You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Malt Strategy
New report
Malt Tech Trends 2026
Malt Strategy
New report
Malt Tech Trends 2026
Lukasz M.LM

Lukasz M.

Security Architecture Reviewer | AI & Cloud

£778/day
Wroclaw, PL
15+ years
Security Architecture Review
AI Security Assessment
Threat Modeling
Cloud Security (Azure)
ISO 27001 / ISO 42001 Consulting

Average response time: 1 hour

About Lukasz

I'm a Senior Security Consultant with 23+ years in IT and 6+ years focused on cloud, application and AI security. I work with product teams, CTOs and engineering leads who need an experienced second pair of eyes on their architecture before it goes to production.

My sweet spot is reviewing and stress-testing architectures at the intersection of AI/LLM security, cloud (Azure) and DevSecOps — identifying gaps that internal teams are too close to see. As companies rush to deploy AI-powered products, the risk surface is growing faster than most teams realise.

I've conducted 50+ security architecture reviews across cloud onboarding, service upgrades and new product launches. I've assessed Azure environments (AKS, VMs, networking), reviewed SAST/DAST/SCA tooling implementations, and evaluated security posture in regulated industries including MedTech and financial services.

My work is grounded in frameworks including ISO 27001, ISO 42001, NIST 800 series, OWASP and CIS Controls, with formal training in CCSP, CISM and ISO 42001 AI Management auditing. This gives me both technical depth and the ability to communicate findings clearly to both engineers and senior stakeholders.

What I can help you with:

  • AI/LLM security architecture review (OWASP LLM Top 10, agentic systems, RAG pipelines)
  • Cloud architecture review — Azure-first, Zero Trust, defence-in-depth
  • Threat modelling for new products and features
  • DevSecOps pipeline review — identifying security gaps in your CI/CD
  • ISO 27001 / ISO 42001 gap analysis
  • Security review for regulated products (MedTech, fintech, GDPR)

I work best in short, focused engagements — a single architecture review, a targeted threat modelling session, or a periodic advisory role. I bring senior-level rigour without the overhead of a large consulting firm.
Based in Wrocław, Poland. Available remotely across Europe.
Medical Devices
Consulting and Audits
Banking and Financial Services

  • Polish

    Native or bilingual

  • English

    Fluent

  • German

    Basic

Remote only
Primarily works remotely

Experience

  • EY
    Security Consultant
    December 2022 - Today (3 years and 6 months)
    • Led in over 50 information security reviews to onboard new services and systems and upgrade existing ones into the EY cloud infrastructure as per security policies,
    • reporting risks to stakeholders,
    • reviewing reports from security scanning tools SCA, SAST, DAST, Container Security and compliance, communication related risks to stakeholders and senior management,
    • cooperating with the Privacy and Confidentiality Impact Assessment (PIA), Business Impact Analysis (BIA), Security Supplier Risk Assurance (SRA) departments,
    • creating and updating Minimum Security Baseline (MSB) documents,
    • reviewing of certification testing results and support with remediation actions,
    • providing recommendations for project team on security architecture, vulnerability remediation, risk assessment,
    • researching products, their security and implementation best practices. . Technology/Standards/Tools: Archer GRC, Azure, Azure DevOps, Windows Servers, Ubuntu, RedHat, CIS, CVSS, Checkmarx, Mend, Qualys, Aguasec, GitHub, ISO27001, NIST 800 series.
    Microsoft Azure ISO 27001 Risk and Vulnerability Assessment Threat Modelling AI Security
  • Smartpatient
    Security Engineer
    July 2022 - November 2022 (4 months)
    • Leading the implementation of security standards and necessary controls to protect cloud based MyTherapy platform (ISO27001, OWASP, NIST 800 series),
    • working closely with the application development: Backend, Frontend (mobile IOS, Android), product, and
    • software QA teams to implement software security for the service operating in AWS.

    Technology: AWS (AWS Backup, IAM, S3, RDS, CLI), GitHub, Dependabot, Jira, Confluence, 1Password, Slack, CloudFormation, Python (troposphere), CVSS, NVD.
    ISO 27001 Data Privacy (GDPR, CCPA) Risk and Vulnerability Assessment OWASP AWS
  • S3 Connected Health
    Information Security Officer
    November 2019 - June 2022 (2 years and 7 months)
    • Maintenance of the Information Security Management System (ISMS) according to ISO 27001 – e,.g: processes and procedures maintaining, risk incidents handling, coordinating security risks management, asset and access management
    ISO 27001 Vulnerability Management SDLC Risk Management Threat Modelling
Check out Lukasz's experience

Recommendations

Be the first to recommend Lukasz

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Signup to reveal

Education

  • Lead Auditor for Information Security Management System ISO/IEC 27001:2022
    BSI
    Lead Auditor for Information Security Management System ISO/IEC 27001:2022
  • Artificial Intelligence A-Z 2024: Build 7 AI + LLM & ChatGPT
    Ernst & Young Global
    Artificial Intelligence A-Z 2024: Build 7 AI + LLM & ChatGPT
Check out Lukasz's education

Skill set

Least Privilege Principles
GRC (Governance, Risk and Compliance)
Security Awareness Training
Risk and Vulnerability Assessment
Data Privacy (GDPR, CCPA)

Categories