„Our expertise starts where large technology providers, system houses or international consulting groups often reach their limits.“
We create security for complex corporate structures
Cybersecurity is a central component of modern IT landscapes, especially in highly regulated industries. It plays a key role in determining how digital systems can be set up, operated and further developed. We are an independent, highly specialized IT security consultancy. Our focus is on the combination of consulting and technical testing with a view to real attacker perspectives. This creates a realistic picture of the actual security situation of applications, systems and infrastructures.
One focus of our work is manual penetration testing, supplemented by conceptual and technical consulting to secure complex IT environments. This is not just about individual vulnerabilities, but about understanding attack paths and systemic risks. The basis for this is over ten years of experience in critical infrastructures and complex enterprise environments. This knowledge enables us not only to evaluate technical systems theoretically, but also to scrutinize them under realistic conditions.
For decisions that must be supported in an emergency
Our experience speaks for us:
9+ years
Leading and certified experts in the field of penetration testing. KRITIS experience in the energy, healthcare, finance and insurance, transportation and public sectors. We are the main IT security supplier for one of Germany’s largest statutory health insurers, one of the world’s largest retail groups and a secondary supplier for one of Europe’s largest parcel delivery companies.
520+
Penetration tests in the areas of web, cloud, IoT, network infrastructure, social engineering, red teaming and SAP at leading corporations with 15,000 to 450,000 employees.
Specialized in your industry
Experts for highly regulated industries. Close cooperation at eye level – anonymized references prove our experience.
- Penetration testing of online and mobile banking systems
- Security assessments of backend infrastructures and networks
- Red Teaming to simulate targeted attacks on critical systems
- Security awareness programs for employees
-
Safety checks of production and control systems (ICS/SCADA)
-
Analysis of web-based management and reporting applications
-
Advice on securing cloud environments
-
Red Team Exercises for testing organizational security measures
-
Penetration testing of critical infrastructure and control systems
-
Security assessments of customer portals and smart meter systems
-
Network and endpoint security assessments
-
Red Teaming for the detection of complex attack patterns
-
Penetration tests of patient portals
-
Mobile security testing of medical applications
-
Protecting sensitive health data through infrastructure reviews
-
Social engineering tests and awareness training
Control center software for emergency services
Black box test of the web-based dispatch software including connected mobile components
Objective: Analysis of possible attack paths on mission data processing, authentication and communication between the control center and emergency vehicles
Internal penetration test and test of web applications and network interfaces
Special features:
– Analysis of access options to operational systems (e.g. lighting control, baggage handling)
– Check for possible privilege escalation via central directory services (Active Directory)
– Vulnerability analysis of connected terminal systems (kiosk PCs, ground staff devices)
– Technical implementation during ongoing operations under strict operating conditions and with prior approval matrix
-
Security testing of transportation and warehouse management systems
-
Analysis of IoT and cloud-based services
-
Employee training on cyber risks
-
Red teaming to check the ability to respond to attacks
-
Application security assessments for web and mobile apps
-
Testing of development and deployment processes
-
Training for developers on secure software development
-
Red Teaming for simulating attackers at application and infrastructure level
-
Tests of customer portals and claims management systems
-
Mobile App Security Assessments
-
Advice on securing IT infrastructures and data
-
Social engineering and red team exercises to strengthen the safety culture
These are the three areas in which corporations and KRITIS operators commission us the most:
Pentesting
Performing targeted penetration tests - manual and detailed, to uncover vulnerabilities in web applications, mobile apps, SAP systems, cloud infrastructures and more.
Managed pentesting
For larger projects, we offer customized managed pentesting services, including the creation of test plans, concept development and continuous vulnerability tracking via your ticket system.
Red Teaming
Holistic attack simulations that test not only technical vulnerabilities, but also the responsiveness of your employees and processes to assess the overall security resilience of your organization
Absolute experts in the field. For over nine years.
Our consulting and auditing company offers you customized solutions and personal support – in a quality that large technology providers, system houses or the BigFour are often unable to provide.
Advantages at a glance
Absolute depth experts
Effective cybersecurity is needs-based, understandable and practicable. However, this is a particular challenge in highly regulated environments with complex IT infrastructures. We know the regulatory requirements and operational realities of your industry and develop effective security solutions tailored to them. Our expertise is based on the essentials: the attacker’s perspective.
Customer focus
We only look after a few major customers each year. This guarantees intensive cooperation, quick decisions and individual security solutions for highly regulated customers, which are often not possible in standardized structures.
Permanent experts
We work exclusively with permanent employees who you can reach personally at any time. We do not use a ticket system or hotline.
Speed and agility
Thanks to our compact, specialized teams, we react immediately to new threats and critical security gaps. We translate changes in the attack situation or new vulnerabilities directly into measures – quickly, specifically and without the delays that often occur in large structures.
Do you already know Managed Pentest?
Leave the entire vulnerability management to us: we create precise test plans for all relevant IT systems – from the network infrastructure to applications, cloud and IoT components through to tracking vulnerabilities in the ticket system. With regular scans and targeted penetration tests, we identify security gaps and support you in continuously improving your IT security situation. We offer you full reporting, dashboards and regular jour fixes so that you can maintain an overview at all times and respond quickly to new threats. Rely on a transparent and efficient security solution that covers all your requirements.
Your contact persons
Security is a matter of trust. With us, you don't talk to a ticket system - you talk directly to experienced experts.
S. Philipp Kalweit is Director Strategy & Consulting with a focus on security awareness and offensive IT auditing. He has been advising SMEs and corporations for nine years, particularly in highly regulated industries. In 2019, he was honored by DIE ZEIT as “Hamburger of the Month” and included in the Forbes 30 under 30 DACH list.
S. Philipp Kalweit
Managing Partner
Dipl.-Wirtsch.-Ing. Günther Paprocki is Managing Partner of KALWEIT ITS. As Director HR & Operations, he is responsible for operations and personnel. With experience from previous positions at Sharp, Philips and Cisco, he brings a breath of fresh air to the consultancy. His focus: strengthening cybersecurity in Germany.
Günther Paprocki
Managing Partner
