Johannes Segitz Systemberatung is a German security consulting website positioned around “Professional pentesting, not just a ISO 27001 paperwork mill.” Its core offering is not selling security appliances or SaaS platforms, but providing consulting services delivered by practitioners with both offensive and defensive experience, including penetration testing, red team/purple team engagements, security reviews, vulnerability response process development, and security training.
Based on the site content, the service focuses on proactive security assessment and capability building. Its penetration testing emphasizes the perspective of an external attacker, noting that automated vulnerability scanning is useful but cannot replace creative manual testing. Red team and purple team services are used to simulate more realistic advanced threats, helping teams continuously improve their security posture based on the findings. Security reviews are suitable for identifying weaknesses in design and processes early in a project. Training covers web security and secure programming, and can also be customized to an organization’s needs.
This is a human-delivered consulting service. The text does not mention a SaaS console, on-premises agents, continuous monitoring, alerting platforms, or integrations with CI/CD, SIEM, or ticketing systems. As such, it is better suited for targeted testing, exercises, or process-building projects rather than as a replacement for EDR, WAF, SOC, or vulnerability management platforms.
The consultant’s individual certifications are relatively well documented, including OSWP, OSCP, OSCE, OSWE, as well as CSSLP and CISSP, indicating knowledge in both offensive testing and security governance/secure development. However, the website does not disclose company-level compliance certifications such as ISO 27001. Pricing is not published and likely requires project-based quotation. The site explicitly states that charities and open-source projects may receive free penetration testing when availability allows.
The strengths are a strong attacker mindset and service coverage ranging from testing to training and vulnerability response. It is suitable for small and midsize organizations, software teams, digital product and service providers, and security teams that want to bring in an external red-team perspective. The drawbacks are limited public commercial information, with no visible case studies, SLA, sample reports, payment methods, or delivery-scale details. The concurrent support capacity of an individual consultant model is also unclear.
Access, payment, and contract support for mainland China are not described in the text, so they should be considered unknown. If Chinese-language delivery, local compliance, and invoice support are required, domestic security service providers such as DBAPPSecurity, Venustech, NSFOCUS, and Qi An Xin may be considered. For more international penetration testing platforms or services, Cobalt, Bishop Fox, NCC Group, and Synack are relevant alternatives to compare.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on susecloud.de official site.
susecloud.de is an Germany Cybersecurity provider. TG4G tracks its product information, an overall rating of 6.0/10, and a China-accessibility score of Workable. Click "Visit Official Site" to reach susecloud.de directly.