Skip to main content

Select language

Free, no-obligation initial consultation

Strategic IT consulting for Cloud, Security and AI

Over 30 years of consulting practice, in parallel more than 100 specialist books and thousands of articles. Consulting clients benefit from constant engagement with the latest technologies, in my own lab, independent of vendor interests.

Thomas Joos, unabhängiger IT-Berater, Enterprise-Architekt und Fachautor

On strategic projects, I support clients from planning through technical implementation to operational security. In the cloud space, my work focuses primarily on Microsoft Azure and AWS. In IT security, the emphasis is on zero-trust architectures and identity access management, complemented by securing OT and production networks along the Purdue model and IEC 62443. For AI projects, my priority is clean integration into existing business processes, not showcases. Further focus areas include resilience consulting, AI-assisted protection against attacks, support during ransomware incidents and the hardening of Azure, Microsoft 365 and Active Directory.

Security consulting often deals with situations where time is the deciding factor. Advisory work during active cyber and ransomware incidents, building resilient IT structures, strategic guidance on cyber defence. This includes classifying AI-assisted code analysis, which now finds vulnerabilities faster than attackers can exploit them. Whether recovery succeeds and the business keeps running rarely depends on the moment of attack. It depends on the years before.

As a permanent trainer at LinkedIn Learning, I regularly produce courses on cloud, IT security and AI, along with video training on Windows Server and storage. The content reaches an international audience and ranges from administrators to IT leadership.

When writing, I move between my own books, articles in the major IT media such as c't, iX, Computerwoche, dpa, PC Welt/World and international outlets, and commissioned work for communications and publishing agencies. Some pieces appear under the names of executives and industry figures whom I support as a ghostwriter.

Consulting clients since 1992

MANN+HUMMELCommerzbankMediaMarktSaturnMercedes-BenzGroßes Energieunternehmen im Nahen OstenDATEVBechtleO2 MünchenMHPKatharinenhospital StuttgartVinzenz von PaulEnovos Luxembourg

Plus consulting mandates with several state governments and KRITIS operators – treated confidentially, no further details listed here.

„Quite simply THE PERFECT book on its subject."Reader review
„The summary is simply brilliant."Security research, Telekom
„Convinced through high-level expertise and pragmatic approach."Kumpf Fruchtsaft GmbH
„Many thanks for the pleasant collaboration! Looking forward to the next article assignment."Profil-PR
„Many thanks for the great webinar."WEKA
„A big thank you for your excellent work."SysGo
„A truly excellent lead article on metasurfaces."PLUS – Eugen G. Leuze Verlag
„Quite simply THE PERFECT book on its subject."Reader review
„The summary is simply brilliant."Security research, Telekom
„Convinced through high-level expertise and pragmatic approach."Kumpf Fruchtsaft GmbH
„Many thanks for the pleasant collaboration! Looking forward to the next article assignment."Profil-PR
„Many thanks for the great webinar."WEKA
„A big thank you for your excellent work."SysGo
„A truly excellent lead article on metasurfaces."PLUS – Eugen G. Leuze Verlag
„Well done – thanks for the excellent work!"Berkeley Communications
„A highly competent, reliable and methodically secure partner."MANN+HUMMEL
„Your articles are among the most-read on the entire site."Security-Insider
„Thomas Joos, a leading authority in this field."Reader review
„In my opinion, THE STANDARD REFERENCE on this topic."Reader review
„Everyone is completely enthusiastic about the articles, especially the latest strategic one."One Identity
„Excellent practice-oriented articles – some placed via us."Profil-PR
„Well done – thanks for the excellent work!"Berkeley Communications
„A highly competent, reliable and methodically secure partner."MANN+HUMMEL
„Your articles are among the most-read on the entire site."Security-Insider
„Thomas Joos, a leading authority in this field."Reader review
„In my opinion, THE STANDARD REFERENCE on this topic."Reader review
„Everyone is completely enthusiastic about the articles, especially the latest strategic one."One Identity
„Excellent practice-oriented articles – some placed via us."Profil-PR
„You can tell you engaged deeply with the topic – a strong piece."Mac & i, Heise Medien
„Great article on Updowntool!"PC-Welt
„Fantastic! The article looks excellent."Editorial iX, Heise
„I always read your iX articles with great benefit."FITKO – Federal IT Cooperation
„The article on SR Linux is excellent."DataCenter-Insider
„Exactly the right format for us."evernine media
„Many thanks for the great interview last week!"Kafka Kommunikation
„I really like your new topic suggestions."WEKA
„You can tell you engaged deeply with the topic – a strong piece."Mac & i, Heise Medien
„Great article on Updowntool!"PC-Welt
„Fantastic! The article looks excellent."Editorial iX, Heise
„I always read your iX articles with great benefit."FITKO – Federal IT Cooperation
„The article on SR Linux is excellent."DataCenter-Insider
„Exactly the right format for us."evernine media
„Many thanks for the great interview last week!"Kafka Kommunikation
„I really like your new topic suggestions."WEKA

