Consulting portfolio, whitepapers, studies and practical guides on current security and compliance topics — concise, well-founded, ready to use.
Trusted · Holistic · Engineered
Our complete service portfolio in one deck — from ISO 27001, NIS2, DORA and CRA to IT- & Cloud Security, AI Governance, Managed Services and the Vami IMS Framework. 27 pages, compact.
CISO guide to AI security and Red Teaming: how organisations protect LLM-based systems against prompt injection, model manipulation and data leaks — with a regulatory framework and concrete safeguards for the CISO's daily work.
Practical guide for CISOs & security teams: how Threat-Led Penetration Testing under DORA realistically assesses the security level of the most critical digital crown jewels — from OSINT-based phishing campaigns to Blue Team collaboration with Assisted Detection.
The EU Cyber Resilience Act (CRA) is the uniform cybersecurity law for digital products in the EU. How manufacturers, importers and distributors protect hardware, software and connected products across the entire lifecycle — with obligations for development, updates and vulnerability management under a Security-by-Design framework.
From prompt injection to supply chain: LLM pentesting according to OWASP in the era of the AI Act. How attackers alter model behaviour through manipulated prompts, data poisoning or unsafe plug-ins — and how the OWASP LLM Top 10 provide a risk-oriented framework.
How organisations successfully transition from a pure ISO 27001 certification to combined ISO 27001 + BSI IT-Grundschutz compliance — synergies, protection-needs assessment, building-block mapping and gap analysis for a future-proof security baseline.
Practical whitepaper for CISOs, DevOps and GRC leads: how the OWASP Top 10 CI/CD risks (CICD-SEC-1 to SEC-10) are exploited — from tj-actions and the Nx campaign to the Shai-Hulud npm worm — and how a Zero-Trust pipeline with a 90-day hardening roadmap secures the supply chain all the way to production.
From source commit through the build runner to cloud identity: the ten OWASP CI/CD risks translated for the DACH region — vendor-neutral, with documented incidents (SolarWinds, Codecov, PHP, Teleport), a compliance crosswalk to NIS2, DORA, ISO 27001, BSI IT-Grundschutz and the EU AI Act, plus a maturity self-check.
AI assistants now generate large parts of our applications — yet the most dangerous vulnerabilities remain the same. This whitepaper dissects the ten most critical of the CWE Top 25 (2025), shows secure patterns on real code and delivers a roadmap that shifts security into the design rather than the patch — across the entire SDLC.
Fill out the form and receive your desired whitepaper directly via email — free and without obligation.
Our experts are happy to support you in implementing the content from our whitepapers in your organization.
Free Initial Consultation →
