Cybersecurity · NIS2 · CRA · AI Governance

Axel Hoehnke

Strategic advisory for EU regulatory frameworks — delivering audit-ready compliance in weeks, not months, for mid-market companies across the DACH region.

Get a Quote View Services →

Shadow AI Your organisation is already using AI tools that no one approved ISO 42001 Lead Auditor certified for AI Management Systems

80% Less Manual audit prep time via Vanta GRC automation

About the Practice

What I Do

Organisations navigating ISO 27001, NIS2, and the EU Cyber Resilience Act face a persistent challenge: translating regulation into operational reality without drowning in bureaucracy.

My practice delivers audit-ready compliance in weeks, not months. I map requirements to your existing infrastructure and implement only what regulators actually verify. The result is robust security without unnecessary overhead.

Service Portfolio

A Systematic Approach

Evidence-based methodology — scoped before it starts, finished when it's done.

Strategic

Virtual CISO & Advisory

Strategic leadership without the cost of a full-time executive. Ideal for scale-ups requiring immediate governance.

Strategy for ISO 27001, NIS2, CRA
Risk assessment (ISO 27005)
Board-level reporting

Automation

GRC Automation — Vanta

Managed compliance for cloud-native organisations, reducing manual workload by up to 80% through automation.

Vanta setup & integration
SOC 2 & ISO 27001 onboarding
Continuous drift monitoring

EU Regulation

NIS2 Readiness

Applicability confirmation, gap analysis, and action plans mapped directly to Article 21 obligations.

Applicability assessment
Gap analysis & prioritised actions
Incident response preparation

EU Regulation

CRA Compliance

Product risk classification and SBOM programme aligned to the EU Cyber Resilience Act.

Product risk classification
SBOM & SDLC integration
CE-readiness preparation

Technical

Network Security

Validated controls for defensible protection, including autonomous penetration testing via NodeZero.

NodeZero autonomous pentesting
Zero-trust architecture
Supply chain risk management

Training

Workshops & Training

Scenario-based learning for technical and non-technical teams. ISO 42001 AI governance included.

Proactive Cyber Defense
AI Management (ISO 42001)
Infrastructure Security Labs

Engagement Model

4-Week Compliance Sprint

A rapid-deployment programme for SMEs — foundation-level compliance from day one.

Week 01

Orientation & Initial Analysis

Kickoff with leadership and IT stakeholders
CyberCheck Basic assessment (BSI/ENISA-aligned)
Mapping of NIS2, ISO 27001, and CRA relevance

Week 02

Risk Assessment

Identification of Top-5 risks & critical business processes
Rapid risk scoring (aligned with ISO 27005)
Quick-win mitigation planning

Week 03

Documentation & Governance

RACI framework — role & responsibility assignment
Basic IT operations documentation & risk register
Audit-ready compliance overview

Week 04

Awareness & Incident Readiness

Security awareness workshop for staff
Incident response plan with escalation paths
60/90-day roadmap for continued maturity

Programme Outcome: Foundation-level compliance, a documented risk posture, and a clear, defensible path to certification.

ISO 27001 · Real Engagements

Case Studies

Two live engagements — one Stage 2 certification sprint, one internal audit. Real findings, real outcomes.

Stage 2 Certification · Zürich, Switzerland

Legal AI Technology Company

Two-week sprint addressing Stage 1 open findings. Both non-conformities raised at Stage 2 resolved via accepted corrective action records. Certification confirmed by the British Assessment Bureau within ten days of audit close.

Read Case Study → ↓ PDF

Internal Audit · Stage 1 Prep · Austria

Medical Diagnostics Provider

Two-week internal audit with Vanta platform access. Fifteen specific evidence gaps identified and mapped to ISO 27001:2022 controls. Report uploaded directly to Vanta. Engagement led to a 6-month vCISO retainer.

Read Case Study → ↓ PDF

Credentials