Marcel Fischer not available until 06/30/2021

Marcel Fischer

IT and Manufacturing (OT) Security Consultant | Security Operation Center | Vulnerability Management

not available until 06/30/2021
Profileimage by Marcel Fischer Berater für IT und Produktionssicherheit (OT)  | Security Operation Center | Vulnerability Mgmt. from Hallbergmoos
  • 85399 Hallbergmoos Freelancer in
  • Graduation: Master of Engineering and Economics; Munich
  • Hourly-/Daily rates:
  • Languages: German (Native or Bilingual) | English (Full Professional) | French (Elementary)
  • Last update: 09.12.2020
KEYWORDS
PROFILE PICTURE
Profileimage by Marcel Fischer Berater für IT und Produktionssicherheit (OT)  | Security Operation Center | Vulnerability Mgmt. from Hallbergmoos
SKILLS
Working in global IT companies such as IBM and industry-leading consulting companies such as Deloitte and Ernst&Young (EY) in roles as Managing IT Security Consultant and Senior Manager, I have gathered more the 7 years of experience in Cyber and Manufacturing Security. Talking to workers on the shop floor, IT staff, engineers, and the C-Suite, I have noticed the growing demand for integrated cyber organizations supporting the business to leverage its full potential while limiting potential impact on the day to day operation.

During this time, I have supported numerous Fortune 500 companies, including life science, consumer retail, automotive, logistics, financial, etc., and multiple small and medium-sized companies to:
  • Perform a detailed current state analysis of their current cybersecurity maturity to identify and evaluate the overall risk profile
  • Design a sustainable and holistic cybersecurity strategy including detailed financial planning, roadmap development, and management board presentation
  • Develop and implement a comprehensive and client-tailored Target Operating Model (TOM), including transition planning
  • Plan and run global Cyber and Production IT transformation programs to implement large scale technological and organizational renewal projects
  • Design and implement a Security Operation Centers (SOC) including SIEM vendor selection processes, project management, implementation, process development, rule setup, and optimization and incident management planning and support in a role of a level 3 analyst
  • Design and implement a Vulnerability Management Programs including tool selection processes, implementation support, vulnerability analysis, and process design
  • Evaluate cybersecurity risks as part of Merger & Acquisition projects to identify potential weak points and design mitigating actions

With my cybersecurity and engineering background and numerous years of hands-on experience, I have learned that organizational cybersecurity in the IT and manufacturing environment can only be implemented and maintained considering a holistic approach focusing on people, processes, and technology. This is why my personal belief is that we should focus on all these layers to ensure a balanced organization utilizing tools fitting to their environmentskilled employees, and fast and efficient processes.

In case you have any questions regarding my profile or my experience, please do not hesitate to reach out at any point in time.
PROJECT HISTORY
  • 06/2020 - 09/2020

    • International Consumer Good Company
    • >10.000 employees
    • Consumer goods and retail
  • Manufacturing IT Cyber Security Service Catalogue, Target Operating Model and Process Map
  • The project aims to prepare the organization for a planned global rollout project covering 180 production sites starting in 2021. 

    Project Role: Project responsible manager

    The following fundamental tasks have been performed:
    • Design and implementation of a client-tailored production IT service catalog to outline and specify future global and local production IT security services 
    • Development of a global production IT target operating model including accountability and responsibility distribution on a global and local level
    • Design of related processes and connection of these processes in an overall process map

  • 06/2020 - 08/2020

    • International Media Company
    • >10.000 employees
    • Media and Publishers
  • Cyber Security Assessment during Merger & Akquisition activities
  • The project aims to identify potential merger & acquisition risks related to cybersecurity and the development of adequate mitigation measures.

    Project Role: Project responsible manager

    The following tasks have been performed:
    • Framework development to identify client-specific merger & acquisition risk scenarios
    • Evaluation of an acquisition opportunity regarding potential security risks based on the developed framework
    • Development of required mitigation actions
    • Evaluation of investment requirements to implement identified mitigation actions and related timeline

  • 01/2020 - 04/2020

    • International Consumer Good Company
    • >10.000 employees
    • Consumer goods and retail
  • Global Manufacturing IT Cybersecurity Strategy
  • The project aims to identify the current cybersecurity maturity of 180 heterogeneous manufacturing sites and develop a 4-year cybersecurity strategy to raise the identified maturity to a globally defined target.

