Nico Bleh

About Services Portfolio
DE
// whoami

About Nico Bleh

With over 15 years of experience as a developer and hands-on CTO, I know systems from the ground up. In startups, security was never theory; it was daily practice. I now bring that insider knowledge to the attacker's side.

Professional Journey

Chief Technology Officer · Opteinics (Mannheim): Full responsibility for secure architecture and operations of a data-driven SaaS platform; threat modeling, IAM design, and attack surface reduction.
Head of Technology · Textbroker EU (Mainz): Infrastructure modernization focused on secure cloud architectures; security standards in CI/CD and code reviews.
Department Head Web · onOffice GmbH (Aachen): Ownership of web architecture and platform stability; implemented secure-by-default patterns, access control models, and secure deployment practices.
Chief Technology Officer · branchbob GmbH (Mannheim): SaaS architecture, security posture, and incident handling for an e-commerce platform.
CTO / Head of IT · creditshelf AG (Frankfurt): Full ownership of technology and security in a BaFin-regulated FinTech; designed secure, auditable financial and transaction systems.

My Approach

Security isn't a product you buy; it's a continuous process. As a former CTO, I know how systems are built from the inside out, which makes my assessments more effective. I simulate real attacker mindset, not checkbox security.

Whether a one-time assessment or a long-term security partnership, my goal is to make your organization more resilient and give you confidence that your systems can withstand real-world attack conditions.

Certifications

HTB Certified Web Exploitation Specialist (CWES)

CWES

HackTheBox · 07 Apr 2026

HTBCERT-9F9874C69D

Tools & Technologies

Burp Suite nmap gobuster ffuf sqlmap WPScan OWASP ZAP Metasploit Sliver BloodHound Mimikatz Prowler ScoutSuite Pacu AWS Azure GCP Docker Linux Bash Python

Areas of Expertise

Penetration Testing

Red Teaming

Security Audits

Awareness Training

Cloud Security

AI Security

Coming Soon

Selected Projects

Pentest Critical

Web Application Penetration Test | FinTech

Black-box pentest of a payment platform in the FinTech sector. Focus on authentication, authorization, and business logic vulnerabilities.

Red Team APT Sim

Red Team Assessment | Mid-Size Enterprise

Simulated attack against a mid-size enterprise over 4 weeks, from initial compromise through to a full attack chain.

Cloud AWS

Cloud Security Audit | AWS Infrastructure

Security audit of an AWS cloud environment focusing on IAM, network segmentation, and data access controls.

Ready to Elevate Your Security Posture?

A test today is cheaper than an incident tomorrow.