IT Consultant

  • Strategic planning and technical implementation of demanding IT infrastructures
  • Cloud expertise (Microsoft Azure and AWS)
  • IT security (zero-trust architecture and identity access management)
  • OT and ICS security (Purdue model, IEC 62443, Active Directory in production networks)
  • AI integration into business processes and AI-assisted cyber defence
  • Cyber defence (consulting on ransomware incidents, resilient IT structures, business continuity)

Technical Author

  • Regular contributions in leading media such as c't, iX, Computerwoche, dpa and PC Welt/World as well as security publications like kes, ComputerWeekly and Security-Insider
  • Ghostwriting for executives and industry figures
  • Technically substantial articles under own name
  • Commissioned work for communication and publishing agencies
  • In-depth C-level interviews, turned into my own articles
Recent conversations
  • Karthik Narain, Chief Product & Business Officer, Google Cloud
  • Dr. Wieland Holfelder, VP Engineering & Site Lead Google Germany
  • Oron Noah, VP Product, Wiz
  • Thomas Boele, Fred Streefland and Daniel Dreier, Check Point

Speaker & Trainer

  • Permanent trainer role at LinkedIn Learning
  • Lectures and trainings on OT security, AI cyber defence and multi-agent AI
  • Knowledge transfer for companies, from administrators to IT leadership

Core areas

My fields of work in the IT industry.

Trade Journalism

I write articles and analyses for leading media such as c't, iX, Computerwoche, PC Welt and dpa, as well as for security publications like kes, ComputerWeekly and Security-Insider.

Learn more

Book Author

I write technical books for renowned publishers. My portfolio includes more than 100 publications with several standard references, including current titles on Windows Server 2025 and Exchange Server SE at O’Reilly and dpunkt.

Learn more

Consulting

I support companies, KRITIS operators and public authorities up to ministry level in IT strategy, OT security, AI-assisted cyber defence and sovereign cloud.

Learn more

Speaker

I share my knowledge in video trainings for LinkedIn Learning as well as in lectures on OT security, AI cyber defence and multi-agent AI.

Learn more

Typical starting points

Many enquiries begin in a similar way. Here are some situations where I help. An initial conversation is free and non-binding, and on request I then support the technical implementation.

Before an audit

An audit is coming up and it is unclear whether Active Directory and the permission structures will hold. I provide an overview of the critical points and name first measures. On request I support the hardening up to the audit.

Migration without lock-in

A migration to Microsoft 365, Exchange or the cloud is imminent and dependence on a single vendor should stay limited. I classify the architecture options and outline a migration path. If needed, I take on the technical support.

NIS2 or DORA on the table

A deadline from NIS2 or DORA is approaching and the scope of action is not yet defined. I clarify what the regulation concretely means for your environment and prioritise the next steps. I support the implementation on request.

Introducing AI in a privacy-compliant way

An AI project is to start without giving up data sovereignty. I assess the options from local models to the data foundation and name the pitfalls. I help technically with the rollout.

From my own lab

The next technology topic often runs in my own lab before it reaches the market. My current focus is agentic AI. I test Claude Cowork in the Microsoft environment for automating workflows in Outlook and Microsoft 365, and OpenClaw for maximum automation of autonomous agents. Added to this are vulnerability scanning in codebases with Claude Security, delegated managed service accounts in Windows Server 2025 and immutable backups with Object Lock.

Agentische KIClaude CoworkOpenClawClaude SecurityWindows Server 2025Object Lock
Thomas Joos in his own test lab
LinkedIn Learning

Current trainings on LinkedIn Learning

Expand your expertise with my most popular video courses on server infrastructure, AI and security.

