Let's protect your data

I'm Florian, I help you select and audit your systems and implement security policies.

I have architected and secured a broad range of tech infrastructures. From bootstrapped startups self-hosting open source solutions, to venture capital funded enterprises on cloud providers, to non-goverment-organizations with strict physical security needs. Here are some examples of my work.

Strawman in a field standing by a fence.

Building a platform for productive disagreement

CruxHub: Fostering Productive Disagreement

CruxHub, deployed at fenc.es, is a side project I developed to facilitate productive disagreements and collaborative exploration of complex issues.

Screenshot of CruxHub interface
CruxHub's interface for mapping arguments and exploring different perspectives

Goals

  • A place where you can be wrong on the internet and then change your mind
  • Facilitate structured debates instead of listing all kinds of arguments that convinced none of the participants anyway
  • Quantify and visualize beliefs as trees of statements to identify cruxes
  • Promote self-reflection and collaborative learning
  • Enhance evidence-based decision making

CruxHub aims to improve the quality of public discourse by helping users refine their thinking, understand different viewpoints, and engage in more productive discussions.

Key features

  • Interactive argument trees
  • Confidence and impact metrics
  • Multi-user comparison views
  • LLM-assisted analysis and expansion

The platform uses LLMs to assist with backend processes and data analysis, such as automatically extracting arguments from shared articles. However, the core of CruxHub relies on human intelligence and interaction, facilitating human-to-human discussions and debates.

An illustrated double helix plasmid in green

Automation for a vaccine speedrun

Alvea: Speeding Up Vaccine Development

At Alvea, I played a crucial role in the company's mission to accelerate the development of pharmaceutical interventions. We worked on a COVID-19 vaccine tailored for low- and middle-income countries. Our goal was to create a vaccine with strong shelf stability, straightforward manufacturing, and easy adaptability to future variants.

An illustrated double helix plasmid in green
Illustration of a Plasmid

My contributions included:

  • Implementing automation and software solutions to streamline processes
  • Evaluating and selecting software based on product specifications, integrability, and feasibility
  • Programming and adapting tools for internal process optimization
  • Managing the IT budget and solving system and application problems
  • Supporting the procurement of suitable IT equipment

These efforts were part of Alvea's broader strategy to dramatically reduce drug development time. We achieved the remarkable feat of dosing our vaccine candidate, Alveavax-v1.2, in humans just 174 days after the company's founding, without compromising on safety precautions or good manufacturing practices.

Our approach included parallelizing vendor processes, strategic in-housing of critical steps, and maintaining an emergency mindset to overcome bottlenecks. By automating processes like NDA signing and redesigning vendor workflows, we significantly reduced timelines that are typically much longer in the pharmaceutical industry.

A desk with a widescreen monitor and an ergodox keyboard.

Structural self-hosting

Bootstrapping a structural engineering company

Without outside capital and a first office that had an 8 Mbit DSL connection, using commercial cloud services was no option for our newly founded company. So I decided to go the self-hosting route with physical on-premise servers. That gave us built in GDPR compliance as a bonus.
A desk with a widescreen monitor and an ergodox keyboard.

Once we got a better connection, I integrated everything with Nextcloud and ERPNext servers hosted on Hetzner through Wireguard tunnels, and used the local Proxmox VMs for staging and dev environments. To reliably configure everything, and be able to quickly spin up new instances I wrote Ansible playbooks and roles for everything. This extended even to the configuration of all Windows clients. A Rundeck instance allowed non-technical employees to trigger redeployments as needed.

This way the complete company IT infrastructure was represented as code, keeping manual configuration to a minimum.

Klimakönner website screenshot

Building the tech stack for an energy company

Building the tech stack for an energy company

As second employee at a startup biogas utility company my first task was to optimize the process of calculating fees down to the community and street level for Germany. The spreadsheet solution took 7 hours to run. My reimplementation in Go, took about 5 Minutes.

 Klimakönner website screenshot

These data allowed us to quickly update individual pricing, and transparently display it on the dynamic React based website I built. Getting the time to deployment of new prices down from days to minutes enabled us to quickly reacting to changing market conditions.

I went on to build an internal contract management system in Ruby on Rails, that allowed us to analyze and predict gas consumption for each customer based on weather data and calculating distribution costs. This enabled us to more reliably predict cash flows and update contracts as conditions changed.

Florian in a suit in front of a blue wall full of sponsor logos, holding a blue plastic award.
Me, accepting an award for high revenue growth, a measure that is clearly not indicative of the actual success of a company.

Although we initially won prices for our compound annual growth rate, customer aquisition was stagnating after a few years. After a period of investigating a possible pivot to new business models, we decided to sell the company to a larger competitor.

Three people walking on a red dirt road through the green Colombian countryside. One is wearing a shirt with the big logo of Peace Brigades International.

Security to make space for peace

Security to make space for peace

Working with Peace Brigades International, I wrote weekly security analyses to prepare for accompaniments of NGO workers all over Colombia. The goal was to evaluate if our presence as neutral international observers would sufficiently increase the cost of violent action against the persons that invited us to come with them.
Three people walking on a red dirt road through the green Colombian countryside. One is wearing a shirt with the big logo of Peace Brigades International.
A typical accompaniment mission would lead us to remote places in the countryside where there often was an absence of state authority.

Physical security was central to the job, but a lack of IT security would often translate into very real threats to the NGOs we accompanied, since they faced surveillance by various hostile actors. Because of this I also gave IT security workshops to help NGOs encrypt their hard drives and secure their communications.

Since PBI itself also held a lot of data about the activities of the other NGOs, I improved their cybersecurity stance, replacing windows clients and servers with encrypted linux machines and establishing a VPN connection between the offices.

This enabled all teams to contribute to a centralized internal wiki I introduced. It replaced a patchwork of word documents and spreadsheets with a structured knowledge base. Having this single source of truth helped to ground many decisions in actual data, that were otherwise unavailable or prohibitively difficult to compile.

Reliable encryption at rest played a central role due to our specific threat model, which anticipated device theft and police raids. We did role play and practice the specific actions (i.e. immediate server shutdown) to take in the event of an intrusion to the office.

Imprint

Legal information as required by German law

Contact

Email: x-imprint@faz.ms

Responsible for Content according to § 5 TMG

Florian Aldehoff-Zeidler
Scanbox #15075
Ehrenbergstr. 16a
10245 Berlin
Germany

Imprint