About CERTAINITY
Who we are
Our name CERTAINITY is a name combining SecurITY and CERTAINty. We deliberately chose this name because it reflects our claim to bring security to our customers’ cyber environment issues.
We know that due to the high complexity and dynamics of cyber security, there is an immense need for expertise and experience among companies of all sizes and industries, which we cover with our consulting services. We also have the resources to support our customers in exceptional situations - be it cyber security incidents or the implementation of special projects - or to cover peak loads. The CERTAINITY team consists of experienced cyber security experts. Despite the young age of our organisation, our team has a considerable professional experience in the field of cyber security. A wealth of experience that helps us to support companies in increasing their resilience in the cyber security environment so that our clients are better protected against the effects of cyber risks should they occur.
We advise our customers in the areas of Offensive Security (Pentesting, Red Teaming, DDoS Simulations), Defensive Security (Hacker Attack Simulations, Incident Response, Computer Forensics), Process Consulting (Governance Risk and Compliance, Information Security Management, CISO as a Service) and Security Engineering (Security Architecture, Secure Coding, SSDLC) and more.
CERTAINITY is an owner-managed, European company with the aim of supporting customers in all aspects of cyber security and thus creating a resilient environment for our society.
Our values
CERTAINITY was founded out of passion for cyber security and we have been living our values ever since: reliable. trustworthy. bespoke. We know that as a consulting company, we are the sum of our employees. That’s why we put our employees at the centre of our work. We have created an environment in which we enjoy working for our clients with the flattest possible structures, a lot of personal responsibility, short decision-making paths and as little “corporate behaviour” as possible - for which we have been awarded the Great Place to Work award. We are continually working on this.
Our approach
With our practice-orientated approach and our many years of experience, we identify weak points and critical business processes and their dependencies. Based on this, we recommend suitable strategies to avoid or reduce the impact or damage in your company. On request, we can accompany their realisation from conception to implementation. Our consulting approach is based on common standards and best practices, in the development of which members of our team are significantly involved. These include, among others: ISO 27001, NIST Framework, BSI Basic Protection Manual, OWASP WSTG, OWASP ASVS, SABSA, ISO 65443, ISO 18075, openSAMM, MITRE ATT&CK Framework, …
Knowing that for most organisations a complete implementation is neither sensible nor affordable, we take a pragmatic approach depending on the project requirements to avoid gold plating. Security should first and foremost help to secure business processes and not unnecessarily complicate or even prevent them. We also place high demands on our own security and also operate a management system that is not (yet) certified in accordance with ISO27001 and the associated security measures, but we already fulfil relevant security requirements.
Management Board
Ulrich Fleck