to my Cybersecurity Blog

My Motto

with the help of

Information Security

with the help of

IT Security

with the help of

Cyber Security

About this Cybersecurity Blog

I mainly write about the topics Cybersecurity, IT Security and Information Security in a company environment. But none of these subjects are working well without a reliable IT Infrastructure or IT Strategy.

So I will write about these topics independently but also I try to write about the interaction between those topics.
And here is where my motto comes from:

  • Enforce IT by establishing an Information Security Framework with the help of strong, practical, measureable policies, processes and procedures
  • Automate IT by letting the IT Security implement a simple, flexible, secure, robust IT Infrstructure and let them automatically deliver key figures to improve overall security measures
  • Protect IT by proactively monitoring your IT Infrastructure for threats and effeciently react to cyberincidents with the help of Cybersecurity

There is another thing that bothers me. That companys try to focus more on buying new products to solve their problems instead of looking for the right solution. Here I try to think outside the box to find a better solution by, using existing tools, coding my own scripts and tools and starting with Open-Source to learn what I really need.

About Me

Hi, my name is Florian and I am a freelanced Cybersecurity Consultant from Germany.

My professional career in the IT business began in 2001 by visiting a technical college focusing on Computer Science and Electrical Engineering. During this time I did a lot of IT internships for german DAX companies. In 2004 I started working as an IT System- and Network Engieener for an international, medium-sized enterprise in the “Industry Automation” sector.

During this time I had the opportunity to realize a lot of projects worldwide (remotely and on site). In 2010 my specialization changed more and more towards Network Security and Security Operations. By 2016 I had built up an Security Operations Center focusing on Security Incident Response and Detection to then switch to self-employment and working as a Consultant.

Here my projects are more focused on building Information Security and Governance Frameworks based on ISO 27001 or NIST for my clients. But often this also includes techical Risk Assessments, Pentesting and IT infrastructure topics. Nowadays most of my projects are in the Banking, Sales/Office, Government and Production sector.

> Want to find out more about the Blog and my philosophy? Read the About Page <

Latest Cybersecurity Blog Posts

Important Controls and Measures for Vulnerability and Patch Management

, , ,
When you define and implement your vulnerability and patch management process (see: How to Implement a Vulnerability and Patch Management Process) it is always best practice to think about and define possible requirements, controls and measures. These are going to help you to protect against current threats and protect your organization.   Here you can find a list of examples and best practices for different measures and controls in case of vulnerabilty management and patch management: 1. Vulnerability Classification measures…
Read More

KPI Examples for Vulnerability and Patch Management

, , , ,
If you have implemented a Vulnerability and Patch Management Process (see: How to Implement a Vulnerability and Patch Management Process) you should also define Key Performance Indicators (KPI) and Key Risk Indicators (KRI) to monitor the effectivness of your Vulnerability and Patch Management controls and measures.   1. What are KPIs and KRIs or Metrics related to Vulnerability and Patch Management? KPIs and KRIs help you to understand, measure and improve your vulnerability management process and patch management process. They…
Read More

How to Implement a Vulnerability Management Process

, , , , ,
Vulnerability and Patch Management are major and essential tasks of the Information- and IT-Security. A good vulnerability and patch management process helps you to identify, evaluate, prioritize and reduce the technical security risks of your company or organization. Even if you are not planning to implement security frameworks like ISO 27001 or NIST Cybersecurity Framework (CSF) you should consider to implement a basic vulnerability management process or technical measures and controls to be prepared for critical cybersecurity attacks or threats.…
Read More

ISO 27001 How to Define your Scope Statement

, , , ,
Defining your ISO 27001 scope statement is one of the first steps for building your ISMS. Although it is just a short separate document or small paragraph in your security policy it is one of the most important point. This is because every next step is related to your scope or area of application. In this article you can find out why the definition of your scope is so important, how to write your statement, what it does have to…
Read More

ISO 27001 Required Documents, Policies and Procedures

, , ,
Besides the question what controls you need to cover for ISO 27001 the other most important question is what documents, policies and procedures are required and have to be delivered for a successful certification. The biggest goal of ISO 27001 is to build an Information Security Management System (ISMS). That is a framework of all your documents including your policies, processes and procedures and others that I will cover here in this article. What is the problem? The biggest challenge…
Read More

ISO 27001 Controls you need to cover

, , ,
If you are about to start a project for implementing the ISO 27001 security framework you want to know which controls you need to cover. This is one of the first questions you always get as a consultant. And it is one of the most important because you want to know about the size and therefor the time and budget you need to successfully implement this security standard. Here I want to give a quick overview about the controls for…
Read More