Oneconsult offers cutting-edge cyber security services, focusing on penetration tests / ethical hacking, ISO 27001 security audits and Digital Forensics & Incident Response.

The Cyber Security Experts

Oneconsult group is your owner-managed and vendor-independent Swiss cyber security services partner with offices in Thalwil (Zurich), Bern and Munich. The group consists of the holding Oneconsult International AG and its subsidiary companies Oneconsult AG and Oneconsult Deutschland AG.

40+ highly qualified cyber security experts – including certified penetration testers (OPST, OPSA, OSCP, OSCE, GXPN), digital forensics specialists (ISO 27035, CERT-CSIH, GCIH, GCFA, GCFE, GREM, GNFA), ISO security auditors (ISO 27001 Lead Auditor, ISO 27005 Risk Manager), Lead Incident Manager (ISO 27035 Incident Manager) and IT security researchers – solve your most demanding information security challenges. Together we address your external and internal threats such as malware infections, hacker / APT attacks as well as digital fraud and data leakage with core services like penetration tests / ethical hacking, real-life APT tests and ISO 27001 security audits. In case of emergency, Oneconsult’s DFIR team supports you with around-the-clock expert assistance (24 h x 365 days).

The Oneconsult International Computer Security Incident Response Team (OCINT-CSIRT) is an exclusive partner for several cyber insurance customers of a leading international insurance group, providing immediate assistance in case of security incidents.

Most of our consultants hold a Bachelor’s or Master’s degree in computer science with a specialization in cyber security and receive continual training. In addition, Oneconsult is a member of Swiss Cyber Experts and OWASP Corporate Member and since March 2019 a full member of FIRST.

With the support of our own research team, Oneconsult detects dozens of zero-day vulnerabilities in standard software every year and informs the vendor, but for ethical reasons, this information is often not made publicly available. Under News & Media, you will get a glimpse of our cyber security research activities.

For quality reasons, you will only work with salaried Oneconsult employees.

Key advantages:

  • Security expertise since 2003
  • Strict security focus
  • Highly qualified security experts
  • Swiss quality security services
  • 2000+ completed security projects
  • Trusted partner for 400+ organizations
  • Experienced penetration tester team
  • Reliable CSIRT
  • 24 h x 365 days incident response
  • Leading OSSTMM auditor
  • Professional digital forensics lab
  • ISO certified consultants (27001, 27005, 27035)
  • “Top Company” and “Open Company” rating on

Oneconsult is an ISECOM Partner (accredited trainer) and, based on the number of OSSTMM-compliant security audits, the leading OSSTMM security auditor in Europe. Furthermore, Oneconsult is a member of Swiss Cyber Experts and OWASP Corporate Member.

Are you interested in learning more about our company or services? Please feel free to contact us.

Our customers value our expertise and vast project experience of over


Penetration test projects, over 1100 of which OSSTMM-compliant


Application penetration test projects of banking solutions, online shops, mobile apps, ICS (SCADA/DCS), IoT devices, ERP and CRM solutions, CMS, VoIP systems, etc.


Security audits, e.g. according to ISO 27001, ISO 27002, industry-specific guidelines (ISO 27015, 27019 or 27799) or SANS Critical Security Controls



The «Open Source Security Testing Methodology Manual» (OSSTMM) is a globally recognized methodology for planning and carrying out security audits, evaluating and documenting the results, and it is continuously being revised and expanded by experts. It was developed by the Institute for Security and Open Methodologies (ISECOM), which also coordinates its on-going development. Thanks to its comprehensive approach, the OSSTMM is increasingly used and recognized as a de facto standard.

The OSSTMM defines:

  • what needs to be tested, and how
  • what needs to be done before, during and after tests
  • how the results are to be evaluated and documented
  • the security level as a numeric value (RAV as part of the security metrics)

For further information on the OSSTMM please refer to the ISECOM website.


The «Open Web Application Security Project» (OWASP) is an open community which has the mission to develop, acquire, operate and maintain trustworthy applications. It runs several initiatives like «OWASP Top 10» and «OWASP Mobile Top 10», which describe the most critical security risks in web and mobile applications. These lists are worldwide renowned master checklists for application security tests.

You can find further information about OWASP on their website.

Other Methods and Standards
  • ISO 27001
  • ISO 27002
  • ISO 27011 (ISO 27002 for telecommunications organizations)
  • ISO TR 27015 (ISO 27002 for the financial sector)
  • ISO TR 27019 (ISO 27002 for energy sector)
  • ISO 27799 (ISO 27002 in health informatics)
  • ISO 27031 & BS 25999 (IT Service Continuity / BCM)
  • ISO 27032 (Cybersecurity)
  • ISO 27035 (Information Security Incident Management)
  • PCI DSS (Payment Card Industry Data Security Standard)
  • NIST 800-XX Framework
  • SANS 20 (20 critical security controls for effective cyber defense, a subset of NIST SP 800-53)
  • BSI-Standard 100-X (IT-Grundschutz standards)
  • IEC 62443 (industrial communication networks)
  • NERC CIP (North American Electric Reliability Corporation Critical Infrastructure Protection)
  • CobiT
  • BIT recommendations
  • etc.


Swiss Cyber Experts makes it possible for privately managed companies and government agencies to access specialized experts in the event of a cyber incident in the areas of espionage, sabotage and crime. Swiss Cyber Experts is made up of a pool of highly qualified experts. Oneconsult is a member of the Swiss Cyber Experts next to participants such as IBM, PWC, the Swiss Post and the Federal IT Steering Unit. Tobias Ellenberger (COO Oneconsult) is a member of the board of directors of Swiss Cyber Experts.

ISECOM (Institute for Security and Open Methodologies) is an open community and a non-profit organization officially registered in Spain and a subsidiary in the USA. One of its projects is the ongoing development of the Open Source Security Testing Methodology Manual (OSSTMM). Since 2003 Oneconsult has been working according to the OSSTMM, and is an ISECOM Partner (accredited trainer). Our employees are working actively on the further development of the OSSTMM and several people belong to the official ISECOM team. Christoph Baumgartner (CEO Oneconsult) is a member of ISECOM’s board of directors.

OWASP (Open Web Application Security Project) is a non-profit organization with the aim to make software more secure. Oneconsult actively supports this initiative and is an OWASP Corporate Member. OWASP produces the well-known “OWASP Top 10“, a list of the most critical web application security risks, and the “OWASP Mobile Top 10“, a list of the most critical mobile risks.

FIRST is an international network of renowned incident response and security teams with the aim of promoting cooperation and coordination in the area of security incident response and establishing an active exchange of information between members in order to be able to respond more efficiently to security incidents. FIRST unites security incident response teams from government and educational organizations with companies and consists of over 400 members worldwide.