All trainings

Lernen Sie, wie Sie ein Synology-NAS professionell für Unternehmensnetzwerke nutzen und absichern.

Nutzen Sie KI-Tools für effizientes Skripting, Automatisierung und Fehlerbehebung in der IT-Administration.

Der umfassende Einstieg in die Virtualisierung mit Microsoft Hyper-V: Einrichtung, Management und Best Practices.

Fundiertes Wissen zur Administration, Bereitstellung und Konfiguration von Windows Server 2025.

Bereiten Sie Ihren Tenant auf Copilot vor: Lizenzierung, Berechtigungen, Datenschutz und Rollout.

Der umfassende Grundkurs zur Bereitstellung, Verwaltung und Wartung von Windows Server 2022.

My latest articles

Security-Insider6h ago

OPNsense Multi-WAN mit Failover und Policy Routing einrichten

Read article
Storage-Insider9h ago

Duplikate in Excel aufspüren und bereinigen

Read article
IP-Insideryesterday

Windows Server 2016 wird 2027 zur Sicherheitslücke

Read article
PC-Welt4d ago

Dieses versteckte Windows-Werkzeug zeigt, was Ihrem PC Probleme macht

Read article
Cloudcomputing-Insider4d ago

OpenCycleMap: Radrouten, Wegebeläge und Höhenlinien im Kartenbild

Read article
heise4d ago

heise+ | Umstieg von M365 auf Nextcloud – eine Anleitung

Read article
DataCenter-Insider5d ago

Sprachmodelle ohne US-Cloud

Read article
IT-Business5d ago

Microsoft baut Backup nativ in Entra ID ein

Read article
BigData-InsiderJun 15, 2026

KI als digitaler Mitarbeiter

Read article

About Thomas Joos

As an independent IT consultant, enterprise architect and technical author, I have been supporting companies, KRITIS operators, OT operators and public authorities for over three decades in the strategic planning, implementation and protection of demanding IT and production infrastructures.

30+
years of practice
100+
technical books
4.000+
technical articles in 30 years
50+
media outlets
Focus areas

My consulting focus is on cloud architectures in Microsoft Azure and AWS, IT security based on zero-trust principles with identity access management, and the integration of AI into existing business processes. This also covers securing OT and production networks along the Purdue model and IEC 62443. In security consulting, it includes emergency response during active cyber and ransomware incidents, the development of resilient IT structures, classifying AI-assisted code analysis and strategic guidance on cyber defence.

Clients range from mid-sized companies to large enterprises and hyperscalers, including Microsoft, HPE, AWS and Google, for whom I work as a consultant and whitepaper author. In parallel, I advise at ministerial level for several state governments and take on international projects across EMEA and the Middle East.

Reach

With more than a hundred technical books, a permanent trainer role at LinkedIn Learning and regular contributions to the largest German-language IT media, I am one of the most-read IT authors in the DACH region. My articles appear in c't, iX, Computerwoche, PC-Welt, kes, ComputerWeekly and Security-Insider as well as through dpa.

In addition, I take on commissioned work for communications and publishing agencies and act as a ghostwriter, producing technical articles for executives and industry figures who publish them under their own name.

Client testimonial

Voices from practice and readers

What clients, project partners and readers say about the collaboration and the technical books.

