Skip to content
CertMap

When our tools
didn't answer your question.

The tools on CertMap are free and answer most questions. For the ones that remain, between 470 certifications and your career, an hour with me is often worth more than weeks of self-research.

  • Vendor-independent
  • No commissions, no kickbacks
  • Written report included

Who advises

One person with a name,
not a consulting avatar.

Right now I advise solo. If more practitioners join, I'll introduce them here, each with their own focus, all on the same principle: vendor-independent, data-driven, no sales pitch.

Daniel Thomas Heessel

Founder · Advisor

Daniel Thomas Heessel

I'm CISO of the Year 2026, have led cybersecurity at international corporations and have been an ISMS auditor for years in parallel. Since 2024 I've been running my own firm specialised in Threat-Informed Defense; my practice book on the topic is published in 2027 by Rheinwerk Verlag.

For years I've decided on two sides: as CISO, which certifications I require for my team, and as auditor, which ones are actually recognised in an audit. CertMap makes this assessment public: 470 certifications, 50 roles, all paths and costs transparent. What I write on LinkedIn about career paths and cert strategy, I answer here 1:1, with your concrete situation, your data, your options.

Award

CISO of the Year 2026

CISO Alliance / secIT · DACH

15+ years
Information Security
CISSP · CISM · ISO 27001 LA · T.I.S.P.
Senior-level certifications
Follow on LinkedIn

How it works

One hour of advice. Or weeks on your own.

Consulting without prep and follow-up is small talk. At CertMap the hour on the phone is just the most visible part of a structured process.

  1. You book and fill out a 15-question pre-call form.

    Current role, goal, certs held, education, industry, budget, timeline. ~10 minutes. You pick 2–3 preferred slots; I confirm within 24 h.

  2. You get a briefing before the call.

    1–2 page PDF based on CertMap data and your answers. Your starting point in writing, before we talk.

  3. We talk for 60 minutes.

    Structured by your topic map. I use the CertMap tools live with you, you understand why I recommend what.

  4. Within 48 h you get the protocol.

    3–5 page PDF: 3–5 concrete recommendations with reasoning and source, cert roadmap 12–24 months, funding-path hints, next steps with dates.

  5. One follow-up question within 30 days is included.

    If a question comes up while implementing, I'll answer it. By email, in writing, with the same care.

Three topics

What matters beyond
certifications.

Three life situations, three consultations. Cards 1 and 2 are cert-strategic. Card 3 deliberately goes beyond, because the jump to leadership doesn't fail on certifications.

1:1 · 60 min

How do I get into cyber in the first place?

You're more than (no) degree

For career starters after a completed degree or apprenticeship. IT specialist, IT graduate or German-studies master with cyber ambitions: the path is decided by questions no cert vendor answers neutrally. Do I (still) need a degree, or is my base enough? Which cert first, without burning €1,500–4,000 in dead ends? Aufstiegs-BAföG, education leave, AZAV: what fits my situation?
Leverage
Up to €18,000 in wrong investments avoided
  • Cert sequence
  • Funding
  • Degree question
  • Dead-end protection
1:1 · 60 min

What comes next?

The right next step

For security pros with 2–8 years of experience. SOC, pentest, GRC, detection engineering, cloud security: you're in, but the next cert decides which way your profile tips. Specialise or broaden? CISSP now, or hands-on depth first with OSCP, GIAC or vendor cert? We build the plan from your current role and the position you want in 24 months, not from cert-vendor recommendations.
Leverage
€10–20k salary jump through specialisation
  • CISSP timing
  • GIAC vs. vendor
  • Specialisation
  • Career roadmap
Premium
1:1 · 60 min

How do I become CISO-ready?

Becoming CISO is not a cert question

For senior pros with 7+ years on the way to Lead, Head of or CISO. The jump rarely fails on competence. It fails on visibility, board language, headhunter radar and a CV that boards can't read. Another cert won't change that. What helps: CISO-language, credibility beyond certifications, and insider knowledge from actual CISO practice.
Leverage
€15–30k salary delta p.a.
  • Board language
  • Headhunter radar
  • CISO insides
  • Credibility

Launch prices. CertMap is new. The first consultations are priced lower because I'm gathering experience and building on referrals. You get the same substance as later customers at a fair entry price.

Consulting fees are tax-deductible in DE as work-related expenses (employees) or business expenses (self-employed). Effective cost at top tax rate reduces accordingly.

What you don't get

An honest list of what this consulting is not.

If you need one of the following, there are better addresses than me. I'm specialised, and that's exactly what makes the price fair.

  • No commissions from training providers or cert vendors

    CertMap takes no kickbacks. Recommendations aren't distorted by commissions, that's the foundation of trust.

  • No application coaching, no LinkedIn profile coaching

    There are specialised coaches for that. I stay on the question "Which qualification for which path?".

  • No psychological career counselling

    "What do you actually want in life?", others answer that better. I help you efficiently execute a decision you've already made.

  • No guarantees on jobs or cert pass

    Instead: traceable recommendations with sources, ones you can understand and check yourself. Data-journalism, not promises.

Frequently asked

Before you book.

What if I fit multiple topics?

Book the topic that hits your most important open question. In the pre-call form you can mark side topics, if they're short and clear, we cover them too. If they'd blow up the main topic, I'll say so honestly.

Can I use Aufstiegs-BAföG for the consulting?

No, Aufstiegs-BAföG funds the actual advancement-training fees, not the consulting beforehand. But: the consulting itself is tax-deductible as work-related or business expenses.

What if the consulting doesn't help me?

I don't give success guarantees, that would be dishonest. What I do guarantee: if I see while reading your pre-call form that I can't help, I'll tell you before the call and you get your money back.

How do I pick a slot?

In the booking flow you pick 2–3 preferred slots from the next 14 days. I confirm within 24 hours which one works, usually the first choice. Solo advisor, not a call centre.

Still unsure?

An hour with data and a practitioner, or fifty hours on Reddit.

The tools on CertMap stay free. But if you want the puzzle pieces assembled, this hour is the fastest way there.

Launch phase
View topics & book