more customers from various industries, such as e-commerce/internet, software, energy, fintech/banking, mobility/automotive, telecommunication, mechanical engineering. We advise and support start-ups as well as medium-sized companies and large corporations.

Benefits from working with CISOCON

A fun experience throughout, ensured by our energetic CISOCON experts

Implementation expertise

The ability to operationalize strategy: based on tools and experience.

Expert network

Access to the entire CISOCON network of security experts.

Professional skills

Broad range of professional skills from the strategic top level down to operational execution based on proven methods and techniques.

Best practices

Immediate availability of best practices derived from years of experience in conducting similar projects and working in CISO functions.

Getting things done

Advise not just on what has to be done, but getting it done.

Increased security awareness

Increased security awareness due to the moderated dialog between CISOCON and your participants.

Career Opportunities (Consulting)

We’re always looking for talented individuals that want to do great work with amazing people.

We value talent over experience, seeking for authentic, open-minded peers with a mentality to learn and make the most out of every single day.

Generalists

Operational CISO

Several years of experience in setting up, managing and managing security organizations (consisting of project management, engineering roles, network, architecture, forensics, etc.)

Strategic Planning & Development, as well as operational control of Security Programs / Roadmaps along:

  • Threats to the environment (Threat Model)
  • Defined cyber security goals & KPIs
  • Compliance and Regulatory requirements
  • Operational topics in the field of assessment, protection, detection, response

Reporting to Senior Management (C-Level, Management) and Key Stakeholders (VP’s, Heads, TL’s)

Evaluation of cyber security & information security risks

Control of assessments & audits

Introduction of elementary, safety-enhancing processes (Risk Management,
Access Management, Change Management, Incident Management & Response, S-SDLC etc.)

Introduction of core security enhancing technologies & architectures (Endpoint, Network, Identity & Access, Code, Email & Communications, Data Loss, eLearning, etc.)

 

Cyber Security Expert

Several years of experience in cyber / IT security and related core topics (Threat Modeling, Threat Assessment, Security Testing, Security Reviews, Incident Handling)

Solid knowledge of Network & Infrastructure including Cloud Environments (GCP, Azure, AWS)
Solid knowledge of application security, application architecture, classic and agile software development lifecycles (SDL)

Good knowledge of current security solution providers (VM, EDR, Network, Mail, Firewall, IAM etc.)

Knowledge of industry standards and frameworks (OWASP, SANS to ISO27k and PCI-DSS)

Basic knowledge of data protection (EU-GDPR, BDSG)

Basic scripting / programming skills

Structured, careful and result-oriented way of working

Strong customer, service and team orientation

Wannabe Cyber Security Expert

Great enthusiasm and a keen interest in becoming an expert in an exciting team and subject area, working with different customers and environments

Solid knowledge of at least one, but at most several of the following subject areas:

  • Continuous Integration & Delivery (CI + CD) infrastructure
  • Network & Infrastructure including Cloud Environments (GCP, Azure, AWS)
  • Application development; frontend (Node, HTML5, CSS3, JavaScript) or backend (Go, JAVA, PHP, C #, Python, Ruby, Perl); corresponding libraries, mobile development
  • Database, Caching (Mongo, MySQL, Redis, etc.)

Structured, careful and result-oriented way of working

Optional: Basic security know-how in one of the above-mentioned. subjects

 

Network & Architecture

Senior (Security) Network / Infrastructure Architect

Several years of experience in planning, development and operation of complex heterogeneous networks

Very good understanding of IT infrastructure topics (server, network, storage, data center)

Deep understanding of cloud providers (GCP, Azure, AWS) and their service APIs

In-depth knowledge of products from major network and infrastructure manufacturers (e.g., Cisco, Palo Alto, VMware, HP Procurve, Brocade, etc.)

Profound knowledge of switching, routing (OSPF, BGP), VPN

Knowledge of Linux, Microsoft server operating systems, Active Directory,
Basic architectures (DNS, DHCP, SMTP, SNMP)

Basic scripting / programming skills

Structured, careful and result-oriented way of working

Strong customer, service and team orientation

Optional: knowledge and experience in the context of IT security

Junior (Security) Network / Infrastructure Architect

Experience in planning, development and operation of complex heterogeneous networks

Basic understanding:

  • in the topics of the IT infrastructure (server, network, storage, data center)
  • Cloud providers (GCP, Azure, AWS) and their service APIs
  • with products of common network and infrastructure manufacturers (e.g. Cisco, Palo Alto, VMware, HP Procurve, Brocade, etc.)
  • in the area of switching, routing (OSPF, BGP), VPN
  • Linux, Microsoft server operating systems, Active Directory,
    Basic architectures (DNS, DHCP, SMTP, SNMP)
  • Script / programming skills

Gladly seen

  • Customer, service and team orientation
  • Structured, careful and result-oriented way of working

Optional: knowledge and experience in the context of IT security

Cyber Defense

Security Incident Manager

Several years of experience in the context of Security Incident Response Management, main areas of activity:

  • Analysis and clarification of cyber security incidents, control of SOC analysts and CSIRT teams in the phases of preparation, identification, mitigation of incidents
  • Planning and documentation of incident response processes based on threat scenarios
  • Training of employees from operational and management level to Incident Response processes
  • Crisis management, including reporting to senior management
  • Backup and processing of forensic information
  • Conducting Post Mortem Analysis and Preparation of Lessons Learned

Structured, careful and result-oriented way of working

Strong customer, service and team orientation

Cyber Defense Expert

Several years of experience in cyber / IT security and related core topics (Threat Modeling, Threat Assessment, Security Testing, Security Reviews, Incident Handling)

Solid Network & Infrastructure skills including Cloud Environments (GCP, Azure, AWS), Application Security, Application Architecture, Classic and Agile Software Development Lifecycles (SDL)

Focus on cyber defense, ie build infrastructure to detect and prevent attacks on networks, applications & infrastructure

  • Endpoint Detection & Response
  • Network Monitoring (AI, IDS, IPS)
  • SIEM
  • Vulnerability Management

Incident Response support (SOC, CSIRT) and forensic analysis

Basic scripting / programming skills

Structured, careful and result-oriented way of working

Strong customer, service and team orientation

Sparked your interest?