Automotive Cybersecurity Consultant in Stockholm

I'm Leon Kalema. I help automotive suppliers navigate cybersecurity regulations — ISO 21434, UN R155, and now the EU Cyber Resilience Act.

I'm based in Stockholm. I've worked inside automotive companies (Scania, InMotion AVS) and I understand what it takes to actually implement security in ECU products, not just write reports about it.

What I Do

CRA Compliance Programs

The EU Cyber Resilience Act requires products with digital elements to meet specific security requirements by December 2027. For automotive suppliers, this means:

• SBOM generation for every product

• 24-hour vulnerability reporting to ENISA

• Conformity assessment by notified bodies

• Technical documentation that satisfies auditors

I help you build the processes and documentation you need. Not theory — working systems.

ISO 21434 Implementation

ISO/SAE 21434 is the automotive industry's cybersecurity engineering standard. If your OEM customers are asking for 21434 compliance, you need:

• Threat Analysis and Risk Assessment (TARA)

• Cybersecurity goals and requirements

• Verification evidence

• Vulnerability management processes

I've implemented TARA methodology at Scania for heavy-duty truck systems. I know what OEMs expect and how to deliver it efficiently.

UN R155 Support

UN R155 requires vehicle manufacturers to have a Cybersecurity Management System. As a supplier, you feed into that system. You need to provide:

• Security evidence for your components

• Vulnerability notifications

• Incident response coordination

I help suppliers understand their R155 obligations and build the capabilities to meet them.

My Background

InMotion AVS (Current)

I manage cybersecurity for power electronics products — DC-DC converters and related ECUs for heavy vehicles. My work includes:

• Building TARA processes from scratch

• Defining security requirements for embedded systems

• Preparing products for ISO 21434 compliance

• Managing security across the product lifecycle

Scania (Previous)

I worked on TARA methodology for ECU systems in heavy-duty trucks. This included:

• UN R155 compliance preparation

• Cross-functional work between China and Sweden teams

• Security requirements for vehicle communication systems

17+ Years in Cybersecurity

Before automotive, I built security programs across multiple industries. I've seen what works in organizations of different sizes and maturity levels.

How I Work

Assessment First

Every engagement starts with understanding your current state. I'll review your existing documentation, talk to your engineers, and map what you have against what you need.

This gives us both clarity on the actual scope of work.

Practical Deliverables

I don't write reports that sit on shelves. I help you build:

• Working SBOM generation integrated into your build pipeline

• Vulnerability monitoring processes your team can actually run

• Documentation that satisfies auditors and notified bodies

• Training so your team can maintain these systems

Flexible Engagement

I can work as:

• A consultant for specific deliverables (gap assessment, SBOM implementation)

• An embedded resource on your team for longer programs

• An advisor for strategic decisions and regulatory interpretation

I'm based in Stockholm but work with clients across Europe. Most work happens remotely, with on-site time for workshops and key meetings.

Availability

I'm available for new engagements starting Q1 2026.

My capacity is limited — I take on a small number of clients so I can give each one proper attention.

If you're facing a CRA deadline or ISO 21434 requirement, let's talk now to secure time on my calendar.

Let's Talk

Book a 30-minute call. Tell me about your situation. I'll give you an honest assessment of what you need and whether I can help.

If I'm not the right fit, I'll tell you. And I might be able to point you toward someone who is.

Book a Free Consultation →