Secure IT Architecture
Integrate security into your enterprise architecture using a layered approach — business, data, application, and technology / infrastructure tiers, all reinforcing each other.
// Profile.init()
Dimitris
Gkoutzamanis
Two decades building, securing, and auditing the infrastructure that runs serious businesses. I help organizations turn information security from a checkbox into an operational advantage — across architecture, governance, and the people who keep it all running.
#What I Do
IT Security
Information Security Audit
Security evaluation of your information systems — confirming configurations are right, controls are working, and that what's supposed to be protected actually is.
IT Operations
Ensuring systems, services, and infrastructure operate reliably and securely — predictable change, telemetry that matters, and clean handoffs between teams.
Security Hardening
Locking down servers, endpoints, and cloud workloads to industry baselines — closing the default-config gaps attackers count on before they ever get the chance.
Web Application Security
Reviewing and securing the web applications your customers and staff rely on — from authentication and input handling to the logic flaws automated scanners miss.
Cloud Security Assessment
Reviewing your cloud deployments and configurations against best practice — identity, exposure, and the quiet misconfigurations that turn into incidents.
Risk Management
Risk Assessments & Management
I will identify, quantify, and prioritise the risks that can affect your critical assets — tied to treatments that make business sense, not just a colour-coded scoreboard.
Vulnerability Management
A continuous process to find, triage, and remediate weaknesses across your systems — with results that map to remediation, not just a colour-coded scoreboard.
InfoSec Policies & Procedures
You think you don't need them until you realize you do. Composed so they serve you — not the other way around — and actually get used by the people they're written for.
Business Continuity & Disaster Recovery
Plans you can actually execute when something goes wrong — so a bad day stays a bad day instead of becoming an existential one.
Gap Analysis
Where you are versus where you need to be — measured honestly, with a prioritised roadmap to close the gap rather than a list of everything that's wrong.
Security Training
Awareness for your staff and deep technical training for your IT team — tailored to your business, so security becomes a habit instead of a poster on the wall.
Adversary Simulation
Attack Simulation & Penetration Testing
Controlled offensive exercises that test your defences against realistic threats — methodically finding the ways an attacker would get in, and what it takes to stop them.
Phishing & Social Engineering
Measuring your team's resilience to the human side of attacks — and improving it — with realistic campaigns that teach rather than just catch people out.
Attack Surface Mapping
An attacker's view of your organisation — what's exposed, what's reachable, and what's actually exploitable across everything facing the internet.
Wireless Security Assessment
A security review of your wireless access points, encryption, and segmentation — including rogue-device and evil-twin detection across your sites.
Device Security Testing
Technical and physical testing of devices for data extraction and tampering — assessing what an attacker could pull from hardware they get their hands on.
Compliance
ISO/IEC 27001
From scoping and gap analysis through Statement of Applicability to audit readiness — building an ISMS that earns the certificate and survives the surveillance audits.
ISO/IEC 27000 Family
Aligning your ISMS with the broader family of information security standards — 27002, 27005, 27017, 27018 and friends — so the framework fits how you actually operate.
GDPR — Security of Processing
The technical and organisational security measures GDPR Article 32 expects — implemented, documented, and assessed so "security of processing" is more than a clause in a policy.
DORA & NIS2 Readiness
Getting in-scope entities ready for the ICT-risk and cyber-resilience obligations of DORA and NIS2 — mapping the requirements to controls you can actually evidence.
AI Security & Governance
AI Vendor Due Diligence & Onboarding
A decision gate for AI tools and vendors — assessed for data handling, security, and risk before they ever touch your data.
AI System Security Assessment
Reviewing deployed AI for prompt-injection, data-exposure, and unsafe-action risk — testing how it behaves when someone deliberately tries to misuse it.
AI Governance Framework Design
The policies, AI register, and approval workflow that keep AI use under control — so your teams can adopt it without the organisation losing track of where it's running.
Continuous AI Governance Assurance
Recurring review that keeps your AI register, risks, and controls current — because the models, the vendors, and the regulations don't stand still.
#Quick Facts
15+
Professional
Certifications
Certifications
20+
Years of
Experience
Experience
12
Industries
Served
Served
5
Practice
Areas
Areas
∞
Still
Learning
Learning