Kosifuchs
Practical security for small businesses & non-profits
Home IT Security Hardening Monitoring/SOC Email Security Blog Books Downloads Contact For employers For clients For individuals Resources Imprint Privacy
For clients
Practical security for small businesses & non-profits

What this is about

This page is for clients—especially small and medium businesses and non-profits—who want security improvements that are structured, traceable, and realistic. The goal is measurable risk reduction: less exposure, less chaos, more control—without buzzword theater.

I work methodically: establish a baseline, prioritize risks, implement measures, verify impact, and document results. Not “security by vibes”, but security you can understand, maintain, and operate long-term.

Request a free first check Get in touch

Typical engagements

  • Security baseline & hardening roadmap (quick wins + long-term)
  • Network segmentation & access control review (roles, VLANs, firewall concept)
  • Logging/SIEM onboarding (visibility first: meaningful signals, not noise)
  • Email security (SPF/DKIM/DMARC, TLS, anti-abuse, deliverability)
  • Documentation & security concepts (maintainable and audit-friendly)

Who this is for

  • small and medium businesses (SMBs)
  • non-profits and community organizations
  • organizations without an in-house IT/security team
  • teams who want security that stays understandable months later

How we work

  1. First contact or a free first check (goal: quick clarity)
  2. Structured baseline assessment (assets, accounts, network, email, backup, logging)
  3. Prioritization by risk, effort, and impact
  4. Implementation or guided support (hands-on or coaching)
  5. Documentation & handover (so you can operate it yourself)

Frameworks & certification preparation (with substance)

Measures are strongest when they fit into a clear structure. That’s why I map technical and organizational measures to established frameworks—as an orientation, prioritization aid, and evidence baseline.

  • ISO/IEC 27001 (orientation) – management, risk, and evidence structure
  • CIS Controls – technical prioritization and practical implementation
  • BSI IT-Grundschutz – structured baseline (German context)
  • NIST CSF – Identify/Protect/Detect/Respond/Recover mapping

Note: formal audits and certification are performed by external bodies. I support building a robust implementation and evidence baseline that prepares you for a later certification if desired.

Transparency & pricing

Scope, approach, and costs are agreed upfront. Billing is transparent—hourly or via clearly defined service packages. No surprises.

What you will get

  • clear priorities and realistic measures
  • traceable documentation (operations, handover, audit)
  • a stable baseline to build on

Contact

If you want to check whether my support fits your organization, feel free to reach out—no pressure.

Get in touch Request a free first check