Skip to content
Leon Köllerwirth Hlihel

First built · then led · now orchestrated

Agentic AI, security & architecture for regulated and critical environments.

I build, secure and own AI platforms — on a foundation of 20+ years of IT leadership in regulated and critical environments.

20+ years of IT leadership — Head of Cyber Security, IT Director, Interim CPO. Board-level reporting, greenfield IT from scratch.

Book a callSee projects
BUILTSystems, software, platformsLEDTeams, units, budgetsORCHESTRATEDPlatforms, governance, agents
  • BaFin-regulated
  • OT / critical infrastructure
  • board-level reporting
  • industry-standard software

A conductor plays no instrument better than the musicians — the job is to make the whole hold together.

01

Impact

What decision-makers concretely get.

Risk reduced

Ransomware incident in a regulated environment contained as incident lead within hours — damage averted, operations kept running.

Compliance & governance secured

Security and governance frameworks for a BaFin-regulated financial institution across 15+ markets, reporting up to board level.

Efficiency & growth

Company-wide greenfield IT built from scratch — measurably better plant efficiency and shorter time-to-market.

Delivery capability

Brought multiple products and dozens of features to market for critical energy infrastructure as interim Chief Product Owner.

Teams & organizations led

Functional leadership across several units and international projects; IT organizations built from scratch.

02

How I work

Two ways to work with me — the same end-to-end responsibility.

As interim & senior manager / team lead

I lead teams, units and transformations in regulated and critical environments — from build-up to accountability at board level.

As principal for agentic AI

I build, secure and own AI platforms end-to-end — until they hold up in operations, in audits and before the board.

Three disciplines, led from one desk

As a senior manager I bring these three disciplines together at one desk — and build each one first-hand, so I can judge it, until the interplay runs reliably.

The desk

Agentic AI

Agent pipelines and local LLM deployments — built first-hand, so I can actually judge them.

Security

Sovereignty, isolation, evidence and audit trail as a design principle.

Architecture

Platforms that hold up in operations, in procurement and before the board.

03

Track record

Real, regulated projects — with numbers, context and my role.

Daimler Mobility

Enterprise Architecture · Head Cyber Security / ISO

~€1.2M

estimated loss avoided — ransomware incident (Zurich) contained as incident lead

  • BaFin-regulated financial institution, 15+ European markets
  • Board-level reporting · budget up to €5M · up to 100 FTE (functional)
  • Self-service security portal across 15 markets (>1,200 users)

SMA Solar

Chief Product Owner (Interim) · Embedded energy software

3 products

brought to market as interim Chief Product Owner across several teams — around 30 new features

  • Embedded software platform for inverters / energy management (critical infrastructure)
  • Owned product backlog, roadmap and releases across multiple product teams
  • Established SAFe and domain teams; co-shaped the central architecture platform (ArCo)

Tönnies Group

Head of Engineering · greenfield IT

0 → 7

plants built group-wide from scratch

  • OEE +18% via IoT instrumentation of the lines
  • time-to-market −20% via a near/offshore dev center
  • co-built fTrace — now an industry standard

Saturious

Cloud & security architecture (engagement)

~−20%

OPEX reduced — via a FinOps and licensing model

  • IIoT security blueprint for cloud-native deployments
  • designed the overall cloud strategy and scaling model

Figures rounded. Happy to walk through the derivation and context in a conversation.

04

Current projects

What’s taking shape right now — openly marked as in development, not a finished reference. It is also the one place where my AI work can be inspected directly.

StudyWithMe

In development · ongoing

A syllabus-guided AI study coach for universities

The reference implementation of the very principles I sell — sovereignty, isolation, evidence and an audit trail — proven on my own production system first.

Problem

Students — especially in medicine — drown in fragmented curricula; the cross-links between subjects stay invisible, and current research is decoupled from the actual learning path.

