Nick Falshaw Request a review

Critical infrastructure, made defensible.

I’m Nick Falshaw. For 17+ years I’ve secured enterprise networks in banking, automotive, manufacturing, and regulated infrastructure. Now I help teams harden AI workloads, automate firewall change, and build ISO 27001 programmes that can stand up to a real audit.

Request a security review See the work
LIVE 17 years, distilled
nick@falshaw: ~/security 
$ whoami
Nick Falshaw — AI IT Security Consultant
$ cat focus.txt
AI security engineering
Firewall automation at scale
Cloud & zero trust
ISO 27001 / audit readiness
$ ls ./proof
fwchange.com   # firewall change automation
rogueai.de     # 20+ production AI systems
$ cat creds.txt
AI-102 · AZ-500 · ISO 27001 LI · CEH · TOGAF 9 · CCIE Sec (written)
$ _

Security architecture from firewall rules to AI agents.

Hardening an AI workload, preparing for ISO 27001, or rebuilding network security from first principles? I design controls that survive production pressure, then produce the evidence to prove it.

AI Security Engineering

Agents take action, RAG pipelines expose context, and MCP servers expand the attack surface. I threat-model agentic systems, lock down ingestion, and harden self-hosted LLM stacks before they reach production.

Firewall Automation

Vendor-agnostic change automation grounded in 280+ real migrations. Rule sets that survive audit, segmentation that holds, and automation that removes the human bottleneck.

Cloud & Zero Trust

Identity-first security for Azure and hybrid estates: conditional access, segmentation, and least privilege, prioritised by the risk each control actually removes rather than the logo on the box.

ISO 27001 & Compliance

ISO 27001 from gap analysis through certification, plus NIS2 and DORA readiness for regulated sectors. Passing the audit is the easy part — the goal is a programme that still holds the day something breaks.

Multi-vendor depth

Palo Alto, Check Point, Cisco Firepower & ASA, Fortinet, F5 — normalised to one way of working. Seventeen years across DAX-30 and enterprise estates: banking, automotive, manufacturing, payments, public sector.

Proven, not slideware

Two live platforms back the claims: production code, real deployments, and audit evidence you can inspect. The work is public enough to judge before we speak.

17+years in enterprise cyber
20+production AI systems shipped
280+firewall migrations delivered

Seventeen years close to production.

Production firewalls, regulated audits, and AI systems shipped end-to-end — the record, not the pitch.

  1. 2025 — now

    Independent AI & IT Security Consultant

    Securing AI inside critical infrastructure: agentic threat modelling, RAG and self-hosted LLM hardening, firewall automation, and ISO 27001 programmes. Two live platforms built end-to-end — FwChange.com and RogueAI.de.

    • AI workload security
    • Firewall automation
    • ISO 27001 / NIS2 / DORA
  2. 2010 — 2025

    Senior / Lead Network Security Contractor

    Fifteen years contracting into DAX-30 and enterprise environments — banking, automotive, manufacturing, payments and the public sector. Delivered 280+ firewall migrations and the security architecture behind them, multi-vendor and audit-ready.

    • Palo Alto (Panorama / Cortex / Prisma)
    • Check Point (VSX / Gaia / MDS / ClusterXL)
    • Cisco Firepower / ASA / ACI
    • Fortinet
    • F5 BIG-IP
  3. earlier

    Network & Security Engineering

    Enterprise routing, switching and perimeter security — the grounding that seventeen years of firewall, compliance and now AI-security work is built on.

Certifications

AI-102 — Azure AI Engineer AZ-500 — Azure Security Engineer AI-900 — Azure AI Fundamentals ISO 27001 Lead Implementer CEH — Certified Ethical Hacker TOGAF 9 CCSP CCIE Security (written) CCNP CCDP CCSA · CCSE (Check Point) JNCIA-FWV · JNCIS-FWV (Juniper) Palo Alto EDU-201/205/311/121 F5 BIG-IP LTM ITIL v3 Foundation

Live systems, not credentials alone.

