Létitia Combes


Létitia Combes


Létitia Combes


  • +49 162 6024 888

  • letitia.combes@bxc-consulting.com

  • Wagnerweg 1
    85399 Hallbergmoos

With more than 8 years of experience in Cyber and Manufacturing Security and coming from a background of mechanical engineering and business management, Létitia lead projects in pharmaceutical, industrial, and consumer product companies. She coordinated the design of Cyber Strategies in IT and OT environments as well as the implementation of Security Programs, Security Operation Centers and Vulnerability Management Solutions​.

In the last 12 months, she managed a security implementation program in the production environement of a global customer and was a Senior Manager in a Big 4 company.

Language Skills

French Native
German Fluent
English Fluent
Spanish Medium

Soft Skills

Project Management – 8 Years
People Management – 6 Years
International Project – 9 Years
Collaboration Skills
Flexibility & Agility
Communication Skills
Intercultural Skills

Security Operations Experiance

IBM QRadar
Rapid 7 Nexpose
Qualys Vulnerability Management
Nessus Vulnerability Management
SOC Processes & Use Cases
Incident Response

OT Security Programs

OT Security Strategy
OT Assessment
OT Remediation Planning
OT Program Governance

OT Security Measures

OT Asset Inventory
Network Segmentation
Anomaly Detection

Office Tools

MS Word
MS Excel
MS PowerPoint
MS Visio
MS Projects


Jan 2020 GICSP Global Industrial Cyber Security Professional
Aug 2016 GCIH – Certified Incident Handler

Sept 2020 – Today
BxC Consulting

Since the founding of BxC Consulting, her time is shared between her customer dedication and her founder role in the business development of BxC.

Project experiences 

International pharmaceutical company
PMO lead and OT Security Subject Matter Expert
Responsibilities: Leading and steering a global OT Cyber Security improvement program in a pharmaceutical company. Managing the different implementation steps of the program incl. executive reporting, facilitating stakeholder management both at program and site level, working with the team both from multiple vendors and customer side to permanently improve the operations and design the next improvement cycle to reach the long term vision​. Acting  as technical contact both on program management and on different cybersecurity domains: network segmentation and firewall lockdown, security operation center and incident detection, etc. Supporting the customer program lead in all types of management activities: vendor management, program budgeting, team management, etc.

Jan 2020 – Aug 2020
Ernst & Young GmbH
Senior Manager Cyber Risk

During her time at EY, she focused on supporting the OT Security Program of one major pharmaceutical customer. Internally, she also participated in growing the EY team and the structuring of portfolio.

Project experiences 

International pharmaceutical company
PMO lead
Responsibilities: Leading a global OT Cyber Security program in a pharmaceutical company from OT assessment to implementation. Managing the program incl. executive reporting, coordinating stakeholders, ensuring permanent improvement both in project operation and at a strategic level. Coordinating the EY team in the different workstreams to ensure customer excellence. Acting as point of contact on program management and on different cybersecurity domains: network segmentation and firewall lockdown, security operation center and incident detection, vulnerability management solution and processes.

June 2019 – Dec 2019
Deloitte GmbH Wirtschaftsprüfungsgesellschaft
Senior Manager Cyber Risk

Coordinating multiple parallel cyber security projects and providing security expertise for different major DAX companies from different sectors, both in the IT and the OT security fields. Performing account management for a major industrial customer.

Project experiences 

International industrial company
Project manager
Responsibilities: Counselling a major DAX company in its overall cyber security strategy and performing overarching coordination  for several security projects (managing project dependencies).

International industrial company
Project manager
Responsibilities: Leading the setup and planning of a cyber security strategy and transformation program to design a service-based cyber organization across the IT, OT, and IoT areas. Designing a cyber security portfolio aligned with all key stakeholders. Providing management advise and cyber technical expertise all along the decision-making process.

