How an IT department developed pragmatic solutions on its own without expensive external products
A special feature of this company: The internal IT department does not buy solutions “off the shelf”, but prefers to program them itself. This offered us an extraordinary treasure trove of creative solutions in consulting. The department, in turn, benefited enormously from our support in setting up processes and structures in order to translate this creative and technical strength into results more efficiently in the future.
In this success story we show how a company benefits from sensible consulting at all levels - not just when it comes to security.
The full-service provider for the electronics industry accompanies products from the layout of printed circuit boards through the configuration of entire systems to worldwide shipping and after-sales service.
Oliver Reimer
Head of IT
Oliver Reimer heads IT at ml&s and in this role attaches enormous importance to professionally organized, reliable security management. He relies on knowledge transfer through external experts and creative solutions.
As a manufacturing company, ml&s was confronted with the typical challenges that a production site brings with it in terms of information security: a heterogeneous network with sensitive systems and uncertainty about the status quo of IT security.
In this case, there were further challenges on a different level, but they soon turned out to be a stroke of luck in finding a solution. The entire IT department consisted of full-blooded “techies” who were heavily involved in the operational business and preferred to build all the solutions individually themselves. However, topics such as IT processes and organization, which are essential for the success of such a department, were challenging.
We first carried out a comprehensive penetration test to make the highest risks transparent and to be able to quickly start risk minimization.
During the subsequent consulting session, we met regularly with the IT manager and members of the IT team. We used these meetings to jointly design pragmatic solutions to current problems. This enabled us to combine the team's exceptional technical strength and “joy to play” with our support in terms of organization and management.
We trained the IT administrators to become junior penetration testers in certificate courses in order to expand their internal competencies in vulnerability management.
After working together on the most important findings from the first pentest, we established regular retests to validate progress and include possible new vulnerabilities in the optimization process.
The initial focus was on minimizing risk in IT. The second step was to align the OT to the same security standard.
In the course of our collaboration so far, Mr. Reimer and his IT department for ml&s have achieved a very high level of maturity in information security.
The continuous transfer of knowledge on special topics of IT security and skills in the process and management organization made Mr. Reimer and his team extremely capable of acting and independent in further optimization.
By cleverly using the technical strengths of its employees, ml&s was able to solve problems pragmatically without purchasing expensive external products.
How do you combine innovation and digitalization with security? How do you create operational space for the efficient implementation of IT security projects?
