Bombardier Inc. manufactures business jets for private clients, corporations, and governments, operating a global production and maintenance network that's been building aircraft since 1942. The threat surface spans aviation-grade supply chain security, operational technology in manufacturing facilities, and the flight systems themselves - where a compromise could mean more than data loss. The company runs SAP S/4HANA for enterprise operations, deploys SIEM and IAM tooling, and aligns to NIST, ISO 27001, and CIS Controls frameworks.
The security function protects both corporate IT infrastructure and the specialized systems used in aerospace manufacturing and aircraft maintenance. This includes certified technician workflows, engineering design environments, and the supply chain dependencies inherent to building Global 7500, Global 8000, and Challenger series jets. Teams work across jurisdictions with varying regulatory requirements - Canadian headquarters, global facilities, and customers who include government entities with their own security mandates.
The operational context matters: aviation manufacturing involves long development cycles, strict certification processes, and physical assets where security failures have kinetic consequences. Defenders here need to understand OT/IT convergence, think through insider risk in high-skill workforces, and balance security controls against manufacturing timelines that can't easily absorb friction.