Two live platforms and two regulated specialisms. Open them, read the public evidence, and judge the work before a call.

Product

FwChange.com

Vendor-agnostic firewall change automation. Rule analysis, drift detection, and audit-ready evidence built from 280+ migrations across Palo Alto, Fortinet, Cisco ASA, and Check Point.

Open the platform Portfolio

RogueAI.de

20+ production AI systems built end-to-end: RAG pipelines, autonomous agents, LoRA fine-tuning, and document automation. Self-hosted, Dockerised, and written by one operator.

See the systems

Field notes.

Practical writing on firewalls, compliance, and shipping AI systems that survive real users.

AI SecurityApr 2026

OWASP LLM Top 10: 5 Critical AI Vulnerabilities for 2026

Where production LLM systems break first, based on mapping the OWASP LLM Top 10 against real codebases.

Read AIApr 2026

Shipping Production AI: 20 Hard Lessons from Building RogueAI

Most AI demos die before production. After 20+ systems across RAG, agents, LoRA, and document AI, here is what cost, latency, and deployment teach.

Read Zero TrustApr 2026

Zero Trust Mittelstand: A Pragmatic 90-Day Plan

Zero Trust for the Mittelstand, not the Fortune 500: identity, segmentation, and continuous verification without a full rebuild.

Read FirewallsApr 2026

Firewall Change Automation: 5 Hard Lessons from 200 Audits

Seventeen years inside enterprise firewalls: why change control keeps failing, and why I built FwChange.

Read ConsultingFeb 2026

Cybersecurity Consulting Germany: What Companies Actually Need

Fifteen-plus years across enterprise firewalls, NIS2, incident response, and testing, and what good consulting has to deliver.

Read FirewallsFeb 2026

9 Enterprise Firewall Automation ROI Metrics for 2026

The nine numbers a network security leader needs to justify automation budget and prove the value to the board.

Read vCISOFeb 2026

Virtual CISO Services: 5 Benefits for European SMEs

How a fractional CISO closes the NIS2 + GDPR maturity gap without hiring a senior full-time CISO.

Read StrategyFeb 2026

Security Consulting ROI: 7 Metrics for the Board

The seven numbers that make security spend defensible: risk reduction, audit savings, response speed, and revenue protection.

Read NIS2Feb 2026

Mittelstand NIS2: Why German SMEs Are Dangerously Unprepared

The backbone of Europe’s economy built its advantage through engineering, not security. Here is what BSI deadlines require and how to close the gap.

Read ComplianceFeb 2026

What 15 Years of Enterprise Security Compliance Taught Me

Hundreds of assessments across TISAX, PCI-DSS, ISO 27001, and NIS2, plus the lessons that do not appear in any framework.

Read AI SecurityFeb 2026

7 AI Security Consulting Strategies for European Enterprises

What European enterprises actually need across NIS2, the EU AI Act and AI risk management — what to scope, and where to start.

Read AI SecurityJan 2026

AI Threat Detection: 7 Strategies for CISOs in 2026

How to reduce alert noise, find novel attacker behaviour, and turn detection maturity into evidence the board can understand.

Read

How an engagement works.

The method stays consistent across AI security, firewall automation, and ISO 27001: evidence first, architecture second, implementation third, verification always.

01

Assess

Map what’s really deployed — topology, AI workloads, identity, threat surface, regulatory scope. Facts, not assumptions.

02

Architect

Design the target state and the path to it. AI controls and network defences on one blueprint, prioritised by risk and effort.

03

Implement

Build it: firewall automation, RAG controls, identity, and segmentation hardened against the vectors that actually land.

04

Verify

Prove it under real load. Useful alerting, owned runbooks, and audit evidence produced as part of delivery.

Make the next
security change defensible.

Hiring an AI Security Engineer? Scoping a firewall automation rollout? Preparing an ISO 27001 programme? Tell me what you need to defend and what deadline matters. I reply within one business day.

Prefer not to use a form? Find me on LinkedIn.

Remote across the EU & worldwide