About
Sebastian Tagwercher
I spent years building a rigorous foundation in business and information systems before going deep on offensive security. That combination is the point.
Background
I hold an MSc in Information Systems with a thesis focused on LLM cybersecurity — specifically the attack surface introduced when large language models are integrated into production applications. That research background means I approach AI security as a practitioner who has read the literature, not just run a tool against an endpoint.
Before that, I completed a BSc in Business Administration and worked in corporate tax accounting. That sounds like a detour. It isn't. Most security reports sit unread because they're written for engineers and land on the desk of a founder or a CFO. I know how to translate a technical finding into a business decision.
I specialise in the security of LLM-integrated products, with web application pentesting offered through my partner network. Currently transitioning from Thailand to a Georgian Individual Entrepreneur registration. Business operations and invoicing will be conducted under Georgian tax law from mid-2026 onward.
How I approach engagements
Fixed scope so you can plan
Every engagement starts with a written scope document before any money changes hands. You know exactly what's covered, what's not, and what you'll receive at the end. Billing is 50/50 — half upfront, half on delivery. No hourly overruns, no invoice surprises.
Reproduction steps developers can use
A finding without a clear reproduction path is a todo item nobody knows how to close. Every vulnerability in my reports includes step-by-step reproduction instructions, the affected component, and a concrete remediation recommendation — not “update to a secure version.”
Severity tied to business context
CVSS scores are a starting point, not the final word. A medium-severity finding in a payment flow deserves more attention than a critical in a feature your users never touch. I rate findings in context of your actual business, so your team can prioritize intelligently rather than just working down a list.
Credentials
MSc Information Systems
University of Liechtenstein, 2024
Published thesis — Attack Vectors Against LLMs
University of Liechtenstein, 2024
BSc Business Administration
Corporate tax accounting background
Availability
Remote
CET-friendly hours available