„Our expertise starts where large technology providers, system houses or international consulting groups often reach their limits.“
Cybersecurity for corporations and KRITIS operators
Highly regulated industries such as retail, banking, insurance and healthcare have efficient internal IT teams. For particularly complex or rare issues, however, sometimes you need partners who understand cybersecurity down to the last detail and know the regulatory requirements and operational realities of your industry. That’s where we come in.
For over nine years, we have been supporting corporations and Critical Infrastructures operators directly and without project intermediaries in penetration testing, red teaming and IT security consulting. Our advantage: consistent specialization. We pool in-depth expertise and react quickly to new vulnerabilities, regulatory requirements and real threat scenarios.
Our clients choose us because they are looking for precision instead of process loops, reliable results instead of presentations and real experts instead of generalists.
Always a good decision
We are owner-managed and work exclusively with permanent specialists. We train our own talents and recruit experienced experts from large IT organizations. Our certifications and project experience meet standards in the corporate and KRITIS environment. Our consistent specialization in cybersecurity is crucial.
We support a maximum of five major clients per year. This deliberate limitation creates depth rather than breadth – especially in regulated industries such as finance, healthcare or the energy sector. You receive direct contact persons with technical decision-making authority, no hotline, no anonymous ticket system. We are continuously expanding our expertise in specialist areas such as malware development or Active Directory hardening.
You can mandate us for all IT security issues: Information security, BCM, technical IT security, offensive IT audits, training and workshops. Not because we offer everything, but because we understand attack logic and use it to develop robust security strategies.
Our experience speaks for us:
9+ years
Leading and certified experts in the field of penetration testing. KRITIS experience in the energy, healthcare, finance and insurance, transportation and public sectors. We are the main IT security supplier for one of Germany’s largest statutory health insurers, one of the world’s largest retail groups and a secondary supplier for one of Europe’s largest parcel delivery companies.
520+
Penetration tests in the areas of web, cloud, IoT, network infrastructure, social engineering, red teaming and SAP at leading corporations with 15,000 to 450,000 employees.
Specialized in your industry
Experts for highly regulated industries. Close cooperation at eye level – anonymized references prove our experience.
- Penetration testing of online and mobile banking systems
- Security assessments of backend infrastructures and networks
- Red Teaming to simulate targeted attacks on critical systems
- Security awareness programs for employees
-
Safety checks of production and control systems (ICS/SCADA)
-
Analysis of web-based management and reporting applications
-
Advice on securing cloud environments
-
Red Team Exercises for testing organizational security measures
-
Penetration testing of critical infrastructure and control systems
-
Security assessments of customer portals and smart meter systems
-
Network and endpoint security assessments
-
Red Teaming for the detection of complex attack patterns
-
Penetration tests of patient portals
-
Mobile security testing of medical applications
-
Protecting sensitive health data through infrastructure reviews
-
Social engineering tests and awareness training
Control center software for emergency services
Black box test of the web-based dispatch software incl. connected mobile components
Goal: Analysis of possible attack paths on mission data processing, authentication and communication between control center and emergency vehicles
Internal penetration test and test of web applications and network interfaces
Special features:
– Analysis of access options to operational systems (e.g. lighting control, baggage handling)
– Check for possible privilege escalation via central directory services (Active Directory)
– Vulnerability analysis of connected terminal systems (kiosk PCs, ground staff devices)
– Technical implementation during ongoing operations under strict operating conditions and with prior approval matrix
-
Security testing of transportation and warehouse management systems
-
Analysis of IoT and cloud-based services
-
Employee training on cyber risks
-
Red teaming to check the ability to respond to attacks
-
Application security assessments for web and mobile apps
-
Testing of development and deployment processes
-
Training for developers on secure software development
-
Red Teaming for simulating attackers at application and infrastructure level
-
Tests of customer portals and claims management systems
-
Mobile App Security Assessments
-
Advice on securing IT infrastructures and data
-
Social engineering and red team exercises to strengthen the safety culture
These are the three areas in which corporations and KRITIS operators commission us the most:
Pentesting
Performing targeted penetration tests - manual and detailed, to uncover vulnerabilities in web applications, mobile apps, SAP systems, cloud infrastructures and more.
Managed pentesting
For larger projects, we offer customized managed pentesting services, including the creation of test plans, concept development and continuous vulnerability tracking via your ticket system.
Red Teaming
Holistic attack simulations that test not only technical vulnerabilities, but also the responsiveness of your employees and processes to assess the overall security resilience of your organization
Absolute experts in the field. For over nine years.
Our consulting and auditing company offers you customized solutions and personal support – in a quality that large technology providers, system houses or the BigFour are often unable to provide.
Advantages at a glance
Absolute depth experts
Effective cybersecurity is needs-based, understandable and practicable. However, this is a particular challenge in highly regulated environments with complex IT infrastructures. We know the regulatory requirements and operational realities of your industry and develop effective security solutions tailored to them. Our expertise is based on the essentials: the attacker’s perspective.
Customer focus
We only look after a few major customers each year. This guarantees intensive cooperation, quick decisions and individual security solutions for highly regulated customers, which are often not possible in standardized structures.
Permanent experts
We work exclusively with permanent employees who you can reach personally at any time. We do not use a ticket system or hotline.
Speed and agility
Thanks to our compact, specialized teams, we react immediately to new threats and critical security gaps. We translate changes in the attack situation or new vulnerabilities directly into measures – quickly, specifically and without the delays that often occur in large structures.
Do you already know Managed Pentest?
Leave the entire vulnerability management to us: we create precise test plans for all relevant IT systems – from the network infrastructure to applications, cloud and IoT components through to tracking vulnerabilities in the ticket system. With regular scans and targeted penetration tests, we identify security gaps and support you in continuously improving your IT security situation. We offer you full reporting, dashboards and regular jour fixes so that you can maintain an overview at all times and respond quickly to new threats. Rely on a transparent and efficient security solution that covers all your requirements.
Your contact persons
Security is a matter of trust. With us, you don't talk to a ticket system - you talk directly to experienced experts.
S. Philipp Kalweit is Director Strategy & Consulting with a focus on security awareness and offensive IT auditing. He has been advising SMEs and corporations for nine years, particularly in highly regulated industries. In 2019, he was honored by DIE ZEIT as “Hamburger of the Month” and included in the Forbes 30 under 30 DACH list.
S. Philipp Kalweit
Managing Partner
Dipl.-Wirtsch.-Ing. Günther Paprocki has been Managing Partner of KALWEIT ITS since May 2024. As Director HR & Operations, he is responsible for operations and personnel. With experience at Sharp, Philips and Cisco, he brings a breath of fresh air to consulting. His focus: strengthening cybersecurity in Germany.
Günther Paprocki
Managing Partner
