Portfolio
Penetrationstests
An external penetration test evaluates an organization’s internet-facing assets from the perspective of an external attacker with no internal access. The process begins with reconnaissance to gather information about domains, IP ranges, and services using OSINT tools. Active scanning follows, identifying open ports and services via tools like Nmap. Vulnerability assessments are then conducted using automated scanners, complemented by manual testing for common web and network-based flaws. If exploitable vulnerabilities are found, controlled exploitation may be performed to demonstrate potential real-world impact, such as data breaches or unauthorized access.
An internal penetration test simulates an attacker who has gained access to the internal network, either through a compromised device or insider threat. The test involves network mapping, service enumeration, and identification of sensitive systems. Special focus is placed on Windows environments and Active Directory. Tools like BloodHound are used to analyze user privileges and domain trust relationships. The goal is to identify risks such as lateral movement paths, privilege escalation opportunities, and weak internal segmentation.
A Active Directory (AD) analysis, is an assessment of the structure and configuration of the AD environment. Common issues include weak policies, excessive user privileges, misconfigurations in AD CS, and vulnerabilities like Kerberoasting or AS-REP roasting. The analysis aims to map potential paths to domain compromise and provide remediation strategies to reduce attack surface and improve identity security.
Red teaming
A red team assessment is a goal-oriented security exercise designed to simulate a real-world, advanced threat actor targeting an organization. Unlike traditional penetration testing, which focuses on identifying and exploiting specific vulnerabilities, red teaming evaluates the effectiveness of an organization’s detection and response capabilities across people, processes, and technology.
The engagement typically begins with covert reconnaissance to gather intelligence on the target organization, including staff, infrastructure, and routines. Initial access is gained using tactics such as phishing, social engineering, or exploiting exposed vulnerabilities. Once inside, the red team conducts lateral movement, privilege escalation, and stealthy operations to achieve defined objectives—such as data exfiltration, domain takeover, or compromising critical business systems—while avoiding detection by blue team (defenders).
Throughout the exercise, red teams use tools and tactics aligned with real-world threat actors (e.g., APTs), often referencing frameworks like MITRE ATT&CK. The assessment concludes with a detailed report and debrief, highlighting attack paths, detection gaps, and response times, offering strategic recommendations to improve overall organizational resilience.
Phishing campaigns
A phishing campaign assessment is a controlled security exercise designed to evaluate an organization’s susceptibility to social engineering attacks, particularly email-based threats. The objective is to measure how users respond to realistic phishing attempts and to identify potential gaps in user awareness, email filtering, and incident response.
The assessment typically involves crafting and sending simulated phishing emails that mimic common attack techniques—such as credential harvesting, malicious attachments, or link-based payloads—while adhering to pre-approved scenarios and safety controls. These emails are tailored to appear credible, often using themes like company updates, IT support, or urgent requests.
User interactions are monitored to track actions such as clicking links, submitting credentials, or downloading files. The results help determine the organization’s risk level and inform security training needs.
Following the campaign, a detailed report is provided outlining user behavior, click rates, and compromise simulations. The report includes recommendations for improving user awareness, strengthening email security controls (e.g., SPF, DKIM, DMARC), and refining incident detection and response procedures
Presentations
I do regular talks and presentations inside organizations. I focus on raising awareness among managers and employees about the human factor in cybersecurity. Since people are often the weakest link—and therefore a primary target for cybercriminals—I place strong emphasis on how modern hacking groups operate, especially their use of phishing and social engineering techniques.
These sessions cover the current state of IT security in Europe, real-world threat landscapes, and the concrete impact a successful cyberattack can have on both organizations and individuals. I illustrate the consequences not only in terms of financial and operational damage, but also reputational harm and personal liability risks for employees.
To ensure the message is both effective and accessible, I develop these talks in close collaboration with a professional communication coach. The goal is to make complex security topics understandable and actionable—empowering employees to recognize threats and make smarter decisions in their digital environment.