OT Security & NIS2
OT systems in pharma and process industries have grown over years, rarely by design. With NIS2, that becomes a compliance question - for many companies faster than expected.
Where does it get stuck?
IT security teams know frameworks and standards. But not plant structures, not PLCs, not proprietary protocols. What is standard in IT networks is often not feasible in OT networks.
OT teams know the plant inside out. But many perceive security requirements as a threat to what matters most: availability. Patches, segmentation, access controls - all of it sounds like risk, not like a solution.
Management wants compliance. Ideally without operational disruption, without high costs, without deep interventions.
Three worlds, three priorities - and the project never gets off the ground properly.
My approach
I start with a clear inventory. I speak with the right people at all levels, listen and bring together what is often scattered, unspoken or sitting in different people's heads. What emerges is not a presentation full of frameworks - but a concrete list: real risks, clearly prioritised, with a path to NIS2 compliance that you can actually work with. I am currently deepening the formal framework through an ongoing IEC 62443 training and certification with the ISA.
What you get
You get what is rare on the market: a consultant who genuinely understands all three worlds and can mediate between them. Most master one discipline well. Whoever brings all three together finds real risks instead of theoretical ones, mediates between the parties involved and develops measures that are operationally feasible.