DevSecOps Consulting
DevSecOps problems are not tool problems. They are decision problems. I help teams make the right decisions — before they get expensive.
What I do
Pipelines & supply chain
Hardening CI/CD pipelines — your pipeline is the biggest attack surface in your company. Plus supply chain security from dependencies to signatures and SBOMs.
Container & Kubernetes
Security architecture for the entire development and operations cycle: container hardening, Kubernetes security, secure build and deploy processes.
Audits & incident follow-up
Security audits of build and deploy processes and incident follow-up — including the uncomfortable questions afterwards. Also available as an external second opinion on existing concepts.
How I work
I look at how your team actually works — before changing anything. DevSecOps problems are decision problems, not tool problems.
No 80-page reports nobody reads. You get concrete, prioritised steps — developed with the team rather than over its head.
What I recommend, I have built and operated myself. Implementation happens with your team — so the knowledge stays in-house.
Security as a craft,
not compliance theatre.
For development teams and mid-sized companies that want to make the right decisions before they get expensive. A short message is enough — I will get back to you personally.