Profileimage by Marcel Fischer Berater für IT und Produktionssicherheit (OT)  | Security Operation Center | Vulnerability Mgmt. from Hallbergmoos

Marcel Fischer

available

Last update: 23.06.2023

IT and Manufacturing (OT) Security Consultant | Security Operation Center | Vulnerability Management

Graduation: Master of Engineering and Economics; Munich
Hourly-/Daily rates: show
Languages: German (Native or Bilingual) | English (Full Professional) | French (Elementary)

Skills

Working in global IT companies such as IBM and industry-leading consulting companies such as Deloitte and Ernst&Young (EY) in roles as Managing IT Security Consultant and Senior Manager, I have gathered more the 7 years of experience in Cyber and Manufacturing Security. Talking to workers on the shop floor, IT staff, engineers, and the C-Suite, I have noticed the growing demand for integrated cyber organizations supporting the business to leverage its full potential while limiting potential impact on the day to day operation.

During this time, I have supported numerous Fortune 500 companies, including life science, consumer retail, automotive, logistics, financial, etc., and multiple small and medium-sized companies to:
  • Perform a detailed current state analysis of their current cybersecurity maturity to identify and evaluate the overall risk profile
  • Design a sustainable and holistic cybersecurity strategy including detailed financial planning, roadmap development, and management board presentation
  • Develop and implement a comprehensive and client-tailored Target Operating Model (TOM), including transition planning
  • Plan and run global Cyber and Production IT transformation programs to implement large scale technological and organizational renewal projects
  • Design and implement a Security Operation Centers (SOC) including SIEM vendor selection processes, project management, implementation, process development, rule setup, and optimization and incident management planning and support in a role of a level 3 analyst
  • Design and implement a Vulnerability Management Programs including tool selection processes, implementation support, vulnerability analysis, and process design
  • Evaluate cybersecurity risks as part of Merger & Acquisition projects to identify potential weak points and design mitigating actions

With my cybersecurity and engineering background and numerous years of hands-on experience, I have learned that organizational cybersecurity in the IT and manufacturing environment can only be implemented and maintained considering a holistic approach focusing on people, processes, and technology. This is why my personal belief is that we should focus on all these layers to ensure a balanced organization utilizing tools fitting to their environmentskilled employees, and fast and efficient processes.

In case you have any questions regarding my profile or my experience, please do not hesitate to reach out at any point in time.

Project history

06/2020 - 09/2020
Manufacturing IT Cyber Security Service Catalogue, Target Operating Model and Process Map
International Consumer Good Company (Consumer goods and retail, >10.000 employees)

The project aims to prepare the organization for a planned global rollout project covering 180 production sites starting in 2021. 

Project Role: Project responsible manager

The following fundamental tasks have been performed:
  • Design and implementation of a client-tailored production IT service catalog to outline and specify future global and local production IT security services 
  • Development of a global production IT target operating model including accountability and responsibility distribution on a global and local level
  • Design of related processes and connection of these processes in an overall process map

06/2020 - 08/2020
Cyber Security Assessment during Merger & Akquisition activities
International Media Company (Media and Publishers, >10.000 employees)

The project aims to identify potential merger & acquisition risks related to cybersecurity and the development of adequate mitigation measures.

Project Role: Project responsible manager

The following tasks have been performed:
  • Framework development to identify client-specific merger & acquisition risk scenarios
  • Evaluation of an acquisition opportunity regarding potential security risks based on the developed framework
  • Development of required mitigation actions
  • Evaluation of investment requirements to implement identified mitigation actions and related timeline

01/2020 - 04/2020
Global Manufacturing IT Cybersecurity Strategy
International Consumer Good Company (Consumer goods and retail, >10.000 employees)

The project aims to identify the current cybersecurity maturity of 180 heterogeneous manufacturing sites and develop a 4-year cybersecurity strategy to raise the identified maturity to a globally defined target.

