Safetica

Safe Fleet operates across a threat surface that spans physical and digital safety systems - manufacturing stop arms for school buses, deploying advanced camera vision products on waste trucks and police cruisers, and building an integrated platform that ties it all together. The company's stated goal of zero preventable accidents means their systems need to work when a child crosses the street or a firefighter responds to a call. With over 1,700 employees across more than 15 locations in the US and Canada, Safe Fleet combines a century of fleet hardware experience with modern connected vehicle technology, creating an attack surface that includes IoT devices on moving vehicles, cloud infrastructure processing real-time video feeds, and safety-critical systems where failure isn't just data loss - it's lives at risk. The security stack reflects the complexity of protecting both cloud services and embedded hardware in the field. Safe Fleet runs on Azure Cloud with a defense-in-depth approach: GitHub Advanced Security and SonarQube scan code before it ships, Microsoft Defender for Cloud and Zscaler monitor runtime environments, Tenable hunts for vulnerabilities across infrastructure, and Microsoft Sentinel aggregates it all for threat detection. Azure Web Application Firewall sits at the edge. Docker containers move through CI/CD pipelines managed by Jenkins, which means every deployment needs scrutiny - a compromised camera firmware update or a vulnerable API endpoint could affect thousands of vehicles simultaneously. The tech stack shows an organization that knows it's managing risk across operational technology and information technology simultaneously. Safe Fleet's industry verticals - school transportation, emergency services, municipal waste collection - mean the company operates in sectors where cybersecurity intersects with public safety and regulatory compliance. Adversaries targeting these systems could range from ransomware operators looking for critical infrastructure payouts to nation-state actors interested in disrupting municipal services. The company's integrated platform architecture, which consolidates products and data across different vehicle types, creates both operational efficiency and concentration risk. Security teams here need to think about physical device tampering, wireless communication security, cloud service resilience, and the operational continuity of systems that schools and fire departments depend on daily.

Vatica Health is the leading provider-centric risk adjustment and quality of care solution, transforming how healthcare organizations optimize performance through innovative technology and clinical expertise. Founded in 2011, the company serves over 1.7 million patients across 41 states through partnerships with 11,000+ providers and 14 national and regional health plan clients. Vatica Health has earned the prestigious Best in KLAS® award for three consecutive years (2023-2025), recognizing its excellence in risk adjustment software and professional services. The company's unique model pairs expert clinical teams with comprehensive data and intuitive technology at the point of care, enabling healthcare organizations to achieve better financial and clinical outcomes. By capturing more accurate and complete diagnosis codes, Vatica Health helps improve coding accuracy by approximately 10% per patient, close care gaps, enhance compliance, and reduce regulatory risk. The organization has experienced significant growth, including acquisition by Frazier Healthcare Partners in 2023, and continues to expand its market-leading PCP-centric risk adjustment solution that health plans and providers actually use.

At Navantia UK, we combine centuries of naval shipbuilding heritage with modern innovation to strengthen Britain's defence, maritime and clean energy capabilities. Established in 2022 as a subsidiary of Spanish state-owned Navantia SA, we bring over 300 years of shipbuilding expertise to the UK industrial landscape. Following our acquisition of Harland & Wolff in January 2025, we now operate across four historic facilities in Belfast, Appledore, Methil, and Arnish, employing over 1,000 people nationwide. Our team is united by a commitment to sovereign capability and technological excellence. As prime contractor for the Ministry of Defence's Fleet Solid Support programme, we're building three next-generation vessels for the Royal Fleet Auxiliary. Beyond defence, we're actively supporting the UK's energy transition through offshore wind and green energy projects. We believe in investing in our people and communities, with plans to recruit 500 apprentices by 2030 and £115 million in investments across our UK facilities. Our STEADY values shape how we work: bringing together proud heritage with global expertise to deliver for Britain.

