Enterprise Infrastructure Security
Active Directory Domain Services Tier Model implementation, ADCS vulnerability remediation, Privileged Access Workstation deployment, and Azure hybrid identity security — protecting the infrastructure layer that attackers target first.
Over 25 years securing enterprise infrastructure — from on-premises Active Directory Domain Services (ADDS) forests to hybrid Azure environments. I architect, harden, and recover the identity systems that underpin every organization's security posture.
My work centers on eliminating identity attack paths: misconfigured ADCS templates exposing ESC1–ESC8 vulnerabilities, missing administrative tier boundaries allowing lateral movement from Tier 2 to Tier 0, credential exposure through Kerberoasting and Pass-the-Hash, and unmonitored privileged access without PAW enforcement.
Engagements span federal agencies under BSI IT-Grundschutz elevated protection, global banks under PCI DSS and BAIT, international law firms, and manufacturing groups — including direct collaboration with Microsoft's Compromise Recovery Security Practice (CRSP) for ADDS breach containment and forest recovery.
Hofheim am Taunus, Germany
Available across DACH & Europe
Whether you need ADDS compromise recovery, Tier Model implementation, ADCS remediation, PAW deployment, or an independent infrastructure security assessment — let's discuss your environment.