My name is Alex,

I'm an independent IT security and cyber security consultant

People and businesses come to me while under attack, seeking defense

It usually happens either right after their life and business was compromised or when they have indications the threat is imminent. They want a cyber fortress – and I create it for them.

cybersecurity consultant

Why me?

For the past 20+ years, I’ve been helping companies as their IT security and cyber security consultant. I worked as part of Microsoft‘s security team and as an external security consultant for the Emirates Nuclear Energy Corporation.

Now, I am a cyber security expert. I help software development companieslaw firms, and banks build complex and effective information security management programs to combat advanced cyber threats, acting as their Virtual CISO (CISO as a Service).

As an IT security consultant, I have helped software development companies, individual lawyers, law firms, and small businesses protect themselves with the same quality banks received when working with me. I have built defenses at banks (such as SCB in Thailand, Akbank in Turkey, and others) and government institutions (Ministry of Education in Qatar, Ministry of Energy in Saudi Arabia).

Schedule an online meeting with me

Why Hire a Cyber Security Contractor?

Are you aware that 39% of businesses report cybersecurity breaches yearly? Security breaches are a massive threat to companies of all types and sizes. Yet, many business owners don’t realize their company is at risk of a  breach that could result in huge revenue loss and reputation damage.

By hiring me as your IT security contractor, you will get a personalized cyber security strategy to keep your business safe from security risks so you can rest assured your company’s future is secure.

In the US, we operate in New York City, Los Angeles, Chicago, Houston, Phoenix, Philadelphia, San Antonio, San Diego, Dallas, San Jose, and in Europe, we operate in Berlin, Madrid, Rome, Paris, Vienna, Budapest, Lisbon, Prague, Athens, Helsinki, Sofia, Copenhagen, Stockholm, and Luxembourg City.

Companies I've Worked With

mannesoft
cropped Provence Full logo 1
pridatect
cyber security service for small business
skrill 120
en
coldwellbanker
gmf
mfg
inlogo
personal cyber security consultant

Why Choose Me as Your Independent IT Security Consultant?

I made a life choice 15 years ago: to stay independent as a cyber security contractor and never sell a vendor’s solution due to a commission or other benefits.

Even when working for Microsoft, I still helped all companies I visited to choose the best solution, rather than pushing Microsoft-only solutions. Perhaps that’s why I left and opened my own company!

You can always rely on my global cyber security experience, knowledge, and connections knowing I will always have your interests at heart.

That is why you will never hear me recommending just one vendor for a particular cyber security challenge. I give you the ways to choose the right one, the benefits of each, and leave the choice to you. Yes, I make much less money by not receiving a commission from these recommendations – but I keep two things intact: my integrity and the trust my customers have in me.

I've been employed by

microsoft logo
hp logo
en

What makes my cyber security consulting services different?

There are plenty of cyber security consultant firms out there. But their business model is usually the following:

  1. Perform a security assessment or a penetration test
  2. Based on the results, resell as many security products and solutions for a commission as they can
  3. Profit quickly, leaving your security posture where it was, with a few ‘security solutions’ installed. These are not cyber security consultant companies but efficient security product resellers who use their penetration tests as a business development tool. 

I do everything differently. 

  1. I also perform a security assessment, but a very in-depth security architecture and NIST 800-53 based one.
  2. I then create a comprehensive Information Security Program for you – a strategic but also deeply technical plan on protecting 14 cyber security areas (or more), which cover the 17 cyber security attack types and protect your people, processes, and technology from an architectural point of view, without purchasing ANY commercial products or solutions.
  3. Each of the 14 cyber security areas is usually split into multiple mini-projects. Each project’s performance and status are tracked on a dashboard so you can see your defenses improve daily during the Information Security Program implementation. 
  4. It takes longer, but you will be secure in the end

How much do I charge?

How much does a cyber security consultant charge?

It depends. What do you want?

  1. If you want a quick phone consultation to solve a problem requiring only an expert opinion, the charge will correspond with the time spent. Quite affordable; try it!
  2. If you want to work with me on a long-term project, the price will likely be similar to hiring someone. However, with much higher quality, fewer risks (I won’t quit on you for another job!), and higher efficiency – you get what you need three times faster, on average, than the time required for the same project with a full-time employee. I don’t deal with office politics, don’t spend time in coffee and cigarette breaks with colleagues, and don’t commute. All I do is deliver

The answer really can only be “it depends.” That price varies mainly by the length of the project, its complexity, and the project itself. 

The hourly rate for a cyber security expert varies according to project complexity and duration. 

Is it just a phone consultation or an in-depth problem-solving that you need? Can this consultation save the company millions by preventing a serious data security breach? In that case, the price doesn’t matter, and it’s all about value. Do you want that value?

Remote Only? How does that work?

