Blackfort Technology
Blackfort Technology

The Company

Specialised at the intersection of regulatory requirements and technical implementation.

Blackfort Technology is an owner-managed information security consultancy headquartered in Bonn.

Background

Information security rarely fails because concepts are missing. It fails because of the gap between what is documented and what is actually implemented in the systems.

The gap analysis is complete. The audit has been passed. Measures are captured in a roadmap. But in the organisation's system landscape, little has changed. This gap does not arise from malice or negligence — it arises because regulatory expertise and technical implementation capability rarely sit in the same hands.

Compliance consultants know NIS2, DORA and ISO 27001. But they do not implement Active Directory tiering concepts or configure SIEM rules. System integrators can install security components. But they do not translate audit requirements into technical architectures that will withstand regulatory scrutiny.

Blackfort Technology works precisely at this intersection. Regulatory classification and technical implementation are not separate services that need to be coordinated — they come from the same project, with the same people.

How We Work

Architecture over paper compliance

Security concepts that are never translated into system architecture are snapshots. From the outset we work towards ensuring that every measure can actually be implemented — under the operational conditions and with the technical stack of each organisation.

Implementation, not handover

We do not produce recommendation documents that are then passed around internally. We accompany implementation: in the systems, with the teams, under real operating conditions. The outcome of a project is an implemented measure, not a closed report.

Regulation as context, not an end in itself

NIS2, DORA, ISO 27001 and the Cyber Resilience Act set the framework. But the framework is not the goal. The goal is an organisation that is genuinely more resilient. Compliance is the result of good security work — not a substitute for it.

Founder & Managing Director

Christian Gebhardt, Founder & Managing Director Blackfort Technology
Christian Gebhardt
Managing Director since 2017
2020–2024
Deputy CISO
Gothaer Versicherung
2021–2022
Managing Director
ArcSin GmbH
2017–2019
Audit Specialist
Deutsche Bank Group
2015–2016
Senior Consultant
TÜV Trust IT
2014–2015
IT Security Consultant
exceet Secure Solutions
2011–2014
IT Solution Architect
BWI Informationstechnik
Permanent member of the AI Expert Working Group
Alliance for Cyber Security / BSI
Lead author: “Guidelines for Penetration Testing
of Large Language Models” (ACS/BSI)

Christian Gebhardt founded Blackfort Technology in 2017 — alongside his role as an audit specialist at Deutsche Bank.

The professional background he brought with him continues to shape how Blackfort works today. His career began as a working student at BWI Informationstechnik — the IT service provider of the German Federal Armed Forces — where he spent seven years, ultimately as an IT Solution Architect responsible for directory services, identity and access management, and the connection to the Federal PKI. This was followed by roles at exceet Secure Solutions in the Gematik telehealth infrastructure with a focus on PKI and Hardware Security Modules, and at TÜV Trust IT, where he led ISO 27001 ISMS build-out projects at municipal critical infrastructure organisations.

Deutsche Bank opened the perspective of independent review: audit leadership in highly regulated domains — BAIT, MaRisk, ZAG, KRITIS — covering topics such as information security management, payment processing, PKI and data centre security. This experience often revealed just how far apart documented requirements and lived practice can be.

After his role as Information Security Officer at Gothaer Versicherung, he became Deputy CISO in 2021, leading the information security team with a direct reporting line to the Chief Information Officer on the Board.

In parallel, from 2021 to 2022 he served as Managing Director of ArcSin GmbH, a company specialising in artificial intelligence and cryptography with a focus on massively parallel processing in distributed systems — an early engagement with AI architecture well before the topic became mainstream for security organisations.

In the field of AI security, he is a permanent member of the AI Expert Working Group of the Alliance for Cyber Security (ACS/BSI) and lead author of the “Guidelines for Penetration Testing of Large Language Models” — one of the first methodological frameworks of its kind in the German-speaking world.

Company Development

Built with deliberation.
Not with haste.

Blackfort Technology was founded in Bonn in 2017. The early years were deliberately focused on organic growth: building expertise and robust processes, not structures designed for rapid scale. References came through recommendations, not acquisition machinery.

Since then, Blackfort Technology has supported organisations from regulated sectors — financial services, telecommunications, healthcare, energy, IT service providers, software companies — in implementing information security requirements.

Since 2017
Owner-managed, Bonn
NIS2 · DORA · CRA
Regulatory expertise
ISO 27001
Consulting & certification support

References

Selected clients.

Horváth AGVariolytics GmbHLapID Service GmbHSUMUS SoftwareAurum ConsultingRED Globalaquatune GmbH3steps2webVuca SimulationsDESH DatenserviceReimbold ImmobilienPraxis Dr. KsendsowskiZahnfeeBullets Playing Cards
View all reference projects
“Information security only becomes effective when concept and implementation are genuinely thought through together.”

That is the standard Blackfort Technology brings to every engagement — and how we close the gap between regulatory requirements and technical reality.

Request an initial consultation