A father, a tech guy, an incident responder, and a forensic enthusiast — with 15+ years turning complex IT and security incidents into actionable intelligence.
My journey into IT started in 2010 at Galexis AG in Niederbipp, Switzerland's leading healthcare wholesaler. Over five years I progressed from system specialist to client engineer to system engineer — learning how large-scale infrastructure actually works from the inside out: data centre operations, SCCM environments, software packaging, and the day-to-day reality of keeping enterprise systems running.
In 2015 I moved to SRG SSR, the Swiss national broadcasting corporation, as a Workplace Engineer. Managing endpoints, mobile devices (Intune, AirWatch), and security concepts for a public media organization gave me my first real taste of how critical security posture is — and how often it's an afterthought.
From there I joined Avectris AG in Baden as a Senior System Engineer, leading client infrastructure projects, before moving to BDO AG in Solothurn where I took on client security hardening and SharePoint operations. Each role sharpened my understanding of enterprise architecture — and the attack surface it creates. By 2019, I had earned my OSCP certification, and the shift from building systems to breaking (and defending) them felt inevitable.
In 2020, I joined InfoGuard AG as a Security Engineer, and within two years transitioned into their CSIRT — the Computer Security Incident Response Team. For over three years, I was on the front lines: detecting, analyzing, containing, and recovering from security incidents for 300+ business customers across Switzerland, Germany, and Austria.
From ransomware investigations (Akira, Abyss) to Business Email Compromise analysis, from building internal CSIRT toolchains to technically managing Tier 2 analysts — every incident taught me something new. That curiosity is what drives this blog: turning real-world cases into research that helps the community.
Then, in early 2024, a new chapter opened. The AI revolution wasn't just a headline anymore — it was reshaping the way security professionals work, think, and build. I dove in headfirst.
What started as curiosity about OpenAI's ChatGPT quickly turned into an obsession with understanding the full landscape: Anthropic's Claude and Claude Code for pair-programming and deep reasoning, Cursor for AI-native development workflows, Google Gemini for multimodal research — I spent hundreds of hours exploring how these tools could amplify what a single security researcher is capable of.
The impact was transformative. Tasks that once took days — writing detection rules, triaging log volumes, prototyping tooling — suddenly collapsed into hours. I started building AI-augmented workflows for threat intelligence analysis, using LLMs to accelerate malware triage, and leveraging Claude Code to architect entire applications from the ground up.
This very blog is a product of that journey: a full-stack Next.js platform built with AI as a daily co-pilot, not a novelty.
I became convinced that the intersection of cybersecurity and AI is where the most meaningful work of the next decade will happen — and I wanted to be at that frontier, not watching from the sidelines.
When I'm not chasing threats or prompting LLMs, you'll find me cycling uphill, snowboarding, or at the gym. I'm also the CTO and co-founder of aroundchess AG, a chess e-learning platform based in Zug — another project born from the conviction that AI can fundamentally change how we learn.
End-to-end IR for enterprise environments
Static & dynamic analysis, reverse engineering
Proactive detection across endpoints & networks
YARA, Sigma, and custom detection rules
Disk, memory, and network forensics
Python, Bash, PowerShell automation
aroundchess AG
Zug, Switzerland
Building a chess e-learning platform from the ground up.
InfoGuard AG — CSIRT
Baar, Switzerland
Led incident response investigations for 300+ enterprise customers across Switzerland, Germany, and Austria. Developed EDR solutions, built internal CSIRT toolchains, conducted threat hunting and compromise assessments, and technically managed Tier 2 analysts.
InfoGuard AG
Bern, Switzerland
Security engineering in the Cyber Defence Center — detection, monitoring, and response services.
BDO AG
Solothurn, Switzerland
Enterprise infrastructure and system engineering.
Avectris AG
Baden, Switzerland
Workplace engineering and enterprise systems.
SRG SSR
Bern, Switzerland
IT operations for the Swiss national broadcasting corporation.
Galexis AG
Niederbipp, Switzerland
Progressed from system specialist to client engineer to system engineer over five years.
Offensive Security
SANS / GIAC
TCM Security
Palo Alto Networks
Splunk
Bern University (BFH)
ICT System & Network Technician — Federal Diploma (eidg. Fachausweis), IFA Zurich, 2017
Whether it's incident response, threat research, or just a good conversation about detection engineering — I'm always happy to connect.