I work on the strategic and technical foundations of cybersecurity in safety-critical industrial environments. My focus is on architectures that remain effective when enterprise IT requirements collide with operational reality, long system lifecycles, and constrained connectivity. That means working on foundational layers that must remain reliable over decades: identity, trust, network boundaries, and risk management models that line organizations can actually sustain.

Analytical work on OT security architecture, operational constraints, trust models, and failure patterns in high-consequence industrial environments is published at mattiaspilroth.com.

This repository contains the source for that work alongside working notes and developing thinking that has not yet resolved into finished analysis.

• Industrial identity and access OT Active Directory architecture, hardening, lifecycle management, and separation from enterprise IT identity.
• Network architecture and boundaries Network segmentation, DMZ patterns, and boundary design aligned with IEC 62443 principles.
• Risk management and control selection Structuring OT risk assessments around realistic threat and failure scenarios, translating risk into technically and organizationally viable controls.
• Regulatory translation Translating regulatory requirements (NIS2, IEC 62443) into concrete, operationally sustainable engineering controls.

mattiaspilroth.com · linkedin.com/in/mattiaspilroth

All content represents independent technical analysis based on professional experience. Does not represent employer positions.