IG&H

At H&M Group, we believe fashion should be accessible to everyone without compromising on quality or sustainability. Our culture is built on collaboration, innovation, and a shared passion for making great design available to the many. We are a family of brands - H&M, COS, & Other Stories, Monki, Weekday, ARKET, and more - each with its own identity but united by common values and a vision for a more circular fashion industry. Our 135,000 colleagues worldwide work together to reimagine the future of fashion. We prioritize creativity, responsibility, and continuous learning. Our teams thrive in an environment where diverse perspectives are celebrated, and where sustainability isn't just a goal but a fundamental part of how we operate. From our stores to our design studios, from our supply chains to our digital platforms, we are committed to creating positive change and empowering our people to grow, innovate, and make an impact.

IGO Limited is an ASX-listed resources company operating at the convergence of traditional mining and the clean energy transition. The company owns and operates the Nova Nickel Operation in Western Australia and holds a 49% stake in Tianqi Lithium Energy Australia, providing exposure to world-class lithium assets including the Greenbushes mine and the Kwinana Lithium Hydroxide Refinery. This portfolio positions IGO as a primary supplier of battery minerals - nickel and lithium - essential to energy storage and electric vehicle manufacturing at global scale. From a security perspective, IGO operates in an infrastructure-critical sector where operational technology convergence with enterprise IT creates substantial attack surface. The company's technical environment includes Zero Trust architecture, SIEM platforms, and AI/ML-based threat detection systems - indicative of a mature security posture appropriate for critical infrastructure. Mining operations generate unique threat models: industrial control systems vulnerable to disruption, supply chain integrity requirements for battery materials destined for energy infrastructure, and the regulatory scrutiny that accompanies both export-controlled minerals and publicly traded resource companies. Under CEO Ivan Vella, IGO maintains operational focus on mineral exploration, mining operations, and lithium hydroxide refining across Western Australia. The company employs machine learning and process modeling software in its operations, suggesting technical sophistication that extends beyond extraction into optimization and predictive maintenance. Security practitioners here would engage with a hybrid environment where mines, refineries, joint venture partnerships, and corporate infrastructure must all maintain resilience against both targeted intrusion and operational disruption - making this less about defending a traditional enterprise perimeter and more about securing industrial processes that underpin global battery supply chains.

GBG processes over 62 billion identity transactions annually, running machine learning models against global data aggregates to separate legitimate users from fraudsters at scale. The threat model is customer onboarding - where financial services, healthcare, and e-commerce platforms face synthetic identity attacks, account takeover attempts, and document fraud. GBG's platform powers 800 million identity checks across 90 countries, using biometric verification, address validation, and real-time risk scoring to block bad actors while clearing genuine customers in seconds. Clients include HSBC, Visa, ASOS, and IBM. The technical stack centers on Python, C++, and deep learning frameworks - PyTorch, TensorFlow, Keras - for training fraud detection models that adapt to evolving attack patterns. OpenCV handles document and biometric analysis; JAX accelerates model inference at transaction volume. Backend infrastructure runs on Microsoft Azure with PostgreSQL databases, processing identity verification requests that touch data sources spanning fifteen countries of operation. The platform maintains a single authoritative record for identity and address data, enabling deterministic verification decisions under regulatory constraints like KYC and AML requirements. Founded in 1989 and now a FTSE 250 constituent, GBG employs over 1,100 people and serves 20,000+ organizations. The operational focus is global data orchestration - aggregating identity signals from disparate sources, normalizing formats, and running inference pipelines that must handle both high-assurance scenarios (opening bank accounts) and lower-friction use cases (e-commerce checkout). The company's longevity reflects the sticky nature of identity infrastructure: once embedded in a bank's onboarding flow or a retailer's fraud stack, these systems become difficult to replace.

LG Electronics operates a manufacturing and distribution network spanning 118 countries, which means its attack surface includes supply chain systems, IoT-connected consumer devices, vehicle component integrations, and commercial infrastructure deployed at scale. The company manufactures everything from smart TVs running webOS to connected home appliances and automotive components - each product line represents a distinct threat model, from firmware vulnerabilities in consumer endpoints to enterprise ERP security across global operations. The security team works across four business units: Home Appliance Solutions, Media Entertainment Solutions, Vehicle Components, and Business Solutions. This organizational structure requires managing security for both consumer-facing products with millions of deployed units and B2B systems handling manufacturing data, quality management (GQMS), and commercial deployments. The webOS platform alone demands continuous threat modeling as it powers internet-connected displays in homes and businesses worldwide. With 75,000 employees and manufacturing operations distributed globally since 1958, LG's security posture must account for legacy systems alongside modern connected infrastructure. The technology stack includes standard enterprise tools (ERP systems, Microsoft Excel) and specialized manufacturing equipment (XRF, XIM, digital multimeters), creating security requirements that span IT, OT, and embedded systems domains. Headquarters are in South Korea, with security operations necessarily distributed to match the company's multinational footprint.

S&W is a 143-year-old UK and Ireland accountancy firm now operating in sectors where digital risk is material: fintech, technology, renewables, and real estate. Among its traditional tax, assurance, and M&A advisory work, the firm lists "systems security" as a discrete service line - a signal that client infrastructure hygiene has become part of the scope. The threat model here isn't espionage or APTs; it's operational continuity for mid-market businesses whose finance systems, data pipelines, and third-party integrations have expanded faster than their security posture. The firm's client base includes finance and fintech companies, where regulatory scrutiny around data protection and transaction integrity is tightening, and technology companies navigating growth, acquisitions, and overseas expansion - all phases where security debt tends to surface. S&W's approach appears to bundle security considerations into broader operational optimization and technology enablement engagements, rather than positioning them as standalone projects. That suggests the security work is scoped around compliance frameworks, vendor assessments, and control mapping rather than red team exercises or incident response. For security practitioners, this likely means advising on governance structures, risk frameworks, and system hardening in environments where the IT function is lean and security is still owned by finance or operations. The work sits at the intersection of audit requirements and practical implementation - less about building a SOC, more about ensuring the controls documented for auditors actually exist and function. S&W serves clients throughout their lifecycle, including capital raises and M&A, where security due diligence and remediation timelines directly affect deal terms.

Orange EG operates Egypt's largest mobile telecommunications network, serving millions of customers with voice, data, and broadband services across 5G, 4G, 3G, and fixed-line infrastructure. Founded in 1998 as Mobinil and rebranded under the global Orange Group, the company functions as the country's first mobile network operator and maintains market leadership through heavy infrastructure investment. The technical surface area spans network engineering deployment, mobile telecommunications architecture, fixed broadband delivery via ADSL, and an expanding portfolio of digital services platforms. The company's technical domains extend beyond traditional telco operations into mobile financial services through Orange Cash, a digital payments platform targeting millions of unbanked Egyptians. This positions Orange EG at the intersection of telecommunications infrastructure, fintech, and digital services delivery - each representing distinct threat models and security requirements. Network infrastructure security, payment platform protection, customer data handling at scale, and API security for digital services all fall within the operational scope. As part of the global Orange Group, the Egyptian operation draws on international telecommunications expertise while managing locally-specific risks including protecting critical national infrastructure, securing financial transactions for a largely cash-based population moving digital, and maintaining service availability across a geographically diverse customer base. The company runs digital literacy and education programs alongside its commercial operations, expanding the attack surface to include community-facing platforms and educational technology systems. CEO Hesham Mahran leads operations from Egypt headquarters.