Active Directory Security
AD assessments, assumed-breach scenarios, attack-path analysis, BloodHound review, tiering, hardening, GPO review and prioritized remediation.
ADAssumed BreachHardening
Principal security advisory for critical Microsoft and network environments
More than Security.
Benjamin Iheukumere combines offensive hands-on experience, defensive architecture and 17 years of responsibility as an IT entrepreneur. Focus: Active Directory security, network hardening and defensible security decisions for demanding projects.
- Offensive and defensive IT security
- Active Directory security assessments
- Critical-infrastructure project and incident experience
17+
Years managing an IT systems house and managed cloud provider
150+
Firewall/network migrations and designs
86%
Average risk reduction in Active Directory
1991
IT experience since
Security Advisory
Services for projects that need reliable security
The site is aimed at project brokers, CISOs, IT leads and security-critical organizations: clear focus areas, quick qualification and direct contact.
Pentesting & Offensive Security
Internal penetration tests, web application testing, vulnerability validation, technical reports, management summaries and debriefings with clear remediation paths.
PentestWebAppReporting
Defensive Security Architecture
Security baselines, Zero Trust design, EDR/XDR evaluation, proxies, IPS, DNS security, detection logic and pragmatic roadmaps.
Zero TrustEDRArchitecture
Network, Firewall & NGFW
Design, migration, audit and operating models for firewalls, site-to-site VPN, SD-WAN, segmentation, proxy stacks and secure remote access.
NGFWSD-WANZTNA
Retainer Advisory
On-demand advisory for security decisions, critical finding review, architecture questions, project steering and technical sparring.
RetainerCISO SupportReview
Project Contracting
Primarily available for project-based contracting as a freelance consultant: predictable, directly deployable and focused on reliable security outcomes in active client projects.
ContractingFreelanceProject-based
Engagement model
Senior support without overhead
Engagements are usually project-based and start at roughly three months. Full-time, part-time or advisory retainer setups are possible. Remote first across DACH, with on-site onboarding when it benefits the project.
- Fast technical onboarding into complex Microsoft, network and security stacks
- Direct communication with management, CISOs, IT leadership and operational teams
- Delivery of findings, prioritization, roadmaps and hands-on implementation support
Locked Shields
Live-fire cyber defense at international level
Participation in Blue Team 1 at Locked Shields '26 in a NATO/Bundeswehr context. The role covered monitoring, analysis of network- and host-based indicators, containment of malicious activity, system hardening, restoration of compromised services and continuity of critical infrastructure components.
Further details are intentionally kept general because exercise and operational information is sensitive.
- Active defense against red-team attacks in a live-fire environment
- Hardening of Windows and AD-adjacent components
- Collaboration with Bundeswehr and various "3-letter agencies" from Germany and abroad
Project experience
Experience from security-critical environments
Critical infrastructure / energy
External IT security consultant for continuous penetration testing, AD risk reduction, firewall/proxy/IPS improvements, vulnerability management and audit preparation.
Logistics / incident recovery
Security Incident Lead coordinating incident response, forensics, insurance, executive stakeholders and technical rebuild of hybrid infrastructure.
Retail / AD pentest
Lead pentester for Active Directory security assessments, internal penetration testing, internal web apps, reporting and ongoing remediation support.
Research / VPN & ZTNA
Pre-study, comparison matrix and management decision paper for VPN/ZTNA solutions including network design recommendations.
Credentials
Certifications with practical signal
The certifications show a clear focus on hands-on offensive security, Active Directory, penetration testing and reliable security advisory.
OSCP+
OffSec Certified Professional+
OffSec · Active
OSCP
Offensive Security Certified Professional
OffSec · Active
PNPT
Practical Network Penetration Tester
TCM Security · Active
CEH Master
Certified Ethical Hacker Master
EC-Council · Active
CEH Practical
Certified Ethical Hacker Practical
EC-Council · Active
CEH
Certified Ethical Hacker
EC-Council · Active
THM PT1
Jr Penetration Tester
TryHackMe · Active
eJPT
Junior Penetration Tester
INE Security · Active
CRTP
Certified Red Team Professional
Altered Security · In progress
OSEP
OffSec Experienced Penetration Tester
OffSec · In progressBackground
From IT entrepreneur to specialized security consultant
-
Diploma in business informatics at Rheinische FH Köln, focused on multimedia networks.
-
Managing partner of an IT systems house and managed cloud service provider.
-
IT freelancer under SafeLink IT focused on offensive and defensive cybersecurity.
Security News
Context instead of alarmism
Contact
Clarify project demand
For project requests, retainer advisory or a quick technical assessment: contact directly or choose a Microsoft Bookings slot.
YouTube
Practice videos from the SafeLink IT channel
The four most viewed videos from the SafeLink IT YouTube channel: concise context on Active Directory security, lateral movement, password attacks and security fundamentals.
SO bewegen sich Hacker durch Dein Netzwerk - Lateral Movement mit Ligolo-NG
4.3K+ views
So cracken Hacker Deine Passwörter.
1.5K+ views
Angriff auf Active Directory in 2026 - Zum Domainadmin in 15 Minuten
1.5K+ views
Hacking 101: Einführung in Shells und Reverse Shells
830+ views