Making the world more secure

Cybersecurity at Siemens in Spain

Siemens operates cybersecurity hubs worldwide, including one in Madrid. The security experts there develop preventive measures to protect against hacker attacks. 

In the northern Madrid metro area, 25 minutes by commuter train from the city center, lies Tres Cantos. The satellite city, which was built from scratch in the 1970s, offers vast parks, broad tree-lined avenues, and a rich selection of restaurants. But you don’t see any of that from the train as it rolls into the small station. Instead, you see the station to your right and, to your left, a glass building bearing a huge Siemens sign that is visible from afar.

 

At the entrance to the Siemens building, you pass through an extensive security check and then a smartly decorated atrium before arriving at an open-plan office where workers are intently focused on monitors displaying programming code and tables. “Bienvenidos to the Madrid Cybersecurity Hub,” says Adriana Biella. The telecommunications engineer is one of 20 colleagues here working to ensure the cybersecurity of Siemens products. 

 

1,300 cybersecurity experts

Biella and her colleagues are in good company. Siemens employs around 1,300 cybersecurity experts worldwide in cities like Munich, Beijing, Fredericton, Canada, and Lisbon to name a few – and across all of its business units. They all share one goal: To make life as hard as possible for hackers and to prevent them from breaking into Siemens systems. That is vital to Siemens and its customers. Siemens products operate everywhere – in power plants, in hospitals, and in chemical plants. It’s hard to imagine what would happen if hackers were to disrupt such systems. To ensure that that doesn’t happen, Siemens’ cyberexperts have to stay one step ahead of the hackers. As a project management officer, Biella is responsible for ensuring that all of the hub’s projects are in compliance with regulatory requirements, completed on time, and documented properly. 

Fernando Sánchez is all too familiar with hackers’ cunning. The computer engineer has worked in cybersecurity for 13 years, many of those as a penetration tester for management consultancy firms. His job as a pen tester was to hack into customers’ IT systems (on their orders, of course) in order to discover the systems’ vulnerabilities before the cybercriminals did. At the Siemens hub in Madrid, Sánchez uses his knowledge to detect threats to cloud infrastructures and close security gaps. He then puts this knowledge into software tools or recommendations that the Siemens business units use to secure their products and services and thus provide their customers with the best possible protection.

 

Madrid is one of the company’s newest hubs, opened in 2018. Most of its employees have only been on the job for a few months – Adriana Biella and Fernando Sánchez for six and seven months, respectively. The site is a crucial piece of Siemens’ strategy for improving cybersecurity. 

We are very service and user-oriented in our work, developing practical cybersecurity solutions that can easily be tailored to the needs of Siemens and its customers.

A focus on application

This focus on application is what sets the Madrid hub apart from the others. “We are very service and user-oriented in our work, developing practical cybersecurity solutions that can easily be tailored to the needs of Siemens and its customers,” says Sánchez. Adriana Biella points out that there is no strict division of work between the hubs, as everyone works together and location isn’t a factor. Biella is currently managing two projects whose project leads are at the Munich hub. There are also project managers in Lisbon managing other hubs’ projects, including some of Madrid’s. It sounds more complicated than it is: “We use all digital means of communication quite intensively. We hold meetings with our colleagues at other hubs several times a week,” says Biella. “And for new project launches, we meet in person.” 

Strong growth

Project lead Mariano Sanchidrian explains that the Madrid hub was first established to supplement the operations in Munich but it is currently growing by leaps and bounds. “We have 20 employees now. In October 2020, that number is expected to hit 30. Our team has reached critical mass to take on bigger projects and deliver solutions independently.” Sánchez, for example, is already consulting for Siemens internally on which of the security tools on the market are suitable for specific Siemens products and how to properly configure them. “Our goal is to be the security partner of choice for all of our customers, both internal and external,” says Sánchez. He says it is also conceivable that the team will be able to serve external customers without a direct connection to Siemens products in the future. 

Making life hard for hackers

The Spanish team’s focus is on protection, that is, on preventive measures that ensure that hackers have a very tough time of it or don’t even attempt an attack in the first place. The second prong of Siemens’ cybersecurity strategy, detection, is based in Munich. The third, defense, is handled 24/7 by teams in China, Lisbon, and Milford, Ohio, who hand off to each other as the sun rises and sets on each site.

 

Biella notes that the varied work is attracting more and more women, who are otherwise underrepresented in IT. She says Natalia Oropeza, Chief Cybersecurity Officer at Siemens, is a great role model. Sánchez is also happy with his job. He would never want to work as a “black hat”. “I believe in truth,” he says. As does Biella: “My work gives me a sense that I can change the world and make it a safer place.”