SECURITY INCIDENT? CALL DIRECTLY  +41 79 261 50 51
CRITSEC / DAVID BARRERA / ZÜRICH

Incident response and security operations.

Cybersecurity consulting based in Zurich. Over ten years of experience across Swiss banking, insurance, the defence sector and managed service providers. Digital forensics, SOC build-up and threat intelligence.

CASE #2026-0714 ACTIVE
CISSP GCFA / SANS 10+ YEARS SECURITY SOC BUILD-UP 24/7 DACH / DE · EN · CH

Services

Four areas of focus. You work directly with the specialist, no intermediaries.

IR / DFIR

Incident Response & Forensics

Triage, containment, forensic analysis and defensible documentation. From first alert to final report, including communication with management and authorities.

SOC / DETECTION

SOC & Detection Engineering

Building and maturing security operations: use cases, detections and playbooks with measurable value. Experience from small teams to 24/7 follow-the-sun operations at a managed service provider. Also available as a SOC review for existing teams and providers: maturity, processes, detection quality and a concrete improvement plan.

CTI

Threat Intelligence

Turning the threat landscape into concrete decisions: make-or-buy evaluation, prioritisation by actual risk, and operationalisation down to the detection pipeline.

ADVISORY

Advisory & Interim Leadership

Assessments based on NIST CSF, building IR capabilities, SOC or IR lead ad interim. Senior experience without a full-time hire.

INCIDENT RESPONSE PROCESS

How an incident is handled

01

Detect

Verify the alert, assess the situation, filter out false positives.

02

Triage

Determine scope: affected systems, accounts and data.

03

Contain

Stop the spread without destroying evidence.

04

Eradicate

Remove the attacker's access and persistence.

05

Recover

Restore operations in a controlled, monitored way.

06

Learn

Report, lessons learned and concrete hardening measures.

Selected engagements

Anonymised. Details and references available in a personal conversation.

SECTOR MSP / BANKING
ROLE SOC LEAD
DURATION MULTI-YEAR

Building a 24/7 follow-the-sun SOC

Design and build-up of a security operations center at a Swiss IT service provider, serving tier-1 banks and spanning two continents. Processes, tooling, detection content and team leadership from one source.

SECTOR INSURANCE
ROLE IR / DETECTION
DURATION 12+ MONTHS

IR programme and detection engineering

Gap analysis against NIST CSF 2.0, remediation playbooks for account compromise, a threat intelligence framework and forensic readiness.

SECTOR DEFENCE
ROLE SECURITY EXPERT
DURATION PROJECT-BASED

Work in a high-security environment

Security engineering and analysis in an environment with elevated requirements for confidentiality and traceability. Details in person.

Contact

E-MAIL
PHONE
LINKEDIN
LOCATION

Ongoing incident?

Call directly. Initial assessment over the phone, no strings attached.

+41 79 261 50 51
Call now Request meeting