For more than two decades, he has been involved in the protection of information systems and the development of cyber security. As a consultant and independent expert, he focuses on assessing the security of information systems and entire organizations through the lens of risk analysis and management and cyber security audits. He actively contributes to raising awareness of cybersecurity and risk management through training, workshops, and professional education. He believes that quality risk management is based on understanding the context, not just numbers, and strives to combine methodological approaches with practical experience from the real environment of organizations.