Critical infrastructure, kept calm.

I’m Nick Falshaw. For 17+ years I’ve secured enterprise networks — banking, automotive, manufacturing — and now the place where AI meets them. Firewall automation at scale, agentic threat models, and ISO 27001 programmes that survive a real audit.

Let’s connect See the work

LIVE 17 years, distilled

nick@falshaw: ~/security

$ whoami
Nick Falshaw — AI IT Security Consultant
$ cat focus.txt
AI security engineering
Firewall automation at scale
Cloud & zero trust
ISO 27001 / audit readiness
$ ls ./proof
fwchange.com   # firewall change automation
rogueai.de     # 20+ production AI systems
$ cat creds.txt
AI-102 · AZ-500 · ISO 27001 LI · CEH · TOGAF 9 · CCIE Sec (written)
$ _

From the firewall to the AI agent.

Hardening an AI workload, prepping for an ISO 27001 audit, or rebuilding security from the network up — I design defences that hold under real load, then prove they do.

AI Security Engineering

Agents act, RAG pipelines leak, MCP servers widen the attack surface. I threat-model agentic systems, lock down RAG ingestion, and harden self-hosted LLM stacks — before something embarrassing reaches production.

Firewall Automation

Vendor-agnostic change automation — the discipline behind FwChange.com and 280+ real migrations. Rule sets that survive audit, segmentation that holds, automation that removes the human bottleneck.

Cloud & Zero Trust

Identity-first security for Azure and hybrid estates. Zero Trust isn’t a product you buy — it’s an architecture you commit to. I deploy the controls that move the needle, not the ones that demo well.

ISO 27001 & Compliance

ISO 27001 from gap analysis through certification, plus NIS2 and DORA readiness for regulated sectors. The goal isn’t passing the audit — it’s a programme that holds when something actually breaks.

Multi-vendor depth

Palo Alto, Check Point, Cisco Firepower & ASA, Fortinet, F5 — normalised to one way of working. Seventeen years across DAX-30 and enterprise estates: banking, automotive, manufacturing, payments, public sector.

Proven, not slideware

Two live platforms back every claim — production code you can open right now. I’d rather show the work than talk about it: real deployments, real audit evidence, every line of code mine.

17+years in enterprise cyber

20+production AI systems shipped

280+firewall migrations delivered

Seventeen years, hands on the keyboard.

Not a slide-deck career — production firewalls, regulated audits, and AI systems shipped end-to-end. Here’s the track record.

2025 — now
Independent AI & IT Security Consultant

Securing the seam where AI meets critical infrastructure: agentic threat modelling, RAG and self-hosted LLM hardening, firewall automation, and ISO 27001 programmes. Two live platforms built end-to-end — FwChange.com and RogueAI.de.
- AI workload security
- Firewall automation
- ISO 27001 / NIS2 / DORA
2010 — 2025
Senior / Lead Network Security Contractor

Fifteen years contracting into DAX-30 and enterprise environments — banking, automotive, manufacturing, payments and the public sector. Delivered 280+ firewall migrations and the security architecture behind them, multi-vendor and audit-ready.
- Palo Alto (Panorama / Cortex / Prisma)
- Check Point (VSX / Gaia / MDS / ClusterXL)
- Cisco Firepower / ASA / ACI
- Fortinet
- F5 BIG-IP
earlier

Network & Security Engineering

Enterprise routing, switching and perimeter security — the grounding that seventeen years of firewall, compliance and now AI-security work is built on.

Certifications

AI-102 — Azure AI Engineer AZ-500 — Azure Security Engineer AI-900 — Azure AI Fundamentals ISO 27001 Lead Implementer CEH — Certified Ethical Hacker TOGAF 9 CCSP CCIE Security (written) CCNP CCDP CCSA · CCSE (Check Point) JNCIA-FWV · JNCIS-FWV (Juniper) Palo Alto EDU-201/205/311/121 F5 BIG-IP LTM ITIL v3 Foundation

Live work, not slideware.

Two live platforms and two regulated specialisms — open them, read the code, verify every claim from your desk.