    Project Role: Project responsible manager

    The following tasks have been performed:
    • Design of a global production IT assessment approach to evaluate the global cybersecurity maturity of an estimated 180 heterogeneous production sites
    • Conduction of a current state assessment to determine the global security maturity 
    • Development of a production IT security strategy and roadmap to increase the overall maturity
    • Design of a financial model to estimate the overall program costs required to achieve the individually defined target maturity

  • 01/2019 - 12/2019

    • International Pharmaceutical Company
    • >10.000 employees
    • Pharmaceuticals and medical technology
  • Global Manufacturing IT Blueprint Design and Maturity Assessment
  • The project aims to develop a globally binding manufacturing IT security blueprint, including a GAP assessment of more than 80 manufacturing sites.

    Project Role: Project responsible lead for an EMEA-wide assessment team

    The following tasks have been performed:
    • Development of a client-specific cybersecurity production segmentation blueprint including details towards network segmentation and micro-segmentation, access management, remote access, monitoring, etc.
    • Organization and conduction of 19 EMEA-wide production security assessments towards the developed blueprint
    • Identification of gaps and development of production site-specific countermeasures as part of a site-specific plan for action

  • 03/2019 - 10/2019

    • International Automotive Company
    • >10.000 employees
    • Automotive and vehicle construction
  • Planning and Implementation of a Global ISMS
  • The project aims to define and implement a globally valid and sustainable ISMS 

    Project Role: Project responsible manager

    The following tasks have been performed:
    • Identification of existing policies, standards, processes, and guidelines
    • Development of an ISMS framework structure to ensure a consistent documentation
    • Resource and timeline planning including traditional project management approaches and agile methodologies
    • Development of aligned policies and standards including planned review cycles with involved stakeholders

  • 07/2018 - 10/2019

    • International Media Company
    • >10.000 employees
    • Media and Publishers
  • Global IT Security Strategy
  • The project aims to identify the current global cybersecurity maturity and develop a 3-year cybersecurity strategy to raise the identified maturity to a globally defined target.
    in addition, the project aims to develop and implement a sustainable target operating model including external support for vulnerability management and cybersecurity monitoring activities.

    Project Role: Project responsible manager

    The following tasks have been performed:
    • Conduction of a current state assessment to determine the global security maturity in a global heterogeneous client environment based on ISO 27000 and NIST
    • Identification of business-critical crown jewels including individual risk assessments
    • Development of an IT security strategy and roadmap and financial planning
    • Design and implementation of a client-tailored target operating model
    • transformation of the in-house vulnerability management towards an externally provided managed service including vendor selection
    • RFP development and tender process handling

  • 02/2019 - 06/2019

    • International Automotive Company
    • >10.000 employees
    • Automotive and vehicle construction
  • Global Manufacturing IT Security Strategy
  • The project aims to identify the current global production IT maturity and develop a 4-year cybersecurity strategy to raise the identified maturity to a globally defined target.
    This project was conducted within Japan utilizing a specifically developed framework based on manufacturing security leading practices.

    Project Role:  Production security subject matter expert

    The following tasks have been performed:
    • Conduction of global production security assessments based on leading practices such as NIST and IEC 62443
    • Design of a manufacturing site-specific and globally integrated production security strategy
    • Development of a global roadmap including site-specific prioritization and staging

  • 10/2018 - 02/2019

    • International Automotive Company
    • >10.000 employees
    • Automotive and vehicle construction
  • Manufacturing Cybersecurity Splunk Use Cases
  • The project aims to define a global manufacturing IT asset identification and classification process including required technical tool selection

    Project Role: Project responsible manager

    The following tasks have been performed:
    • Identification of potential log sources and relevant log information
    • Design and test of Splunk Use Cases based on the identified log information
    • Development of a future logging concept including details on further security-relevant information

  • 10/2018 - 01/2019

    • International Automotive Company
    • >10.000 employees
    • Automotive and vehicle construction
  • Manufacturing IT Asset Management
  • The project aims to define a global manufacturing IT asset identification and classification process including required technical tool selection

    Project Role: Project responsible manager

    The following tasks have been performed:
    • Analysis of existing asset management tools and process
    • Definition of a future asset management process and classification requirements
    • PoC of potential technical solutions to support the overall asset management to validate the matching with defined requirements
    • Roll out of the identified solution and developed processes in a selected target manufacturing site

TIME AND SPATIAL FLEXIBILITY
I'm available to travel globally with no restrictions
GET IN TOUCH

Message:

Sender:

WEB PRESENCE