“Yes, we continue to discover vulnerabilities in well-known software giants like Microsoft, IBM, and Citrix. Our findings reach as far as Silicon Valley and are taken seriously,” explains Marc Nimmerrichter. The native of Wolfsgraben, after completing his technical college degree with a focus on IT, earned his bachelor’s degree in computer science from the University of Central Lancashire in Preston, followed by a master’s degree in information security from Royal Holloway University of London. He then secured his first permanent position in Luxembourg at Deloitte as an IT security consultant.
I wanted to go abroad, to have an adventure, to break out of my habits. Marc Nimmerrichter
“I wanted to go abroad, have an adventure, improve my English, and break out of my routine,” Nimmerrichter told NÖN. His family has historical ties to the town, and he discovered his passion for IT 20 years ago when he received his first computer at the age of 13. While studying, he also worked part-time for Automic, previously known as UC4, which had its headquarters in what is now a business park. Marc Nimmerrichter frequently visits this site today, as his Vienna-based company now has a branch there.
Identifying Vulnerabilities
With Certitude, he and his three co-directors, along with 30 employees, assist approximately 150 corporations and medium-sized companies in the DACH region. The company has become one of Austria’s largest consulting firms specializing solely in cyber security and is currently managing over 200 projects each year.
“We are also commissioned to conduct professional hacking of companies to identify vulnerabilities,” Nimmerrichter states. He manages a diverse portfolio of clients that includes banks, telecommunications, software developers, data centers, airports, state and federal authorities, and various manufacturing companies. This particularly involves sectors with significant infrastructural impacts on the population, such as energy, transportation, food, waste, and sewage. “We are deeply engaged here and assist companies in ensuring legal compliance,” adds the IT expert.
Nimmerrichter also regularly shares his expertise, knowledge, and insights through specialized lectures and conferences. Certitude’s research and publications receive extensive coverage in both national and international media as well as in industry-specific outlets. His company is frequently cited in updates regarding discovered vulnerabilities, including mentions on the Microsoft website. Nimmerrichter has also provided insights to ORF regarding the political influence of fake news, a topic that has gained attention from U.S. specialist media.
“Seat Belt Requirement” in Cyberspace is Approaching
For him, the ongoing challenge is the “constant cat-and-mouse game between attackers and defenders,” as “the defender must protect their entire system while the attacker only needs to find one vulnerability to gain access to a foreign network,” explains the IT security expert. Starting in the fall, legal requirements for cyber security for businesses will be significantly heightened.
The NIS2 Act (Network and Information Systems Security Act) “is akin to the seat belt requirement in cyberspace,” Nimmerrichter explains. With the revision of the NISG, thousands of Austrian companies will be specifically regulated for the first time regarding their information security. The Ministry of the Interior has accredited Certitude as a NIS-qualified body, granting Certitude Consulting the authority to review and validate compliance with NISG requirements for operators of essential services.
As an active member of the fire brigade, Marc Nimmerrichter still participates in missions today. He also enjoys spending time in South Tyrol with his partner Philipp Nimmerrichter, who is managing director in the Alpine Lifestyle division of the fashion industry, and their daughters Paulina (3 years old) and Antonia (1.5 years old). He takes pleasure in playing the Styrian harmonica at family gatherings.
Cyber Security Expertise: A Dive into the Career of Marc Nimmerrichter
“Yes, we also keep discovering vulnerabilities in renowned software giants such as Microsoft, IBM, or Citrix. Our information about this then goes as far as Silicon Valley and is taken into account,” explains Marc Nimmerrichter. The Wolfsgraben native, who, after completing his HTL with a focus on IT, finished his bachelor’s degree in computer science at the University of Central Lancashire in Preston and pursued his master’s degree in information security at the Royal Holloway University of London, found his first permanent job in Luxembourg at Deloitte, being hired as an IT security consultant.
I wanted to go abroad, to have an adventure, to break out of my habits. Marc Nimmerrichter
“I wanted to go abroad, have an adventure, improve my English and get out of my routine,” Nimmerrichter told NÖN, whose family has been connected to the town for generations. He discovered his passion for IT 20 years ago at the age of 13 when he received his first computer. During his studies, he also worked part-time for Automic, which used to be called UC4 and had its headquarters in what is now the business park. Today, Nimmerrichter regularly visits this location as his Vienna-based company now has a branch there.
Identify Vulnerabilities
With Certitude, he and his three co-directors, supported by 30 employees, assist around 150 corporations and medium-sized companies in the DACH region. The company is now one of the largest Austrian consulting firms specializing exclusively in cyber security and currently handles more than 200 projects annually.
“We are also commissioned to hack companies professionally in order to identify weak points,” says Nimmerrichter, who manages a broad portfolio of clients across sectors such as banks, telecommunications, software development, data centers, airports, government authorities, and various production companies. This includes critical sectors with major infrastructural impacts on the population, such as energy, transport, food, waste, or sewage. “We are intensively involved here and support companies in operating in compliance with the law,” adds the IT expert.
Knowledge Sharing and Influence
Nimmerrichter regularly shares his knowledge, experience, and insights at specialist lectures and conferences. Certitude’s research work and publications have garnered widespread attention from national and international media, with frequent mentions in updates on discovered vulnerabilities, such as on the Microsoft website. Nimmerrichter has also provided expert commentary to ORF on topics like political influence through fake news, gaining interest from US specialist media.
The Growing Imperative of Cyber Security
For Nimmerrichter, the challenge lies in the “cat-and-mouse game between attacker and defender.” He explains, “The defender has to protect his entire system, while the attacker only needs to find a single weak point to gain access.” With impending changes in legislation, the legal requirements for cyber security in companies will increase significantly.
The NIS2 Act: A Game Changer
The NIS2 Act (Network and Information Systems Security Act) is poised to drastically alter the cyber security landscape, described by Nimmerrichter as a “seat belt requirement” for cyberspace. With the revisions to NISG, thousands of Austrian companies will undergo specific regulations regarding their information security.
| Key Aspects of NIS2 Act | Description |
|---|---|
| Stricter Cyber Security Regulations | Companies will have to meet higher standards to protect their systems. |
| Increased Accountability | Companies will be held responsible for data breaches and cyber incidents. |
| Accredited Bodies | Certitude has been accredited as a NIS-qualified body to certify compliance. |
Practical Tips for Enhancing Cyber Security
- Regular Security Audits: Conduct frequent assessments to identify potential vulnerabilities.
- Employee Training: Provide ongoing training for staff to recognize and respond to cyber threats.
- Incident Response Plan: Develop and regularly update a plan for responding to security breaches.
- Data Encryption: Use encryption methods to protect sensitive information both in transit and at rest.
- Multi-Factor Authentication: Implement MFA to add an additional layer of security to access controls.
Marc Nimmerrichter: Personal Insights
Outside of work, Marc Nimmerrichter is an active member of the fire brigade, participating in missions to support his local community and maintain his commitment to public service. He enjoys spending time in South Tyrol with his partner, Philipp Nimmerrichter, managing director in the Alpine Lifestyle division of the fashion industry, and their daughters Paulina (3 years old) and Antonia (1.5 years old). Additionally, he has a keen interest in music and loves playing the Styrian harmonica at family gatherings.