International industrial company
Project manager
Responsibilities: Coordinating the design of a security team developing security concepts for critical assets of major industrial organizations. Defining design processes, cyber security template structure and communication matrix to ensure the efficient implementation. Rolling-out the security concept project based on a hybrid project management approach. Ensuring the quality gate to garantee the excellence of individual security concept (example of technical focus: ring-fencing, vulnerability management, user management).

May 2018 – May 2019
Deloitte GmbH Wirtschaftsprüfungsgesellschaft
Manager Cyber Risk

Leading different projects in parallel, as a manager at Deloitte, ensuring the project coordination, the quality of the deliverable, and the excellence of the approach.

Project experiences 

International insurance company
Project manager and Security Operation Center Subject Matter Expect
Responsibilities: Performing maturity review of the Security Operation Center of the customer. Providing expertise to define, challenge and publish the Target Operating Model of the incident detection and response team including design of the global organisational structure, definition of processes, selection of technologies.

International industrial company
Project manager
Responsibilities: Assessing against the  ISO 27001 scope the security maturity of a division of a major industrial customer and of its main vendors. Providing detailed recommendation and action plan to increase security maturity in collaboration with its vendors.

Dec 2016 – March 2018
IBM Deutschland
Managing Consultant Security

As a managing consultant at IBM, she focused consulting and architecture services on Security Operation Center design, vulnerability scanning and management, intrusion detection and prevention systems and the implementation of the IBM tool QRadar.

Project experiences 

International pharmaceutical company
Security Operation Center Subject Matter Expert
Responsibilities: Designing the target operating model of the global security operation center (SOC) of an international pharmaceutical company. Planning and rolling-out the implementation of the SOC in a hybrid mode setup utilising client internal resources and IBM managed services. Defining the processes and communication matrix required to the efficient operation of the SOC. Developing customer tailored use cases.

International aviation company
Project manager
Responsibilities: Planning and implementing of the security migration of an e-commerce platform for a major airline, including the design target architecture (network architecture of the security zones), the design of the SIEM environment, the development of the security use cases and related incident response playbooks, and the elaboration of incident response processes.

International industrial company
QRadar Correlation Expert
Responsibilities: Designing, implementing and testing client-specific use cases in QRadar to improve the detection of security incident. Designing playbook based on the defined correlation principle as well as processes to run the SOC.

Sept 2014– Nov 2016
Amadeus GmbH
SOC Analyst

Participating to the design, the run and the permanent improvement of the  Amadeus SOC and incident response global team.


Vulnerability management: Defining vulnerability management processes based on Rapid7 and Nessus. Leading  the vulnerability management taskforce in collaboration with system owners to mitigate the identified risks in a timely fashion.
Incident & crisis management: Handling of security incidents and crisis all along their life cycle (identification, containment, eradication, and recovery) based on QRadar and Splunk solutions.
Advisory to the CISO Office: Advising the CISO office on the decision-making process in the assessment of technical and organizational SOC concepts. Representing the SOC in different audit session, including PCI-DSS audits.

Nov 2012 – Apr 2014
LEXSI – Orange Cyber Security
IT Security Consultant

Focusing on security governance activities, support many medium-sized customers in France in building their cybersecurity governance and policy systems.

Project experiences 

Public Sector in France
Cyber Security Organization Consultant
Responsibilities: Designing the cybersecurity organisational structure and the policies based on customer requirement analysis in alignment with the different stakeholders.

Secure Inks Company
Cyber Security Awareness Subject Matter Expert
Responsibilities: Developping of a global cyber security awareness campaign for all types of internal users, tailored to the specific requirement of the customers, balancing the benefits from different cyber awareness approaches including gaming, standard e-learning, etc.

Insurance Company
ISO 27001 Auditor
Responsibilities: Preparing and conducting an ISO 27001 assessment for a a medium-size insurance company,  in order to increase the maturity level of the company and enable them to succeed in a smooth certification process.