Client testimonial
„Within the scope of our global migration project, we came to know Mr Thomas Joos as a highly competent, reliable and methodically rigorous partner. In this complex project, more than 3000 mailboxes in numerous countries were migrated to several centrally operated Exchange servers. Thomas Joos optimally solved the complex migration project with his expertise and innovative power, showing great commitment. Another key advantage is the flexibility of the consultant, who supported us quickly and competently around the clock."
Diether Buchholz
Head of Data Center, KI-D·MANN+HUMMEL GmbH
Editorial feedback
„Your articles are among the most-read on the entire site. First of all, I would like to praise you for your Patch-Tuesday reports. The 39 articles I have published from you this year have together generated an enormous number of page impressions. That is an outstanding result, for which I give you great praise and thanks."
Peter Schmitz
Editor-in-Chief·Security-Insider
Client testimonial
„After our last audit it was clear that we needed to significantly catch up on hardening our Active Directory infrastructure. With Thomas Joos we made measurable progress in a KRITIS-compliant manner. Above all, the methodical approach and the documentation level convinced our compliance team."
CISO·Energy provider, Southern Germany
Reader review
„Quite simply THE PERFECT book on its subject. Not a word too many, not one too few. I work in IT professionally, and the current edition of this book has been on my shelf for years. In my opinion, THE STANDARD REFERENCE on this topic."
Reader review on Amazon
Reader review
„I read the Security-Insider news regularly. The Patch-Tuesday summary is informative, alarming and reassuring at the same time. The information is correct and important, and the summary is simply brilliant."
Security Research·Deutsche Telekom
Client testimonial
„When migrating our hybrid Exchange environment to Microsoft 365, Mr Joos did not just deliver the technical concept. Equally important for us was that he clearly worked out the regulatory implications of Schrems-II for our cloud architecture. The combination of both levels was decisive for us."
Head of IT Architecture·Medium-sized mechanical engineering company
Client testimonial
„We chose Thomas Joos because this service provider convinced us with a very high level of technical expertise, a pragmatic approach, geographical proximity, fast response times and communication, as well as an excellent price-performance ratio."
Kumpf Fruchtsaft GmbH
Client testimonial
„I am happy to pass on the feedback from One Identity PR, the senior marketing manager and above all the EMEA Field Marketing team, which uses the publications Europe-wide. Everyone is thrilled with the contributions, especially the latest strategic article that just appeared on Security-Insider."
PR Agency·One Identity
Client testimonial
„Thank you again for the very informative conversation, which we all enjoyed very much and which also inspired us."
Vinzenz von Paul gGmbH
Voice from PR
„The approval for your specialist article for our client Kontron has now reached us. Many thanks for the pleasant collaboration! We look forward to the next article assignment with you."
Stefan Winter
Profil-PR
Voice from PR
„You produced excellent practice-oriented articles for us on Kontron in the retail sector, as Jan Lauer reported to me – pieces that were even partly placed via you."
Stefan Winter
Profil-PR
Editorial feedback
„The article on SR Linux is excellent."
Ulrike Ostler
Editor-in-Chief·DataCenter-Insider
Editorial feedback
„Fantastic! The article looks excellent. Many thanks for the timely submission."
Editorial team·iX (Heise)
Webinar feedback
„Many thanks for the great webinar. There were many participants with an average attendance time of 32 minutes. Interest was high, and the questions and feedback were very engaging."
Robert Raditzky
Product Manager·WEKA
Client testimonial
„A big thank you for your excellent work."
Benjamin Sauter
Digital Content Manager·SysGo
Editorial feedback
„A truly excellent lead article on metasurfaces. Engaging topic, concise presentation of the studies."
Markolf Hoffmann
Editor-in-Chief PLUS·Eugen G. Leuze Verlag
Editorial feedback
„You can tell you engaged deeply with the topic – a strong piece of writing."
Wolfgang Kreutz
Editor Mac & i·Heise Medien
Reader voice from public administration
„I always read your iX articles with great benefit – the Proxmox pieces have stuck with me in particular."
Stephan Bartholmei
Head of Product Management·FITKO (Föderale IT-Kooperation)
Client voice
„The Kontron piece is exactly the right format for us."
Tobias Massow
Managing Director (CEO)·evernine media GmbH
Voice from PR
„Many thanks for the great interview last week! We are delighted that you will turn it into an interview piece."
Marie Bastian
Account Executive·Kafka Kommunikation
Editorial feedback
„I got in touch with you through my colleague, who already works with you and recommended you to me warmly."
Selina Kaupp
Editor·WEKA
Editorial feedback
„I really like your new topic suggestions."
Selina Kaupp
Editor·WEKA
Voice from PR
„Peter Schmitz, Editor-in-Chief at Security-Insider, likes the texts – no changes needed. Thanks for handling it so quickly."
PR agency·Assignment published at Security-Insider
Voice from PR
„Well done – thanks for the excellent work!"
Managing Director·Berkeley Communications
Editorial feedback
„Great article on Updowntool!"
Editorial team·PC-Welt

Get in touch

Whether strategic consulting, whitepaper, conference talk or workshop – let me know in which context you need support. First conversations are free of charge and non-binding.

Send message