I help companies implement ISO 27001, NIS2, GDPR, TISAX, DORA, SOC 2, PCI DSS, HIPAA and NIST — with structure, not guesswork.
What started as a passion for technology in Bosnia evolved into a mission to strengthen the security and resilience of European organizations. Through hands-on work in industry, energy, and automotive environments, I saw the same recurring challenge.
Most companies knew they needed cybersecurity but didn't know where to start. Traditional assessments were often too expensive, too complex, or simply not designed for the realities of small and mid-sized businesses.
That's why I built this ecosystem — a structured system that makes cybersecurity and compliance practical, transparent, and outcome-driven for every organization.
After years of consulting, I saw the same pattern: companies struggling with fragmented tools, unclear processes, and advisors who left them with binders full of policies but little real implementation.
So I built an integrated system — tools and expertise that work together to take you from risk identification to audit readiness.
Identify risks
A fast, automated assessment that reviews your current security posture and highlights gaps — giving you clarity on where you stand.
Manage compliance
A centralized GRC platform to manage your compliance documentation, track audit progress, and collaborate with your team — all in one place.
Implement strategy
When you need hands-on guidance, I work directly with your team to implement controls, prepare for audits, and build a security culture that lasts.
"These tools work together. Start with an assessment, manage your journey in the platform, and bring in consulting when you need expert hands."
After years of advising organizations on security and compliance, I kept seeing the same pattern: companies knew they had a problem, but had no clear, affordable way to find out where they actually stood — or what to do next.
Consultants delivered thick reports that gathered dust. Tools were either enterprise-priced or too shallow to be useful. The gap between knowing and doing was where good intentions went to die.
So I built the ecosystem I wished my clients had: a free assessment to reveal the gaps, hands-on consulting to close them, and a platform to keep everything audit-ready — all connected, all reinforcing each other.
A free, automated assessment that shows exactly where you stand — no jargon, no sales call required.
Senior, independent consulting that turns findings into a prioritized, realistic roadmap.
A GRC platform that keeps your program living and audit-ready throughout the year.
CyberHealth360 tells you where you stand. ComplianceHub360 takes you the rest of the way to audit-ready.
A free, 5-minute automated assessment that scans your security posture and shows exactly where your gaps are — no consultant required. Get an instant risk score and a prioritized roadmap mapped to the frameworks that matter to your business.
A centralized GRC platform where you manage every framework, track audit progress, and collaborate with your team in one place. Turn your assessment results into a living compliance program that stays audit-ready year-round.
External Lecturer
IT Security — HDBW Hochschule
Sandy bridges two worlds that rarely meet: hands-on industry consulting and academic teaching. As an external lecturer in IT Security, he helps shape the next generation of security professionals while applying the same rigor to every client engagement.
This dual perspective means your organization benefits from approaches that are both academically sound and proven in real audits — not theory for its own sake, and not shortcuts that fail under scrutiny.
The experience behind the ecosystem — spanning hands-on security work, governance leadership and teaching the next generation.
Hands-on work securing infrastructure and systems — learning how attacks and failures actually happen, not just how they look in textbooks.
Leading ISO 27001, TISAX and GDPR programs across regulated sectors, translating standards into controls organizations can sustain.
Advising organizations across healthcare, finance, manufacturing and critical infrastructure as a trusted, independent security partner.
Combining consulting, an academic teaching role in IT Security and the CyberHealth360 and ComplianceHub360 platforms into one ecosystem.
A transparent view of where my expertise runs deepest — so you know exactly what you are getting.
Depth of hands-on experience with each framework.
Tailored guidance for the regulatory realities of your industry.
Deep-dive guidance on the standards and regulations that matter most to your organization.
We assess your current security posture and identify compliance gaps.
We create a clear roadmap based on your business needs and risk profile.
We implement the controls and processes that protect your business.
Clear pricing. Clear outcomes. Choose the service that fits your needs.
Complete information security management system setup and certification support.
An audit-ready organization with a structured ISMS.
European cybersecurity directive readiness for organizations in scope.
Regulatory readiness aligned with NIS2 requirements.
Automotive industry security assessment and certification preparation.
Qualify as a trusted partner in the automotive supply chain.
Data protection regulation compliance and privacy management.
Reduced exposure to data protection penalties.
Vulnerability assessments, penetration testing, and security auditing.
Measurable risk reduction with a clear remediation plan.
Power Automate and SharePoint integration for secure workflows.
More efficient, secure and repeatable processes.
Identify your risks and compliance gaps in minutes with CyberHealth360.
Expertise across international cybersecurity standards and regulatory frameworks.
Information Security Management
EU Cybersecurity Directive
Automotive Security Standard
Data Protection Regulation
Anonymized examples drawn from real engagements across regulated sectors.
A growing pharma company needed to demonstrate robust information security to international partners but had no formal ISMS in place.
Ran a structured gap analysis, then built a proportionate ISO 27001 management system aligned to how their teams actually worked.
Reached certification readiness with an ISMS the internal team could sustain — and the credibility to satisfy partner due diligence.
A regional energy provider faced expanded obligations under NIS2 and was unsure which requirements applied to them.
Clarified scope and entity classification, mapped existing controls against NIS2, and prioritized the gaps that mattered most.
A clear, board-approved roadmap to compliance and measurably improved resilience against the most relevant threats.
A tier supplier risked losing contracts without a valid TISAX label and limited internal security maturity.
Prepared the organization for assessment — closing control gaps, structuring evidence and coaching the team through the process.
Successfully positioned for the required TISAX label, protecting existing contracts and unlocking new business.
Case studies are anonymized to protect client confidentiality. Outcomes are described qualitatively.
Flexible engagement models designed around your needs, your team and your timezone.
Most consulting, workshops and reviews are delivered efficiently online, wherever you are based.
For assessments, workshops and key milestones, on-site engagement across the DACH region and EU is available.
Engagements, documentation and stakeholder communication delivered in both English and German.
Start with a free assessment or book a 30-minute consultation — no commitment required.
Book a consultation to discuss your cybersecurity needs and how we can help protect your business.