About CERTAINITY
Who we are
Our name CERTAINITY is a name combining SecurITY and CERTAINty. We deliberately chose this name because it reflects our claim to bring security to our customers’ cyber environment issues.
We know that due to the high complexity and dynamics of cyber security, there is an immense need for expertise and experience among companies of all sizes and industries, which we cover with our consulting services. We also have the resources to support our customers in exceptional situations - be it cyber security incidents or the implementation of special projects - or to cover peak loads. The CERTAINITY team consists of experienced cyber security experts. Despite the young age of our organisation, our team has a considerable professional experience in the field of cyber security. A wealth of experience that helps us to support companies in increasing their resilience in the cyber security environment so that our clients are better protected against the effects of cyber risks should they occur.
We advise our customers in the areas of Offensive Security (Pentesting, Red Teaming, DDoS Simulations), Defensive Security (Hacker Attack Simulations, Incident Response, Computer Forensics), Process Consulting (Governance Risk and Compliance, Information Security Management, CISO as a Service) and Security Engineering (Security Architecture, Secure Coding, SSDLC) and more.
CERTAINITY is an owner-managed, European company with the aim of supporting customers in all aspects of cyber security and thus creating a resilient environment for our society.
Our values
CERTAINITY was founded out of passion for cyber security and we have been living our values ever since: reliable. trustworthy. bespoke. We know that as a consulting company, we are the sum of our employees. That’s why we put our employees at the centre of our work. We have created an environment in which we enjoy working for our clients with the flattest possible structures, a lot of personal responsibility, short decision-making paths and as little “corporate behaviour” as possible - for which we have been awarded the Great Place to Work award. We are continually working on this.
Our approach
With our practice-orientated approach and our many years of experience, we identify weak points and critical business processes and their dependencies. Based on this, we recommend suitable strategies to avoid or reduce the impact or damage in your company. On request, we can accompany their realisation from conception to implementation. Our consulting approach is based on common standards and best practices, in the development of which members of our team are significantly involved. These include, among others: ISO 27001, NIST Framework, BSI Basic Protection Manual, OWASP WSTG, OWASP ASVS, SABSA, ISO 65443, ISO 18075, openSAMM, MITRE ATT&CK Framework, …
Knowing that for most organisations a complete implementation is neither sensible nor affordable, we take a pragmatic approach depending on the project requirements to avoid gold plating. Security should first and foremost help to secure business processes and not unnecessarily complicate or even prevent them. We also place high demands on our own security and also operate a management system that is not (yet) certified in accordance with ISO27001 and the associated security measures, but we already fulfil relevant security requirements.
Management Board
Theresa Mosing - Head of Sales
Theresa Mosing has more than 20 years of sales experience. As a partner at CERTAINITY, she has been in charge of sales since February 2023.
For the last 11 years, Theresa has worked as an Account Manager, Account Executive and Director of Sales at a renowned Austrian consulting company for IT security and information security.
She has extensive knowledge in the field of IT and information security. She is passionate about building lasting customer relationships based on trust.
In addition to developing solution-orientated concepts, she ensures excellent and fast communication with CERTAINITY’s cyber security experts.
Michael Brunner - Head of Secure Engineering
As a partner at CERTAINITY, Michael Brunner, PhD has headed the Security Engineering division since June 2022.
He has been working as a security architect, management consultant and software engineer for over 20 years.
As part of his dissertation, Michael researched new ways of more efficient information security and IT risk management in international projects.
Michael’s main areas of expertise are secure software and product development, the implementation of security architectures and the establishment of associated processes - particularly in areas of critical infrastructure.
Michael also manages the CERTAINITY office in Innsbruck.
Fabian Mittermair - Head of Offensive Security
After completing his training as a network technician and system administrator, he went on to study engineering at the University in St. Pölten, specialising in technical IT security and information security.
In 2010, he entered the cyber security industry as an ethical hacker and security consultant. Since then, Fabian has worked in various roles in Germany and Austria. His goal has always been to support companies and organisations in preventively identifying security vulnerabilities and establishing appropriate protective measures.
He has been responsible for the Offensive Security division at CERTAINITY since mid-2023.
Florian Walther - Head of Defensive Security
As a partner at CERTAINITY, Florian Walther is the Head of Defensive Security.
Florian has more than 25 years of professional experience in the field of IT security. He has practical experience of both the offensive and defensive side of IT security.
Florian worked as a penetration tester for 15 years, analysing a wide range of systems for vulnerabilities. From digital ID documents, websites and applications to production lines in mechanical engineering and control centres in the energy sector, he has tested practically everything.
For more than 10 years, Florian has focused primarily on the defensive aspects of IT security. Florian has gained experience in this area as a malware analyst for international financial service providers, as an incident manager, incident responder and threat hunter. Florian has led and built up several incident response teams.
Christoph Zajic - Head of Process Consulting
Christoph Zajic, MSc MBA has over 30 years of experience in the banking environment and was the CISO of Investkredit Bank AG, the ÖVAG Group and the Volksbank Association.
On behalf of the Volksbank Association, he was responsible for the ISO 27001 certification project of the ARZ data centre of the Volks- Hypo- and Private banks. He then moved into consulting.
Since 2022, he has been responsible for the Process Consulting division at CERTAINITY with the main areas of CISO as a Service, ISO 27001 consulting and certification support, data protection, business continuity management, project management (NIS2, DORA), audit and awareness.
Maximilian Burger-Scheidlin - Chief Finance Officer
Maximilian Burger-Scheidlin has been CFO of the CERTAINITY Group since 2024 and is responsible for Finance and Administration.
As Head of Group Controlling at the GrECo Group, he is also responsible for Group controlling.
He previously worked for many years as an auditor at Deloitte in Austria and the USA.
Ulrich Fleck - Chief Executive Officer
Ulrich Fleck beschäftigt sich seit 1998 mit dem Thema Sicherheit in der Informationstechnologie.
He became the CEO of the CERTAINITY Group in 2023 and since then advises clients worldwide in the areas of defensive security, forensics and incident response (DFIR), security governance, risk and compliance (GRC) and security engineering.
He previously held management positions at ATOS (now Eviden), ONEKEY and SEC Consult Group, where he was Chief Revenue Officer and was largely responsible for international growth. Further stations in his career were EFS and CSC (now DXC).