Just as a hacker (or a hacking team) can work globally, so can a defender build your defenses remotely. 

The work gets done with a keyboard and a mouse – in your office or from another country. If you have an expert as your information security consultant, the quality will be the same regardless of location. 

People often ask me: “But I need a cyber security consultant near me,” – to which I ask them, why? Why would you need someone to commute several hours to you, arrive sweaty and tired, and bill you for the time during their commute when you can save money and get the same quality?

I love helping clients and hate travel just as much as you do. I have clients in Australia, the USA, the UK, Germany, and the United Arab Emirates – If I had to travel to see each of them every week or every month, there would be no time to work! Instead, everyone gets the same quality from me and is happy. 

Do you do Penetration Testing?

I get this question a lot! 

I am a cyber security consultant and, in a way, a cyber security architect. I build defenses very well. I have been trained in offensive security by an Israeli security company – Offensive Security – but I tend to focus on defense development only and work with some fantastic penetration testing companies in the US and the UK who excel in penetration testing. 

Specialization is critical to offering fantastic service, which I do. After completing my work with you is the best time to run a penetration test and validate everything done, I recommend that. It is a continuous improvement loop – you build good defenses, test them, improve them, and test them again. Specialization is the only way to deal with continuously improving threat actors

What can IT security consultants do for you?

What is it like working with an IT security expert?

When you start working with senior information security consultants, both sides must clarify their expectations. 

Just knowing about your desire to protect client information is not enough, and it is best to share details about your business processes, how you work with your clients, and how you collect and store their data.

  • Do your clients have specific requests or unspoken expectations regarding their data privacy?
  • Are you concerned about information security only, or do you need consulting on preventing confidential or strategic information theft?
  • Are you worried about hackers compromising your accounting systems and stealing money directly from your bank accounts?
  • Can a data breach impact your reputation? 

IT security experts need to know the answers to all these questions before starting to work with you.

Client Testimonials:

Experience what it's like to be stress-free

Let us take care of cybersecurity for you!

The cyber security consulting services include:

Password & Access Management

I help companies manage passwords and access securely. Your employees will stop reusing simple passwords which will make it harder for hackers to steal corporate credentials and you will know who has access to what and why, at any time.

Advanced Attack Mitigation

I check for mitigation controls for 17 types of cyber attacks: account compromise, unauthorized access, ransomware, network intrusions, malware infections, sabotage, security policy violations, and more.

Security Awareness Training

I will help your team understand why certain emails and links are dangerous, the concept of operational security and the ways hackers might take advantage of their desire to help. Security Awareness Training is much more than just a series of videos.

Cloud Security Architecture

Microsoft 365 has 280+ security settings. Amazon Web Services and Azure have hundreds of security configuration options, too - I will take care of ALL of them for you.

Securing IT Infrastructure

I help my customers transform their IT infrastructure security by implementing Server & Network Device Hardening, Desktop Hardening, Network & Web Service security, Data Security, Backups, and more!

Vulnerability Risk management

How many vulnerable machines/apps can a company have in its network? I help my customers establish and manage a Vulnerability management program, which will gradually reduce the risk of their network vulnerabilities.

Email & Communications Security

Getting access to a corporate account may grant a hacker access to all internal systems. I protect my customers by implementing secure authentication, ensuring the integrity and confidentiality of your communications.

Penetration Testing

Breach simulation is an integral part of every Information Security Program. My customers can rely on me to support them in the initiation, execution, and conclusion of a Penetration Test.

Secure Software Development

Software development should be a rapid, efficient, and secure process. I help my customers integrate security into the design, development, testing, integration, and deployment of their code.

Security Policies and Procedures

Policies and Procedures are the governing laws of a company's business. The ones I create are living and breathing documents bringing order and structure to my customers' security practices.

Secure Remote Access

Secure Work From Home is one aspect of remote access, but I also take care of third party partners, and outsourced employees, vendors, and guests. Remote access to data is not limited to VPN.

Zero Trust Networking

I expand the defenses I build beyond VPN and add Zero-Trust as your primary defense principle.

Advanced Endpoint Security

Antivirus is just one of the 12 controls I implement to defend endpoints from advanced hacking attacks. I prevent the exploitation of these devices via malicious documents, scripts, 0day vulnerabilities, and more.

Security Monitoring

You should be able to detect any unauthorized access anywhere in your network, be it a malicious insider or an outside hacker. I will help you build the necessary security monitoring to achieve that.

Plus much More

Every Information Security Program I build and execute for my clients is different. Their teams, infrastructure, applications used, and business objectives are different, and I often customize my services to serve them better.

Why should you care about password or access management?

