Portfolio
Presentations
I regularly give talks at companies where I focus on the human factor in cyber security. As employees are often the weakest link, I show how modern attackers exploit phishing and social engineering.
The presentations look at the threat landscape, real-world attack methods and the serious implications of security breaches – including financial loss, reputational damage and personal liability. Developed with a communications trainer, these presentations make complex topics clear, actionable and relevant so your employees can better recognize and respond to cyber threats.
Penetrationstests
External Penetration Testing
Simulates an external attacker, targeting publicly accessible systems. The process includes reconnaissance, port and service scanning, and vulnerability assessments using automated and manual methods. If exploitable weaknesses are found, controlled exploitation demonstrates potential risks such as unauthorized access or data breaches.
Internal Penetration Testing
Represents an attacker with access to the internal network—either via a compromised device or insider threat. The focus is on mapping the network, enumerating services, and identifying high-value targets. Special attention is given to Windows environments and Active Directory.
Active Directory Analysis
A focused security assessment of the AD environment’s structure and configuration. Common findings include excessive privileges, weak policies, and vulnerabilities in components like AD CS. The goal is to identify paths to domain compromise and provide actionable recommendations to harden identity infrastructure and reduce attack surfaces.
Red teaming
A red team assessment simulates a real-world cyberattack to test an organization’s detection and response capabilities – not just technical vulnerabilities. Using tactics such as phishing, social engineering and stealthy exploitation, the red team attempts to achieve realistic objectives such as data exfiltration or domain takeover while avoiding detection.
The exercise mimics advanced threat actors (e.g. APTs) using frameworks such as MITRE ATT&CK. The exercise concludes with a detailed report identifying attack paths, vulnerabilities and actionable recommendations to strengthen overall resilience.
Phishing campaigns
A phishing assessment tests how employees react to realistic, simulated phishing emails. The aim is to identify weaknesses in user awareness, email filtering and incident response.
Simulated attacks mimic common tactics such as credential interception or malicious links, using pre-approved, safe scenarios. User actions – such as clicking on links or entering credentials – are tracked for risk assessment.
The results are compiled into a report with metrics, behavioral insights and recommendations to improve training, email security (e.g. SPF, DKIM, DMARC) and the response process.