Marcel Fischer

IT/OT SECURITY & TECHNICAL PROJECT MANAGEMENT

Marcel Fischer

IT/OT SECURITY & TECHNICAL PROJECT MANAGEMENT

Marcel Fischer

IT/OT SECURITY & TECHNICAL
PROJECT MANAGEMENT

  • +49 171 740 5959

  • marcel.fischer@bxc-consulting.com

  • Wagnerweg 1
    85399 Hallbergmoos

With more than 7 years of experience in Cyber and Manufacturing Security and coming from a background of mechanical engineering, Marcel has supported pharmaceutical, automotive, and consumer product companies to design and implement holistic Cyber and Manufacturing Security Strategies and Programs, global Security Operation Centers, and Vulnerability Management approaches.

In the last 12 months, he successfully managed security strategy and security transformation projects as Senior Manager in a Big 4 company.

Language Skills

German Native
English Fluent
French Basic

Soft Skills

Project Management – 7 Years
People Management – 6 Years
International Project – 7 Years
Collaboration Skills
Flexibility & Agility
Communication Skills
Intercultural Skills

Security Operations Experience

Splunk
QRadar
Rapid 7 Nexpose
Qualys Vulnerability Management
Nessus Vulnerability Management
SOC Processes & Use Cases
Incident Response

IT/OT Security Programs

Assessment
Security Strategy
Remediation Planning
Program Governance

OT Security Measures

Asset Inventory
Network Segmentation
Anomaly Detection
OT SOC

Office Tools

MS Word
MS Excel
MS PowerPoint
MS Visio
MS Projects

Certifications

Dec 2019 GICSP Global Industrial Cyber Security Professional
Oct 2019 Nozomi networks Certified Engineer
Aug 2016 GSEC
Jun 2015 IBM QRadar SIEM 7.2 Administration and Configuration
Jun 2015 IBM QRadar SIEM 7.2 Foundation
Aug 2014 ISO/IEC 27.000
Mar 2012 ITIL V3

Sept 2020 – Today
BxC Consulting
Founder

Since the founding of BxC Consulting, he dedicates his time to delivering added value to BxC Consulting clients and his founder role in the business development of BxC.

Project experiences 

International media company
Security Consultant
Responsibilities: Supporting the client in evaluating the current large scale social media cybersecurity posture, designing a social media security enhancement project while evaluating potential technical and processual security measures to increase the overall security posture.

International manufacturing company
OT Security Consultant
Responsibilities: Advising the client to design an OT security journey to secure a diverse manufacturing environment. Developing a phased OT security service structure to support a fundamental basic security level enabling site-specific tailoring according to digitalization levels and business criticality. Designing of a gap assessment framework to evaluate the current overall and site-specific security posture against the designed security services.

Germany focused banking company
Technical Product Owner
Responsibilities: Supporting the client to implement a large scale SIEM environment in an agile project approach. Managing the different implementation steps of the program incl. reporting, stakeholder management, working with the team both from multiple vendors and customer side to permanently improve the operations and design the next improvement cycle to reach the long term goal​.

Jan 2020 – Aug 2020
Ernst & Young GmbH
Senior Manager Cyber Risk

During his time at EY, he focused on consulting in IT and production security for various DAX30, Fortune500, and small and medium-sized companies. Fields of activity include the conduction of as-is assessments to identify the current security maturity, development of IT and production security strategies, design and implementation of target operating models, evaluation of potential cybersecurity merger and acquisition risks.

Project experiences 

International media company
Project manager
Responsibilities: Developing a framework to identify client-specific merger & acquisition risk scenarios, evaluating an acquisition opportunity regarding potential security risks based on the developed framework, developing required mitigation actions, evaluating investment requirements to implement identified mitigation actions and related timelines.

International consumer retail company
Project manager
Responsibilities: Developing a global production IT assessment approach to evaluate the global cybersecurity maturity of estimated 180 heterogeneous production sites. Conducting assessment to determine the global security maturity and developing a production IT security strategy and roadmap to increase the overall maturity. Designing of a financial model to estimate the overall program costs required to achieve the individually defined target maturity.

International consumer retail company
Project manager
Responsibilities: Designing and implementation a client-tailored production IT service catalog to outline and specify future global and local production IT security services. Developing a production IT target operating model including accountability and responsibility distribution on a global and local level, designing related processes and connection of these processes in an overall process map.

May 2018 – Dec 2019
Deloitte GmbH Wirtschaftsprüfungsgesellschaft
Manager Cyber Risk

During his time at Deloitte, Marcel supported for various DAX30 and Fortune500 companies in IT and production security projects. Fields of activity include the conduction of current state assessment to identify the current security maturity, development of IT and production security strategies, design and implementation of target operating models, development of comprehensive and client-tailored vulnerability management programs, and the establishment of holistic risk management frameworks.

Project experiences 

International pharmaceutical company
Project lead for an EMEA-wide assessment team
Responsibilities: Developing a client-specific production network segmentation blueprint. Organizing and conducting a security assessments on 19 EMEA-wide production sites towards the developed blueprint. Identifying gaps and developing production site-specific countermeasures as part of a site-specific plan for action.

International media company
Project manager
Responsibilities: Conducting a current state assessment to determine the global security maturity in a global heterogeneous client environment. Developing an IT security strategy and roadmap, designing and implementing a client-tailored target operating model. Transforming the in-house vulnerability management towards an externally provided managed service including activities of vendor selection, Request for Proposal development and process optimization.

International processing industry company
Production security subject matter expert
Responsibilities: Conducting global production security assessments based on leading practices such as NIST and IEC 62443. Designing a manufacturing site-specific and globally integrated production security strategy. Developing a global roadmap including site-specific prioritization and staging.

Aug 2016– Jun 2018
IBM Germany GmbH
Managing IT Security Consultant

During his time at IBM, he focused on consulting  and service architecture with an emphasis on managed security information and event management, vulnerability scanning and management, intrusion detection and prevention systems, security operation center processes and procedures, custom use case development. Marcel was also member of the IBM „TEC Young Talent“ initiative.

Project experiences 

International pharmaceutical company
Project lead consultant with a team of subject matter experts
Responsibilities: Planning and organizing project and transition phases. Designing  a client-tailored security architecture including security operation center and vulnerability management processes. Developing a security strategy. Designing and supporting the implementation of a SIEM architecture. Developing client-specific use cases including playbooks for level 1 and 2 analysts, level 3 security incident handling including containment and resolution.

International IT-service provider for the aviation industry
Project lead consultant with a team of subject matter experts
Responsibilities: Designing of a client-specific SIEM architecture based on client individual requirements, while performing the roles of client focal point and project manager. Analysing existing vulnerability scanning and identifying vulnerability management architecture and processes improvements and redesigning architecture to increase vulnerability resolution efficiency and detection ratios. Negotiating sales agreements and designing a service contract including SLA definition.