Most people reuse their passwords, and the password used for their online shopping activities would most likely resemble the password used to access your corporate email or collaboration platform.
And when their favorite online shopping sites get hacked (and they do, often!) – their passwords become known to hackers globally. Some websites allow hackers to enter a person’s name or email address and see all the passwords they have ever used!
They then attempt to use these against your email server or collaboration system, and they often work!

You do need much more than just an antivirus and a firewall

Every company on this list of hacked companies had antivirus and a firewall, and they still got hacked. In all cybercrime investigations, the outcome is the same: hackers don’t care if you have antivirus and firewalls; they will still get in. 

So what should you do? 

As a cybersecurity consultant, I always protect my clients from advanced attacks by implementing additional defense measures everywhere in their IT infrastructure, focusing on the endpoint. 

Security Awareness Training Consulting for SMBs

Most people in your company are not security experts, and I would even argue 100% of your entire workforce are just experts in their fields – and that is how things should be. 

I will only introduce a slight change: relevant, human, easy-to-understand training that will give them a basic understanding of how hackers might or will try to mislead them into opening a malicious attachment or a fake login link. 

If you use Microsoft 365 or Google Apps you need to protect them

IT Administrators leave the defaults on for most cloud services I have audited in the past few years.

They don’t enable or enforce 2-factor authentication. They leave all the possible security policy settings default – which usually means they are turned off.

These policies and settings exist for a reason – hackers are actively abusing cloud services, and cloud service providers have developed countermeasures to protect you.

But did your IT admin enable all the 285+ security settings in Office 365, now known as Microsoft 365?

Even printers can be used to get into your network

Whenever I consult a cybersecurity company, I get to see completely unprotected devices such as printers and routers. Most of them WiFi-enabled. Then they wonder how they were hacked. 

Easy. 

Through the unprotected printer. 

But they could get in through an insecure desktop, laptop, mobile phone, server, or network device. 

This is why I help my clients protect their whole IT infrastructure. And when their systems administrators are overworked and underqualified in cyber defense, I help them by coaching the sysadmin and guiding them to protect every device type in their network against modern, persistent, and advanced hackers. 

Discover and fix vulnerabilities you never suspected existed

Most companies we start working with have no vulnerability management, and as a result, they have no clue they can be easily hacked through any of them. 

Our virtual cisco (CISO as a Service) team will identify all vulnerabilities in your computers, software, servers, network devices, and other equipment. 

They will then generate a plan to fix them and start working on the remediation process. 

The final step in our vulnerability assessment service is to build your whole vulnerability management program with scanning automation, configuration scanning, discovering configuration errors, and more. 

Prevent unauthorized access to your email and other communications

Hacking into email systems is likely the most straightforward task for a hacker or a hacking team. 

Did you know it usually takes just a few minutes?

All my clients enjoy complete peace of mind – knowing that most hackers cannot hack their email. 

I can help establish secure email and instant messaging communications within and outside your company. 

It is also a tremendous relief for your clients and business partners to know that anything they send you will be kept safe and secure from prying eyes. 

FAQ

A cybersecurity consultant specializes in assessing, planning, and implementing security measures to protect a company’s information systems. They identify vulnerabilities, recommend solutions, and often help with the deployment of these solutions.

Companies may lack in-house expertise or require an external perspective on their cybersecurity posture. A consultant can bring specialized knowledge, experience, and up-to-date practices to ensure that a company’s digital assets are secure.

Typically, they should have a relevant degree in IT or cybersecurity, certifications like CISSP, CISM, or CEH, and several years of experience in the field. Practical experience with specific technologies, a thorough understanding of various cyber threats, and problem-solving skills are also crucial.

Consultants often begin with penetration testing, where they simulate cyberattacks to find weak points. They also conduct vulnerability assessments using specialized tools and manual reviews, considering both technological and human factors.

No, consultants work with businesses of all sizes. While large corporations may have complex needs, small and medium-sized businesses also face cybersecurity threats and can benefit significantly from expert advice.

A consultant typically advises on broad strategy and solutions, working on a project or contractual basis. An analyst, on the other hand, often works in-house, monitoring an organization’s networks, detecting threats, and responding to incidents on a day-to-day basis.

They invest in continuous learning, attending workshops, pursuing advanced certifications, and actively participating in cybersecurity forums and communities. Staying updated is essential in this fast-paced field.

Success can be gauged in various ways: reduction in security incidents, passing compliance audits, improved security awareness among employees, and positive feedback from stakeholders. It’s essential to have defined metrics and KPIs to measure performance objectively.

Costs can vary depending on the scope of work, the consultant’s expertise, and the project duration. While there is an upfront investment, the long-term savings from preventing data breaches and ensuring business continuity often outweigh the initial costs.

Companies should seek references, review case studies, and conduct interviews to assess a consultant’s expertise and fit. It’s essential to ensure the consultant understands the company’s specific industry, business model, and unique challenges.

Contact Me

Phone: +44.20.3807.6459