Filderstadt, Baden-Wurttemberg, Germany · Available for consulting

Security.
Strategy.
Policy-as-Code.

Management consultant, cybersecurity architect, and PhD researcher bridging governance frameworks with automated infrastructure — building the next generation of policy-driven DevSecOps.

My Ventures PhD Research
15+
Years in public sector & consulting
MSc
Information Security
MBA
International Management
PhD 2031
Policy-as-Code & Governance Compilers
PaC
Policy-as-Code Expert
What I Offer

Core Service Areas

From strategic consulting to hands-on infrastructure automation — a full-spectrum offer across governance, security, and cloud architecture.

⚠️ Important Notice
Consulting is a secondary activity. My primary employer always takes priority. Consulting engagements are available by appointment only or on Saturdays. Please plan accordingly when reaching out.
DevSecOps & Cybersecurity Consulting
End-to-end DevSecOps framework design, security governance automation, and compliance-as-code implementation. BSI-aligned processes for critical infrastructure and enterprise teams.
Policy-as-Code BSI Standards Zero Trust Secure by Design Threat Modelling
Request a consultation
Infrastructure as Code
Terraform-based cloud infrastructure design on Hetzner, automated provisioning, GitOps pipelines, and full IaC governance frameworks.
Terraform GitOps Hetzner Cloud
CI/CD & Automation
GitHub Actions pipeline design, containerised workflows, Docker/Kubernetes orchestration, and automated compliance gates for regulated environments.
GitHub Actions Docker Kubernetes
Policy-as-Code Implementation
Translating governance and compliance requirements into machine-readable, automatically enforced code policies across cloud and on-premise environments.
PaC OPA/Rego Sentinel
Management Consulting
Strategic advisory for digitalisation, security posture improvement, and technology governance. Specialised in public sector and mid-size enterprise transformation.
Strategy Digital Transformation
Security Auditing
Automated and manual security audits with the SecurityAuditor dashboard. BinBot binary analysis, vulnerability reporting, and remediation roadmaps.
SecurityAuditor BinBot SAST/DAST
Ventures

Active Businesses

Registered entities and active ventures — each with a distinct focus and online presence.

Live Website
Kestura
UG (haftungsbeschränkt) · Management consulting and cybersecurity services firm based in Filderstadt, Baden-Wurttemberg, Germany. Specialising in DevSecOps, Policy-as-Code, and security governance for enterprise and public sector clients.
Filderstadt, Baden-Wurttemberg, Germany  ·  Founded 2024
Website
Elias Lenz MBA Beratung
Independent consulting practice built on MBA International Management and 15+ years of public sector experience. Offering strategic advisory, digital transformation projects, and executive-level cybersecurity consulting.
Independent · MBA International Management
Academic Research

Ongoing PhD Research

Part-time, self-sponsored distance learning doctoral research at the University of Plymouth, focused on automating governance with Policy-as-Code compilers. Expected completion 2031.

Doctoral Thesis · In Progress
Governance-to-Policy Compilers: Automating Compliance through Policy-as-Code
~55% completeExpected 2031
Research framework — defined and approved
Literature review — PaC, governance compilers, DevSecOps
PaCHumanCentricPrototype — human-centric PaC demo built
CyberAI2026 — paper series in progress (June 2026)
Thesis writing — structured submission
Defence & publication — target 2031
01
Policy-as-Code Automation
Designing compilers that translate human-readable governance requirements into machine-enforceable policy code across cloud environments.
02
Governance Compilers
Novel architectural patterns for converting regulatory frameworks (GDPR, BSI, ISO 27001) into automated, continuously tested policy artefacts.
03
Human-Centric PaC
Bridging the usability gap — making policy-as-code accessible to non-technical governance stakeholders without sacrificing machine enforceability.
04
Secure by Design
Embedding security and compliance as first-class artefacts in the software development lifecycle via shift-left automation frameworks.
Open Source & GitHub

Active Projects

Public repositories and tooling — from infrastructure automation to security auditing dashboards.

Demo Access Console
Live Demo
Lightweight test-flow console for issuing temporary demo codes, expiring them automatically, invalidating access when a demo ends, and exporting an audit CSV for enforceable access rules.
Deployed Demo
PaCTerraformPaC
Infrastructure automation framework combining Terraform with Policy-as-Code enforcement. Core tooling for the PhD research prototype.
HCL / Terraform
PaCHumanCentricPrototype
Private / Coming Soon
Human-centric Policy-as-Code demo — making governance automation accessible to non-technical policy authors.
Python / YAML
SecurityAuditor
Private / Coming Soon
Automated security auditing dashboard. Vulnerability scanning, compliance reporting, and remediation roadmap generation.
JavaScript / TypeScript
BinBot
Private / Coming Soon
Automated binary analysis tooling. Detects vulnerabilities, extracts metadata, and integrates with CI/CD security gates.
Python
Kestura Website
Source for the Kestura brand site — static HTML/CSS, hosted and version-controlled on GitHub.
HTML / CSS
More on GitHub
Additional tooling, research artefacts, and DevSecOps experiments across public and private repositories.
Various

Let's Build Something Secure

Whether you need DevSecOps strategy, Policy-as-Code implementation, or a security audit — reach out directly. Based in Filderstadt, working internationally.

contact@elbconsultingtech.com bridgeaxis-consulting.de GitHub LinkedIn