IOT | LLM/AI, Cybersecurity Architecture, Penetration Testing, Mentoring

Security architect, consultant and security assessments specialist with particular experience in IOT, EV/EVCS, robotics, LLM/AI, Cybersecurity Act (CSA), RED and NIS2 directives.

• Compliance management5 J.
• Corporate Security
• Cyber Security19 J.
• Internet of Things (IoT)
• Kryptographie5 J.
• Penetrationstest
• Security Architektur
• Solution Architektur
• System Architektur19 J.
• Systems Engineering5 J.

Services Offered

1. System Architecture Assessment

Description: A detailed analysis of existing or planned systems to identify security vulnerabilities, resilience issues, operational risks, bottlenecks, and areas of cost inefficiency.
Requirements: System overview, system-related technical documentation, plus either a live session or QA form with written responses.
Deliverables: A comprehensive report including an overall conclusion, possible business impact, and actionable steps or alternative solutions to remedy discovered flaws.

2. Technical Architecture Consulting

Description: Expert advice to system and security requirements, associated risks, and recommend technology stacks, platforms, solutions, and protocols tailored to specific business needs. This service is helpful when the business solution needs to be found or developed or an existing one is not satisfying.
Requirements: A written concept of the required solution and technical and business constraints.
Deliverables: A technical-level architectural design, solution alternatives, business justification of the solution, identified security risks, and a list of recurring maintenance costs (excluding cost comparisons) where applicable.

3. Security Review of Source Code, Firmware or system configuration

Description: This review service is designed to assess impactful security issues and business logic flaws in the code, IOT firmware or a system configuration.
Amsterdam, Netherlands

Requirements: Access to the source code, firmware, and relevant system configurations, detailed specification of the application or system.
Deliverables: A comprehensive report outlining discovered security vulnerabilities, business logic flaws, and recommendations for robust mitigation strategies.

4. Security Risk Assessment, Ethical Hacking, and Penetration Testing

Description: Testing the robustness of IoT/Robotics systems and devices, including LLM (AI) systems, against attacks and malfunctions.
Requirements: Access to the system or device, relevant technical documentation, and use case scenarios.
Deliverables: A detailed vulnerability report, including impact description based on threat trees, and remediation strategies.

5. Standards Consultation for IoT Systems

Description: This service provides a pre-compliance checkup to identify potential areas of non-compliance and establish a strategic plan to meet regulatory requirements for IOT systems and devices according to European standards and regulations such as ETSI EN 303 645, IEC 62443 series, RED, CRA and NIS2.
Requirements: Details of the IoT system, target standards for compliance, plus either a live session or QA form with written responses.
Deliverables: A compliance roadmap, pre-compliance checkup report, gap analysis, and detailed action steps for achieving and maintaining compliance with standards.

- Security architecture assessments of the architecture and associated risks of systems, products (both hardware and software) and business processes, both existing and in the design and implementation phase;
- Penetration testing and security assessments of IT / OT / IoT systems;
- Penetration testing and security assessments of individual system components and IOT devices against attacks;
- Advice on product design with respect to EV/EVSE standards such as ISO 15118, OCPP, ISO/SAE 21434:2021;
- Consulting on IoT and related IT system architecture, applied cryptography, PKI, business process security and business structure;
- Review and analysis of gaps against industry and product standards, directives such as IEC 62443, EN 303 645, PCI-DSS, GDPR, NIST 800-171;
- Hands-on expert solutions development based on C#, C/C++, Rust, Python, TypeScript/JS.