About sndnss
Soundness. Solid. Secure.
The company
sndnss aps was founded in 2024 with a clear thesis: security decisions should be driven by verified data, not assumptions. The name is the standard. Sound data. Sound decisions. Sound security.
We operate across two tracks. The consulting practice delivers enterprise cybersecurity services: incident response, Active Directory architecture, compliance strategy, and board advisory. The platform team builds structured data products that turn security frameworks into machine-readable, queryable, automation-ready systems.
Both tracks serve the same purpose: making security measurable, verifiable, and accountable. We do not sell fear. We build evidence.
How we work
Verify
We start by validating what exists. Assess current controls, test assumptions, map actual coverage against framework requirements. No recommendations without evidence.
Structure
Turn findings into structured, traceable data. Map controls to framework requirements, document dependencies, and build the baseline that every future decision can reference.
Act
Implement with priority grounded in data. Dependency-aware sequencing ensures foundational controls come first. Every action is measurable and accountable.
Finding structure in complexity
Most security data, whether published frameworks, internal compliance records, or vendor documentation, contains hidden structure that nobody has mapped. Dependencies between controls, implementation sequences, overlapping requirements across regulations. It is there, but it takes systematic work to surface it.
We identify, extract, and structure that data, turning it into something queryable, verifiable, and actionable. This applies equally to published framework materials and to our clients' own data. If the structure exists, we will find it. If it does not, we will build it.
Dependency mapping
Identifying which controls depend on others, enabling priority-based implementation instead of checkbox compliance.
Cross-framework alignment
Mapping requirements across NIS2, CIS, ISO 27001, and DORA so one implementation satisfies multiple regulatory obligations.
Data quality validation
Systematic verification of source data before building on it. Whether industry frameworks or client records, the foundation must be sound.
The experience behind sndnss
sndnss was founded on 20+ years of hands-on enterprise security across critical infrastructure sectors and three continents. Selected engagements from the founder's career, anonymised.
Mining company, Africa
2022Enterprise ransomware IR. Full AD rebuild from scratch, Administrative Tiering Model, hardening across IT and OT environments.
Pharmaceutical company, Netherlands
2024Ransomware IR and recovery. AD rebuild, tiering, hardening, forensics and PowerShell script analysis.
Pharmaceutical company, US
2024Greenfield AD design and build. Administrative Tiering Model, CIS Benchmark Level 2 hardening.
Telecommunications company, Scandinavia
Multi-yearAdvisor to the Cyber Security Uplift Programme Manager. NIS2 compliance navigation using CIS Framework with mappings to ISO 27001:2022, translating regulatory requirements into technical implementation approaches.
Logistics company, Scandinavia
2022Security Advisor to CEO and Board. Security roadmap, CIS18 implementation, cyber insurance readiness, Three Tier Administrative Model.
Energy sector company, Scandinavia
2022IR quality assurance. Independent audit of IR provider findings, implementations, and documentation.
Credentials
GICSP-certified (SANS Institute, Global Industrial Cyber Security Professional). Microsoft-certified across Active Directory and cloud security. 20+ years of enterprise security across critical infrastructure, including incident response, advisory, and technical delivery.
Built on evidence, not assumptions
See how we apply this experience across incident response, compliance strategy, and technical consulting.