Product

FwChange.com

Vendor-agnostic firewall change automation. Rule analysis, drift detection and audit-ready evidence — built on 280+ real migrations across Palo Alto, Fortinet, Cisco ASA and Check Point.

Open the platform Portfolio

RogueAI.de

20+ production AI systems, built end-to-end — RAG pipelines, autonomous agents, LoRA fine-tuning, document automation. Self-hosted, Dockerised, every line of code mine.

See the systems

Writing.

Field notes from inside production — firewalls, compliance, and shipping AI that survives real users.

AI SecurityApr 2026

OWASP LLM Top 10: 5 Critical AI Vulnerabilities for 2026

A field guide to where production LLM systems actually break — eighteen months mapping the OWASP LLM Top 10 against real codebases.

Read AIApr 2026

Shipping Production AI: 20 Hard Lessons from Building RogueAI

Most AI demos die on the way to production. 20+ systems later — RAG, agents, LoRA, document AI — what cost, latency and deployment really teach you.

Read Zero TrustApr 2026

Zero Trust Mittelstand: A Pragmatic 90-Day Plan

Zero Trust written for the Mittelstand, not the Fortune 500 — phase by phase on identity, segmentation and continuous verification. No boil-the-ocean.

Read FirewallsApr 2026

Firewall Change Automation: 5 Hard Lessons from 200 Audits

Seventeen years inside other people's firewalls — why change control is the same unsolved problem everywhere, and why I built FwChange.

Read ConsultingFeb 2026

Cybersecurity Consulting Germany: What Companies Actually Need

Fifteen-plus years across enterprise firewalls, NIS2, IR and pen testing — and why the way consulting is delivered in Germany is fundamentally broken.

Read FirewallsFeb 2026

9 Enterprise Firewall Automation ROI Metrics for 2026

The nine numbers a network security leader needs to justify the automation budget — and prove the value to the board.

Read vCISOFeb 2026

Virtual CISO Services: 5 Benefits for European SMEs

How a fractional CISO closes the NIS2 + GDPR maturity gap without a six-figure full-time hire.

Read StrategyFeb 2026

7 Security Consulting ROI Metrics Every Business Needs

The seven metrics every CFO asks for before signing off — risk reduction, audit savings, and proving the value upfront.

Read NIS2Feb 2026

Mittelstand NIS2: Why German SMEs Are Dangerously Unprepared

The backbone of Europe's economy built advantage through engineering, not security — what BSI deadlines actually require, and how to close the gap.

Read ComplianceFeb 2026

What 15 Years of Enterprise Security Compliance Taught Me

Hundreds of assessments — TISAX, PCI-DSS, ISO 27001, NIS2 — and the lessons about what auditors actually want that don't appear in any framework.

Read AI SecurityFeb 2026

7 AI Security Consulting Strategies for European Enterprises

What European enterprises actually need across NIS2, the EU AI Act and AI risk management — what to scope, and where to start.

Read AI SecurityJan 2026

AI Threat Detection Strategies Every CISO Needs in 2026

Adversaries now use ML for polymorphic malware and automated phishing. Why signature-based defence alone is fighting today's threats with yesterday's tools.

Read

The path an engagement takes.

Same method every time — a RAG pipeline, a firewall rollout, an ISMS. Risk in, resilience out.

Assess

Map what’s really deployed — topology, AI workloads, identity, threat surface, regulatory scope. Facts, not assumptions.

Architect

Design the target state and the path to it. AI controls and network defences on one blueprint, priced and prioritised.

Implement

Build it — firewall automation, RAG controls, identity, segmentation — every layer hardened against the vectors that actually land.

Verify

Prove it under real load. Alerting that matters, runbooks your team owns, audit evidence that falls out as a byproduct.

Let’s make every
change defensible.

Hiring an AI Security Engineer? Scoping a firewall automation rollout? Need an ISO 27001 programme that survives the audit? Tell me what you’re defending — I reply within 24 hours, no pitch.

Based in Mannheim · remote across the EU & worldwide