The requirements for energy-generating systems in the information security sector are high and constantly changing. Therefore, Heiko, Team Lead IT Infrastructure & Cybersecurity, gives us an insight into current developments in his area as well as guidelines for manufacturing secure products. After his apprenticeship and first job as an industrial electronics technician, he studied electrical engineering and computer engineering. Today he leads the team in which he started as a student at meteocontrol five years ago. In this interview, Heiko takes us into his work, which combines teamwork, expertise and his commitment to cybersecurity. 

mc: Heiko, you've returned from the “AUXINNOS - Forum for Innovative Security” event in Augsburg, Germany, where you presented an overview of the new era of cybersecurity. How was the event and what did you take from it?

Heiko: Everything about the event was interesting. There were several exciting presentations on secure product development. In addition to the content-related ideas, I took away one important insight in particular: We are all in this together because we share the same challenges. Every company attaches greater importance to security. Exchanging ideas with like-minded people within a local community is important and makes it easier to implement the requirements.

mc: You talked about a new era. Where is the industry heading?

Heiko: The subject of security is huge and is being handled with different perspectives and standards around the world. The general mood is that cybersecurity must be continually strengthened with modern approaches. In my presentation, I illustrated this using the EU's cybersecurity strategy. The three main initiatives are the NIS2 Directive, the CER Directive and the Cyber Resilience Act.

The first two initiatives are about identifying important businesses and companies in the context of critical infrastructure and ensuring that sufficient measures in different areas such as in information security are available. The Cyber Resilience Act, on the other hand, requires manufacturers to set higher standards for the security of their products and to share responsibility for them throughout their entire life cycle. 

mc: And how can this be put into action when developing products securely?

Heiko: To put it simply, you need a motivated team, a lot of expertise and a solid set of rules. meteocontrol has a strong team with lots of creative and innovative ideas. On the other hand, we have a great range of specialist knowledge within the company. But it doesn't work without rules. That is why we have established guidelines and processes. We use these to ensure that we think about security from product design through development to quality assurance and beyond - in other words, throughout the entire life cycle of a product. Of course, we are guided by international standards. For example, product development in our Embedded division was recently certified in accordance with IEC 62443-4-1.

mc: It sounds as if the compliant implementation of guidelines can also be very extensive. What motivates you the most? 

Heiko: My team and our tasks. That may sound very contrived, but it's simple: I just really enjoy my job, the challenge of setting up new systems in projects or modernizing existing ones. There are always new puzzles and things to learn. For me it is fulfilling to work on solutions together and experience how things continue to develop.

mc: Can you tell us more about the team? 

Heiko: We are responsible for the operation and further development of the IT infrastructure. This means we manage all systems from the servers and network technology right up to the platforms we use to provide our services. We also have a group of security specialists who support us in securing our systems, but also provide advice on security issues to our specialist departments in-house. A broad field with many exciting tasks.

mc: So what does your day-to-day work look like? 

Heiko: My day-to-day work is very much characterized by living with technologies along our procedural frameworks. This means that you not only have to constantly develop and optimize the systems in our IT, but also yourself. I was very lucky because I have nice colleagues at meteocontrol with a lot of expertise from different disciplines, from whom I was able to learn when I started here as a student. Today I am a mentor myself. I have come to really appreciate this team spirit over the years.

mc: What was your last challenge for which you developed a solution together? 

Heiko: The last project was the review and adaptation of our processes against the mentioned directive IEC 62443-4-1. Working well together with an interdisciplinary team is essential here. This enabled us to meet this challenge. Since December 2023, we have successfully completed certification in accordance with IEC 62443-4-1, which creates the basis for a secure development process. 

mc: Thank you very much for the interview and the insights, Heiko.

 

Would you like to learn more about secure development processes and cybersecurity? Meet us at The smarter E Europe in Munich at booth B5.210. On Wednesday, June 19, 2024, Heiko will answer your questions at the booth after the official receipt of the certificate at 10:30 a.m. We look forward to seeing you! 

If you would like to become part of the team, take a look at our vacancies meteocontrol.com/karriere/unsere-jobs