Built

A swarm of cooperating agents manages the knowledge around a course of study across many nodes: it couples a university's syllabus dynamically to each student's guided learning path, weaves in current research, and generates several didactical reasoning pathways — medicine as the pilot. Underneath, a sovereign, auditable knowledge pipeline already runs (below) — moving step by step toward a medical reasoning system.

Value for a client

A university couples its syllabus, alive, to each student's individual learning path and connects study with research — explainable, evidence-based, with traceable reasoning pathways rather than a mere knowledge store — built on the same sovereignty and auditability principles as regulated AI.

The agentic knowledge pipeline (already running)

  1. 01Gap detectionDeterministic scan: what’s missing is derived from the files — never from a stored snapshot.
  2. 02Local translationaya-expanse:8b via Ollama, temperature 0, SQLite checkpoint. €0 per call, nothing leaves the device.
  3. 03Citation gateEvery Cyrillic token must survive verbatim — otherwise the translation is rejected.
  4. 04Idempotent applySurgical JSON patch with a JSON.parse guard — the file is never written invalid.
  5. 05EscalationOnly hard cases go to a hosted model (Haiku) — and through the same gate.
  6. 06Lint gates + ledgerMachine-checked gates and an append-only ledger per wave; commit only when all is green.

Local & deterministic first · a hosted model only for hard cases · commit only when every gate is green.

Principle → proof

Sovereignty

Translation runs locally (aya-expanse:8b via Ollama, on-device). Bulgarian content never leaves the machine — €0 inference instead of cloud tokens.

Isolation

API, app and data are separated (Docker); the API container deliberately cannot read the content directory. Secrets are checked via gitleaks in CI.

Evidence

Every AI call is logged (model, tokens, latency). Knowledge-graph edges carry source, confidence and soft-delete — AI edges are treated as low-trust.

Audit trail

AI features are individually switchable, off by default; every admin action and tier change is recorded immutably (DB trigger) in the audit log.

Own project in development — not a finished client reference. Architecture and figures proven on my own production system.

Architecture note (PDF)
05

Track record / career

Stations, roles, results, technology — chronological and verifiable.

  1. Self-employed / Freelance

    11/2020 – present

    Founder & Principal — Agentic AI, Security & Architecture · formerly Managing Director of HL Digitalization Solutions GmbH (until 2025)

    Responsibility: Building and owning AI/agent platforms for regulated and critical environments; AI governance & security architecture; engagements including SMA Solar and Saturious AG.

    Results

    • Developed StudyWithMe (cognitive learning platform with background agents, moving toward medical reasoning)
    • Productised services for regulated/medical clients: release assessment, audit-proof agent build, AI governance retainer

    Tech focus

    • Agentic AI / LLM
    • Cloud-Native
    • Kubernetes
    • Zero Trust
    • GitOps
    • EU AI Act
    • DORA
    • ISO 27001
    • IEC 62443

  2. SMA Solar Technology (engagement via HL Digitalization Solutions GmbH)

    02/2022 – 12/2025

    Interim Chief Product Owner — embedded software (energy / inverters)

    Responsibility: Product backlog, roadmap and releases across several product teams; SAFe and domain teams.

    Results

    • Brought 3 products to market, around 30 new features
    • Co-shaped the central architecture platform (ArCo)

    Tech focus

    • Embedded software
    • SAFe
    • Domain teams
    • Architecture platform (ArCo)
    • Atlassian/JIRA/Confluence

  3. Saturious AG (engagement via HL Digitalization Solutions GmbH)

    04/2021 – 01/2022

    Consultant cloud & security architecture

    Responsibility: Overall cloud strategy, cloud/IIoT security, scaling model.

    Results

    • OPEX reduced by ~20% via a FinOps and licensing model
    • IIoT security blueprint

    Tech focus

    • Cloud-Native
    • Cloud security
    • FinOps

  4. YOMA Solutions (permanent role)

    11/2020 – 04/2021

    Head of IT & Product Owner (core product YOMA-Cloud / MES)

    Responsibility: Functional and disciplinary leadership of 12 staff / 3 departments; reorganisation and realignment; IT strategy.

