Vector was asked to evaluate and optimize cybersecurity. First we did some workshops with the employees. This built the necessary initial security competences. At the same time we made the Vector SecurityCheck as an initial baseline. In addition we were able to evaluate the existing architecture and methodology. On this basis we initiated a comprehensive threat assessment (TARA: Threat and Risk Analysis). From the TARA results we derived security goals, which were then evaluated. It soon became clear that some mechanisms, such as secure boot, though necessary and effective, would take more time and effort than initially foreseen. With our risk oriented approach used we brought all necessary steps in a comprehensible framework. This framework was then implemented in the coming months - finally also adressinmg secure boot.