Information Security —
from regulation to implementation.
Blackfort Technology combines regulatory expertise with technical security implementation and AI competence – for organisations that need security not just on paper.
Why Security Programmes Fail
The problem is not the regulation. It is the gap between concept and implementation.
Security programmes rarely fail because no concept exists – they fail because of the gap between regulatory requirements and technical reality. Blackfort Technology operates precisely at this interface: from analysis through to implementation, in the same projects, with the same teams.
“Strategy consulting without IT architecture is like a chef without a kitchen.”
Christian Gebhardt
Founder & Managing Director, Blackfort Technology
Partner of the Alliance for Cyber Security (BSI)
Competency Areas
Three areas. One consultancy.
Most IT security consultancies are strong in one of these areas. We cover all three – and connect them in projects that are successfully and sustainably implemented.
Understanding, prioritising, and translating regulatory requirements into measures.
The regulatory landscape has changed fundamentally over the past three years. NIS2 significantly expands the circle of obligated organisations and raises requirements for security measures, reporting obligations, and governance structures. DORA imposes binding ICT resilience requirements across the entire financial sector. The Cyber Resilience Act obligates product manufacturers to implement security by design.
These requirements cannot be met through one-off audits or ticked checklists. They require an information security management system that is genuinely lived – with clear responsibilities, documented processes, and the ability to respond to operational changes.
We accompany organisations from the first gap analysis through to certification. This includes building ISMS structures, developing security concepts and policies, preparing for external audits, and ongoing support as an external information security officer.
All Consulting ServicesIdentifying vulnerabilities, hardening systems, building security infrastructure.
Information security is not a paper exercise. Every requirement from the regulatory framework must be reflected in a technical measure: a process, a system configuration, a monitoring rule, or a network segmentation.
In practice, we regularly encounter the same gaps: no systematic patch management, insufficient or inconsistent logging, an Active Directory that has accumulated attack surfaces over years, or missing controls over privileged access. These problems are known. Yet they remain unaddressed – because technical implementation goes beyond a classic consulting engagement.
We take on this technical implementation: vulnerability analysis and penetration testing, system hardening to CIS Benchmarks, Active Directory hardening against Pass-the-Hash and Kerberoasting, PKI deployment, SBOM management, and centralised logging with SIEM integration. Not just as a one-off project, but with sustainable integration into your processes.
Penetration Testing & Technical Security SolutionsDeveloping, integrating, and operating AI systems securely and under control.
AI systems are no longer a future challenge. They are today integrated into production processes, customer interactions, and decision support systems. And they generate risks for which classical security approaches have no established answers.
Prompt injection attacks on language models cannot be repelled with a firewall ruleset. Opaque decision logic in regulated environments generates liability risks that neither DORA nor NIS2 explicitly address. The EU AI Act introduces new compliance requirements for high-risk AI systems, whose implementation requires technical documentation and traceability.
As a permanent member of the AI working group of the Alliance for Cyber Security (ACS/BSI) and lead authors of one of the first methodological guides to LLM pentesting in the German-speaking world, AI security is a dedicated competency at Blackfort. Our offering covers AI governance, technical security testing, LLM pentesting, and monitoring for AI-assisted processes in regulated environments.
AI Security at Blackfort TechnologyProprietary Solutions
Security solutions developed in-house.
Blackfort Security Bridge
Automated integration of Microsoft Defender and Jira – vulnerability findings routed directly into structured tickets.
Independent Log Vault
Tamper-proof, audit-compliant log retention. Independent of the production SIEM – for compliance evidence and forensics.
Privileged Access Bridge
Privileged access without VPN, without agents, with a complete audit trail. For service providers and internal administrators.
Threat Exposure Filter
CERT and CVE alerts filtered to your own infrastructure – no generic newsletters, only relevant signal intelligence.
Sector Expertise
Regulation and technology are sector-specific.
Each sector brings its own regulatory requirements, attack vectors, and operational realities. Our projects are contextualised accordingly – not generic.
Research & Analysis
Security Insights & Research
Technical analyses, security research, detection engineering, and regulatory and operational cybersecurity topics – straight from the field.
BSI TR-03184 in Practice: Securing Space Systems with ISO 27001 and IT-Grundschutz Experience
BSI TR-03184 governs information security for space systems — space and ground segment. How the requirements translate into practice with years of ISO 27001 and BSI IT-Grundschutz experience.
NIS2 for the Space Sector: What the GOVSATCOM Hub Cologne Means for Ground Station Operators
NIS2 classifies the space sector as highly critical. With GOVSATCOM Hub and SpaceHub Cologne, new infrastructure is emerging in Cologne — what this means for cybersecurity under BSI TR-03184.
Check Point VPN CVE-2026-50751: Active Exploitation Detected
Critical authentication bypass CVE-2026-50751 in Check Point VPN is being actively exploited. CVSS 9.3, CISA KEV, IKEv1 certificate validation bypass — Qilin ransomware affiliate activity observed.
NIS2 for the Space Sector: What the GOVSATCOM Hub Cologne Means for Ground Station Operators
NIS2 classifies the space sector as highly critical. With GOVSATCOM Hub and SpaceHub Cologne, new infrastructure is emerging in Cologne — what this means for cybersecurity under BSI TR-03184.
GreenPlasma: Arbitrary Section Creation on Windows – Analysis and Detection
Technical analysis of the GreenPlasma PoC (Nightmare-Eclipse): Object Manager symlinks and registry link abuse as a privilege escalation chain on Windows 11 – with Sysmon and Wazuh detection rules.
Indirect Prompt Injection: A New Threat to Enterprise AI
Indirect prompt injection attacks on enterprise AI agents are up 32%. Attackers hide commands in emails and documents. Protective measures are essential.
Request a Consultation
How can we help you?
Every conversation starts with a specific question. Choose the starting point that best matches your current situation.
NIS2 Scope Analysis
Is your organisation subject to NIS2? To what extent? What are the specific areas requiring action? We clarify this in a structured initial consultation.
DORA Gap Assessment
How far is your organisation from DORA compliance? Where are the largest gaps in ICT risk management? What needs to be addressed first?
Security Architecture Review
A systematic analysis of your IT architecture: vulnerabilities, attack surfaces, structural gaps. Result: concrete measures, prioritised by risk.
AI Security Assessment
Which AI systems are in operation? What risks arise? What does an appropriate security architecture look like? A consultation with a concrete outcome.