Project Role: Project responsible manager

The following tasks have been performed:
  • Design of a global production IT assessment approach to evaluate the global cybersecurity maturity of an estimated 180 heterogeneous production sites
  • Conduction of a current state assessment to determine the global security maturity 
  • Development of a production IT security strategy and roadmap to increase the overall maturity
  • Design of a financial model to estimate the overall program costs required to achieve the individually defined target maturity

01/2019 - 12/2019
Global Manufacturing IT Blueprint Design and Maturity Assessment
International Pharmaceutical Company (Pharmaceuticals and medical technology, >10.000 employees)

The project aims to develop a globally binding manufacturing IT security blueprint, including a GAP assessment of more than 80 manufacturing sites.

Project Role: Project responsible lead for an EMEA-wide assessment team

The following tasks have been performed:
  • Development of a client-specific cybersecurity production segmentation blueprint including details towards network segmentation and micro-segmentation, access management, remote access, monitoring, etc.
  • Organization and conduction of 19 EMEA-wide production security assessments towards the developed blueprint
  • Identification of gaps and development of production site-specific countermeasures as part of a site-specific plan for action

03/2019 - 10/2019
Planning and Implementation of a Global ISMS
International Automotive Company (Automotive and vehicle construction, >10.000 employees)

The project aims to define and implement a globally valid and sustainable ISMS 

Project Role: Project responsible manager

The following tasks have been performed:
  • Identification of existing policies, standards, processes, and guidelines
  • Development of an ISMS framework structure to ensure a consistent documentation
  • Resource and timeline planning including traditional project management approaches and agile methodologies
  • Development of aligned policies and standards including planned review cycles with involved stakeholders

07/2018 - 10/2019
Global IT Security Strategy
International Media Company (Media and Publishers, >10.000 employees)

The project aims to identify the current global cybersecurity maturity and develop a 3-year cybersecurity strategy to raise the identified maturity to a globally defined target.
in addition, the project aims to develop and implement a sustainable target operating model including external support for vulnerability management and cybersecurity monitoring activities.

Project Role: Project responsible manager

The following tasks have been performed:
  • Conduction of a current state assessment to determine the global security maturity in a global heterogeneous client environment based on ISO 27000 and NIST
  • Identification of business-critical crown jewels including individual risk assessments
  • Development of an IT security strategy and roadmap and financial planning
  • Design and implementation of a client-tailored target operating model
  • transformation of the in-house vulnerability management towards an externally provided managed service including vendor selection
  • RFP development and tender process handling

02/2019 - 06/2019
Global Manufacturing IT Security Strategy
International Automotive Company (Automotive and vehicle construction, >10.000 employees)

The project aims to identify the current global production IT maturity and develop a 4-year cybersecurity strategy to raise the identified maturity to a globally defined target.
This project was conducted within Japan utilizing a specifically developed framework based on manufacturing security leading practices.

Project Role:  Production security subject matter expert

The following tasks have been performed:
  • Conduction of global production security assessments based on leading practices such as NIST and IEC 62443
  • Design of a manufacturing site-specific and globally integrated production security strategy
  • Development of a global roadmap including site-specific prioritization and staging

10/2018 - 02/2019
Manufacturing Cybersecurity Splunk Use Cases
International Automotive Company (Automotive and vehicle construction, >10.000 employees)

The project aims to define a global manufacturing IT asset identification and classification process including required technical tool selection

Project Role: Project responsible manager

The following tasks have been performed:
  • Identification of potential log sources and relevant log information
  • Design and test of Splunk Use Cases based on the identified log information
  • Development of a future logging concept including details on further security-relevant information

10/2018 - 01/2019
Manufacturing IT Asset Management
International Automotive Company (Automotive and vehicle construction, >10.000 employees)

The project aims to define a global manufacturing IT asset identification and classification process including required technical tool selection

Project Role: Project responsible manager

The following tasks have been performed:
  • Analysis of existing asset management tools and process
  • Definition of a future asset management process and classification requirements
  • PoC of potential technical solutions to support the overall asset management to validate the matching with defined requirements
  • Roll out of the identified solution and developed processes in a selected target manufacturing site

Local Availability

Open to travel worldwide
I'm available to travel globally with no restrictions
Profileimage by Marcel Fischer Berater für IT und Produktionssicherheit (OT)  | Security Operation Center | Vulnerability Mgmt. from Hallbergmoos IT and Manufacturing (OT) Security Consultant | Security Operation Center | Vulnerability Management
Register