Kosifuchs
Practical security for small businesses & non-profits
Home IT Security Hardening Monitoring/SOC Email Security Blog Books Downloads Contact For employers For clients For individuals Resources Imprint Privacy
For employers
Practical security for small businesses & non-profits

This page is for employers looking for a reliable, structured, and hands-on IT security professional. My focus is cyber resilience, hardening, monitoring, and traceable documentation—without buzzwords and without show.

I enjoy roles where security is implemented in practice: in SMB environments, IT departments with responsibility, SOC/blue-team contexts, or positions where processes, logging, and robust measures matter.

Get in touch Request CV

What you can expect

  • structured analysis over gut feeling
  • pragmatic measures that work in daily operations
  • clean documentation and clear reasoning
  • defensive security: hardening, monitoring, log analysis, baselines
  • calm, clear communication—even under pressure

Focus areas

  • system hardening (Windows/Linux), secure baselines, config hygiene
  • network and firewall concepts for small/mid environments
  • monitoring/logging: meaningful signals, not noise
  • email security (anti-phishing/spoofing, deliverability, policies)
  • documentation, handover, and clear team communication

Frameworks & compliance context

In practice, it helps to align security measures with recognized frameworks rather than implementing them in isolation. I can map security measures to ISO/IEC 27001 (orientation), the CIS Critical Security Controls, as well as BSI IT-Grundschutz and the NIST Cybersecurity Framework (NIST CSF).

The goal is to build clear priorities, traceable evidence, and an implementation baseline that typically supports preparation for a later certification (formal audits/certification are performed by external bodies).

For sector-specific requirements (e.g., critical infrastructure, payments/PCI DSS, automotive/TISAX), the mapping can be deepened and extended with additional industry requirements.

How I work

I work methodically: clarify the baseline, prioritize risks, implement measures, verify effect, and document results. For me, security is not a single tool—it's a mix of technology, process, and culture.

Why this helps teams

  • less “security fog”, more clear decisions
  • measures that stay understandable months later
  • stable foundations to build on
  • clear communication over unnecessary complexity

Contact

If you’re looking for someone who implements in practice, documents cleanly, and works reliably in a team, I’d be happy to hear from you. I can share my CV and details upon request.

Get in touch Request CV