Intertek Sverige runs a testing and certification operation that's been validating products for the Swedish market since 1925. The core business is Total Quality Assurance - labs and field inspectors verifying that electronics, medical devices, automotive systems, and connected products meet CE marking requirements, product safety standards, and increasingly complex regulatory frameworks around chemical legislation and sustainability. They operate within a global network of over 1,000 laboratories across more than 100 countries, which matters when Swedish manufacturers need consistent validation across international markets. The cybersecurity angle here isn't pentesting-as-a-service - it's about product security assessment for connected devices and IoT systems that need certification. The team uses standard security tooling (Kali, Wireshark, Nmap, Burp Suite, Nessus, fuzzing frameworks) to evaluate threat surfaces during product testing cycles. Think vulnerability assessments for hardware manufacturers, not enterprise network defense. They also run Intertek Academy, a training program that includes cybersecurity modules alongside CE marking and management system compliance - pragmatic education for engineers dealing with regulatory intersections between product safety and security requirements. The work splits between laboratory environments and on-site inspection at customer facilities. The team includes engineers, certification specialists, and inspectors who understand both the technical validation piece and the regulatory frameworks that govern product releases in European and global markets. For anyone with hardware security or embedded systems experience, this is quality assurance work where security testing is part of the certification pathway, not incident response or red team operations.

Protective operates 16.9 million insurance policies and contracts representing over $1 trillion in life insurance in force - a threat surface that demands persistent security architecture at scale. Founded in 1907 and now serving 14.4 million people across life insurance, annuities, and retirement planning products, the company manages sensitive policyholder data, actuarial models, and financial transaction systems that span decades of legacy infrastructure alongside modern platforms. The security challenge here is classic financial services: protecting PII and financial records under strict regulatory frameworks while maintaining operational continuity across systems that can't afford downtime. The company's tech stack includes Microsoft Dynamics, Excel, and PowerPoint - signals of a Microsoft-centric enterprise environment likely running Azure services, Active Directory domains, and Office 365 tenancies. For security practitioners, this means familiarity with Microsoft's security tooling (Defender, Sentinel, Entra ID), identity and access management at enterprise scale, and hardening configurations across a sprawling Microsoft ecosystem. The threat model centers on ransomware targeting financial data, insider risk from employees handling sensitive customer information, and compliance requirements spanning state insurance regulations and federal financial privacy laws. With 1,001-5,000 employees distributed across a national footprint that originated in Birmingham, Alabama, Protective represents the security challenges of a legacy financial institution modernizing under pressure. The organization has grown through strategic acquisitions - a pattern that typically introduces integration challenges, shadow IT, and inconsistent security postures across business units. Security teams here likely focus on data loss prevention, secure legacy system integration, phishing-resistant authentication, and third-party vendor risk management across the insurance value chain.

Nexperia manufactures discrete semiconductors, logic devices, and MOSFETs at industrial scale - the unglamorous components that gate power, route signals, and switch loads in practically every automotive system, industrial controller, and consumer device on the market. The Netherlands-based company runs vertically integrated fabs across Europe, Asia, and the Americas, shipping high-volume production optimized for cost and repeatability rather than cutting-edge process nodes. Spun out from NXP in 2017, it inherited decades of Philips semiconductor lineage and now operates with over 15,000 employees focused on keeping automotive and industrial supply chains moving. The security surface is exactly what you'd expect from a semiconductor manufacturer with global operations: SAP and Workday handle ERP and HR, SailPoint manages identity governance, and CyberArk secures privileged access across production and corporate networks. The threat model spans OT environments in fab facilities, supply chain integrity for automotive Tier 1s, and IP protection for wide bandgap devices like GaN FETs and SiC MOSFETs - technology that's increasingly strategic as electrification accelerates. Nexperia's scale means the attack surface includes both legacy infrastructure from its NXP days and newer tooling deployed post-independence. If you're evaluating risk in hardware supply chains or locking down manufacturing IT/OT convergence, this is the environment: high-volume production where downtime costs spike fast, regulatory scrutiny from automotive customers running ISO 26262 and ASPICE, and geopolitical attention on semiconductor capacity. The work isn't flashy, but the dependencies are real - compromise here ripples through automotive braking systems, industrial motor drives, and mobile charging circuits at volume.