An IT project manager solved a seemingly insoluble problem and was promoted to head of IT security.
In this success story by Kevin Naujokat, originally IT project manager of the WEIG Group, we show a feasible and successful solution to this problem. We also show how those responsible can significantly advance and professionalize IT security in their company with our support.
The WEIG Group serves the recycling, cardboard and packaging business units in an efficient circular system with a clear commitment to sustainability and resource conservation. The group employs around 1.800 people at several national and international locations.
Kevin Naujokat
Head of IT Security department
As head of the IT Security department at the WEIG Group, Kevin Naujokat is committed to expanding cyber resilience.
When Kevin Naujokat first contacted us, he was not yet head of the IT Security department - because this department simply did not exist yet. Nevertheless, the group's IT department was generally very well positioned in terms of personnel and expertise. It was important to firmly establish IT security in the overall IT context.
Mr. Naujakat came to us specifically with the following challenges: The regulatory requirements to the KRITIS operator required an efficient expansion of IT security. For this to happen, the first thing you had to do was Status Quo be identified in this area. Our task was to comprehensively examine the extensive infrastructure with many locations, services, systems and production sites.
An internal challenge was: Align the security standard of OT with that of IT. The operational characteristics of OT and a smaller staffing made many common measures impossible. Many departments would have given up at this point and checked off the optimization of OT security as impossible. However, with our support, Kevin Naujokat found a workable solution for this too.
In the course of our collaboration we also found a... M&A process took place, which required a review and optimization of IT security.
A extensive initial penetration test revealed weak points that the WEIG Group's IT initially worked on independently. Many of the findings were made possible through consistent mains separation be resolved.
In order to further expand IT security more efficiently, we supported Mr. Naujokat and his team after the first retest with advice and ongoing support. For building a custom-fit ISMS we established a common one Regular appointment structure.
We met the challenges of OT in 3 steps:
In M&A processes We were involved at an early stage to ensure that the level of security achieved was maintained.
The extensive initial penetration test made the highest risks transparent and enabled an efficient start to risk minimization.
The joint planning and implementation of risk minimization led to an increase in the IT security maturity level to a very high level appropriate to the KRITIS status - including the OT environment.
The integration into M&A processes ensured the maintenance of a group-wide security standard.
Continuous penetration tests (IT and OT, also international) enabled updated risk assessments.
Transparent reporting on the progress towards management resulted in the Establishment of a dedicated IT security department. Kevin Naujokat moved from IT project manager to head of this new department promoted.
How do you combine innovation and digitalization with security? How do you create operational space for the efficient implementation of IT security projects?
We use cookies, and Google reCAPTCHA, which loads Google Fonts and communicates with Google servers. By continuing to use our website, you agree to the use of cookies and our privacy policy.