Disrupting Old Patterns to Evolve SAP Security
When an SAP cyberattack occurs, you need a strategy in place, the right processes, your SAP team, your cybersecurity experts, and your auditing department to work together to stop the attack dead in its tracks.
But far too often that isn’t what happens.
Instead of a dedicated SAP cybersecurity strategy guiding your lines of defense, you have silos … and way too many “trouble monkeys.” (You can read more about them here.)

Protect Your Business-Critical SAP Applications and Build a Cyber-Resilient Workforce
NO MONKEY exists to break down the silos that put your business at risk by balancing and developing your people, processes and technology. By starting with people as the foundation, we help you create a security culture aligned with your organization’s objectives.
Offering end-to-end SAP cybersecurity advisory services and the world’s first online SAP-only cybersecurity training platform, we created NO MONKEY to show organizational leaders and professionals how to holistically secure SAP systems.
The old way of doing things isn’t enough anymore.
It’s time to break free of old patterns and start treating SAP security skills as a must-have across your entire organization.
With an SAP security roadmap, education and training, your organization can come together as a unified, highly trained defense resilient against cyberattacks.
To help you get started, we’ve created two paths to better your SAP security:
Meet Our Team
Our Team’s Core Values
Our values help shape our corporate culture and leave an indelible stamp on every project we work on, client we serve, and solution we create. The following nine core values are a living document that helps us hold ourselves accountable to the things we commit to with each other and with our customers. These values are the “special sauce” helping us exceed expectations in everything we do.
We believe people hold the superhero powers that will ultimately keep our digital world safe.
Jochen Fischer and Marco Hammel founded NO MONKEY after years of experience with SAP. As former SAP employees themselves, they understand intimately the challenges and opportunities this powerful and complex software offers.
As security consultants, they also understand how vulnerable SAP systems can be to cyber threats — and how little guidance there is out there for businesses simply trying to make smart, risk-based decisions to improve their SAP security.
“We have worked in the field of SAP security for over a decade educating others on the unique security traits of SAP core-technologies, advising on what organizations need to consider when securing SAP environments, and consulting on SAP-specific software security solutions. We understand intimately the unique security challenges this powerful and complex technology presents — and how outdated security approaches and lack of access to the right data and competencies leave organizations vulnerable to cyberattacks.”
Businesses simply trying to find the best way to manage their SAP security are left with no choice but to try and assemble their own piecemeal solutions with outdated approaches.
These solutions usually are not end-to-end, lack governance or an SAP-specific security strategy, rely heavily on security tools, compliance scans, and/or third-party vendors, and rarely focus on building internal cybersecurity competencies and a security culture.
We noticed these companies all had similar unknown and unaddressed obstacles hidden within their foundational structures. These structures fall under the three lines of defense, also known as SAP Operations, IT Security and Audit.
This prevented departments and employees from unifying to see, hear, and communicate SAP security issues holistically.
We refer to these obstacles as “trouble monkeys.”
When trouble monkeys are present, they break down interdepartmental communication, strengthen silo culture, and prevent stakeholders and teams from gaining a unified perspective of the organization’s unique SAP security status. As a result, unknown threats build up increasing organizational risk.
That type of approach to security leaves organizations wide-open for — and unprepared to deal with —successful attacks.
The volume of organizations seeking support for this type of situation was concerning. Digital transformation is moving fast. We knew we had deep expertise in SAP security. How could we transfer those expertise to as many organizations as possible, so they could stay ahead? How could we help them turn their people into a skilled army of cyber-defenders?
The answer was NO MONKEY.
It has to do with all of us.
We all have assets in the digital world — and we are all living in a time where technology is changing faster than the number of individuals with the right skill sets to keep our digital assets safe.
We care deeply about the privacy and security of our information and everyone else’s. Making cybersecurity training and advice more accessible increases the number of people properly protecting data: their own, yours, and that of the organizations we all deal with.
Simply put, we get up every day knowing that the more people we educate and advise, the more cyber heroes there are out there keeping our digital world safe.
Our Mission:
To empower people to protect digital assets by making advanced SAP cybersecurity knowledge more accessible. We want to teach as many enterprise organizations and security professionals as possible how to become proactively involved in safeguarding business-critical SAP systems and applications. We do this by showing you how to clearly see your unique SAP ecosystem through the eyes of security, then we help you harness the power of people, processes and technology to keep it safe.