Axel Hoehnke
About CISO Service Station Certifications
Resources
Contact

axelhoehnke.com · EU Cybersecurity & Compliance Practice · 2026

Value Ladder

From free self-assessment to embedded vCISO — every step qualifies the next.

① entry point
CyberCheck Hamburg — self-assessment
cybercheckhamburg.com
investment Free
delivers
  • Instant readiness score — no registration required
  • Gap overview vs. NIS2 / CRA / DIN SPEC 27076
  • Personalised gap register + prioritised recommendations by email (opt-in)
online tool instant delivery no registration email opt-in for full report
gap register → consultation cta
② trust bridge
60-minute strategy consultation
booked from gap register email
investment Free
delivers
  • Interpretation of gap register in client's specific context
  • Scope confirmation — which regulation actually applies and why
  • Clear recommendation — which engagement tier fits
60 min video call pre-qualified by gap register no discovery form needed
proves need → first purchase
③ entry offer
Lighthouse — regulatory readiness assessment
fixed scope · fixed price · no ongoing commitment
investment €2,500–4,500
delivers
  • Evidence-based gap analysis — auditor-grade, not directional
  • Prioritised remediation roadmap — quick wins first, structural fixes second
  • Management-ready summary for board, insurers, customers
  • 90-minute debrief session with documented Q&A
2–3 weeks NIS2 CRA ISO 27001 DIN SPEC 27076
roadmap becomes programme backlog
④ core offer main revenue engine
Mentor — managed compliance programme
ongoing retainer · Vanta managed · bi-weekly cadence
investment €3,500–6,000 / mo
delivers
  • Continuous compliance monitoring via Vanta (resold + managed)
  • Evidence collection, control documentation, gap closure
  • Regulatory update briefings as NIS2 / CRA guidance evolves
  • NIS2 Art. 23 incident reporting readiness checks
  • Quarterly management report
6-month minimum bi-weekly sessions Vanta included NIS2 / ISO 27001 / ISO 42001
scope expands or full ownership needed
⑤ upper tier
Architect / embedded vCISO
scope expansion or full programme ownership · selective
investment €5,500–15,000 / mo
delivers
  • Second framework coverage — ISO 42001, CRA product line, DORA
  • Supply chain security programme + vendor risk register
  • SBOM programme + CRA Art. 14 vulnerability disclosure process
  • Audit representation — ISO 27001, BSI, notified bodies, customer audits
  • Board and management advisory — always-on direct access
Mentor clients only 1–2 vCISO slots max 12–24 month engagement direct access

Funnel:
Self-assessment (free, no reg) → Gap register by email (opt-in) → Consultation CTA (free, 60 min) → Lighthouse (€2.5–4.5k, fixed) → Mentor (€3.5–6k/mo, retainer) → Architect / vCISO (€5.5–15k/mo, selective)