    Results

    • SAFe rollout → sprint predictability +30%
    • Realigned the core product

    Tech focus

    • Cloud
    • SAFe
    • Scrum
    • MES

  5. Daimler Mobility AG (permanent role)

    11/2016 – 10/2020

    Enterprise Architect → Head Cyber Security & ISO (progression)

    Responsibility: BaFin-regulated financial institution, 15+ European markets; reporting up to board level; budget up to €5M; up to 100 FTE (functional).

    Results

    • Contained the Zurich ransomware incident as incident lead (~€1.2M estimated loss avoided)
    • Cloud security framework (AWS/Azure) with SOAR & audit trail
    • Self-service security/governance portal across 15 markets (>1,200 users)
    • Big-data lake for real-time cyber-defense analysis
    • Leadership award from the Daimler Leadership Academy

    Tech focus

    • AWS
    • Azure
    • SOAR/SIEM
    • ISO 27001
    • Enterprise Architecture (TOGAF/C4)
    • BigData

  6. Tönnies Group (permanent role)

    04/2005 – 11/2016

    Head of Engineering / IT development lead — greenfield IT

    Responsibility: Built group-wide IT from scratch; 5–10 disciplinary, up to 30 functional reports; make-or-buy; group-wide IT standards.

    Results

    • Greenfield IT from 0 to 7 plants
    • Co-built fTrace (batch traceability) — now an industry standard
    • OEE +18%, time-to-market −20%, vulnerabilities −25%
    • In-house logistics, pricing and CRM software; data warehouse
    • Built a near/offshore dev center

    Tech focus

    • In-house software development
    • Data warehouse
    • IoT / production portals (Azure)
    • Near/offshore
06

Services

I help regulated organisations release and operate agentic AI safely — in three productised steps, outcome-driven rather than “consulting by the hour”. Every stage has a defined result.

Stage 01

Release assessment for agentic AI

Outcome: A defensible go/no-go recommendation with clear conditions — in weeks, not quarters.

I review a planned or existing agent system across architecture, security, governance and operational readiness — and tell you what it takes to pass audit, procurement and the board.

  • Architecture and threat analysis of the agent pipeline
  • Gaps against ISO 27001 · IEC 62443 · EU AI Act readiness
  • Prioritised action list with a release recommendation

Stage 02

Audit-proof agent build

Outcome: An agent platform that runs in production and ships its own evidence.

From reference design to a running system: agent pipelines with isolation, evidence and an audit trail — built so that the audit isn’t bolted on afterwards.

  • Reference architecture, local/sovereign LLM deployments
  • Isolation, secrets, logging and an end-to-end audit trail
  • Handover to your team with an operating and cost model

Stage 03

AI governance & operations retainer

Outcome: An AI platform that keeps passing the audit and the board long after launch.

Ongoing ownership of governance, security and operations: the conductor’s desk that keeps the platform standing in operations, in audits and before the board — even as models, markets and regulation move.

  • Governance board, policies and board-level reporting
  • Continuous security and compliance upkeep
  • Cost logic and operational steering of the platform
07

About

Senior IT manager and interim leader with over 20 years of leadership — from developer through enterprise architecture and cyber security to CPO / OT, today an independent principal for agentic AI in regulated environments.

I own platforms end-to-end — an architect who has also led products as their owner, built teams and brought company-wide systems into production from scratch. My responsibility doesn’t end at the design; it ends only when the whole thing holds: in operations, in the audit and before the board.

Outside of work, I photograph people. hamudi.de

08

Contact

Thirty minutes is enough to check which of your initiatives really need governance, security and operations.

Call · +49 152 3367 2982

Location

Bielefeld (DE)

Languages

DE · EN (C2) · IT · ES · BG
QR code – save Leon Köllerwirth Hlihel’s contact

Digital business card

Scan with your phone camera to save my contact directly.

Save contact (.vcf)