Graphic Packaging International operates 130+ manufacturing and design facilities worldwide, producing paper-based packaging at industrial scale for major food, beverage, and consumer brands. With $9 billion in revenue and over 25,000 employees, the company manages global supply chain infrastructure, production systems, and customer data across a distributed operational footprint. The attack surface spans operational technology in manufacturing plants, enterprise systems including SAP and RFGen for production management, and digital design pipelines connecting brand customers to production floors.
The threat model here is textbook critical infrastructure: facilities that can't afford unplanned downtime, legacy OT environments running production lines, and customer integrations handling proprietary packaging designs and supply chain data. The company serves household-name brands, meaning any breach affecting product integrity, supply chain coordination, or customer IP carries reputational and contractual risk. Physical-digital convergence is the challenge - securing both IT systems and the manufacturing execution systems that control actual production equipment across a geographically dispersed network.
Security work likely involves OT/IT convergence projects, third-party risk management across the supplier ecosystem, and protecting customer data in design collaboration workflows. The scale and industry vertical mean dealing with compliance frameworks for food safety traceability and supply chain security. Century-old company, modern attack vectors - the security function has to bridge operational imperatives with contemporary threat landscape realities.