STAFIDE

ST Engineering is a global technology, defence, and engineering group with roots dating back to 1967, employing more than 27,000 people - including over 19,000 engineers and technical specialists - across Asia, Europe, the Middle East, and the United States. Under CEO Vincent Chong, the company operates across aerospace MRO and lifecycle management, defence systems, smart city technologies, public security, and digital transformation services, serving government and enterprise customers in more than 100 countries. The company's cybersecurity practice sits within a broader digital technology portfolio that spans artificial intelligence, advanced data analytics, critical infrastructure protection, and public security solutions. The threat model centers on defending smart city ecosystems, utilities infrastructure, and government networks - domains where availability and integrity failures have physical-world consequences. Technical work includes deploying CyberArk for privileged access management, Active Directory hardening, and building secure REST APIs and microservices architectures using Docker and Kubernetes orchestration. The engineering stack reflects hybrid cloud and embedded systems requirements: backend services run on Python, Java, Spring Boot, C#, and .NET; messaging layers use RabbitMQ and Kafka with Redis for caching; DevOps tooling includes Docker, Kubernetes, and PowerShell automation across Linux and Windows environments. Lower-level work involves C, C++, Go, and Rust for performance-critical components, with ROS, ARM, DSP, and FPGA development for robotics and embedded defense applications. Machine learning capabilities support analytics pipelines across surveillance, anomaly detection, and predictive maintenance use cases in aerospace and infrastructure monitoring. ST Engineering positions its cybersecurity function as integral to smart city deployments and critical infrastructure modernization - sectors where attack surfaces expand as operational technology converges with IP networks. The scale of operations and government customer base means security engineering here involves compliance frameworks, supply chain integrity, and designing for environments where downtime isn't just expensive but potentially catastrophic.

Drees & Sommer exists to create a future worth living by transforming how the built environment is designed, constructed, and operated. The construction and real estate industries account for nearly 40% of global carbon emissions, yet traditional approaches remain fragmented, inefficient, and unsustainable. Drees & Sommer tackles this challenge head-on by providing integrated consulting and implementation services that unite vision with reality - delivering projects that are economically viable, ecologically responsible, and digitally enabled. Since 1970, the company has grown from a small Stuttgart engineering office into a global partner-managed consultancy with 6,500 professionals across 70+ cities. Their interdisciplinary teams work on 6,872+ projects worldwide, uniting apparent opposites: tradition and innovation, economy and ecology, analog and digital, efficiency and well-being. As a sustainability pioneer and digitalization driver, Drees & Sommer doesn't just advise clients - they implement solutions that measurably reduce environmental impact while creating lasting value. From carbon-neutral buildings to resilient infrastructure and future-proof industrial facilities, they're proving that sustainable development isn't just necessary - it's the foundation of competitive advantage in a changing world.

At Sanofi, we are an R&D-driven, AI-powered biopharmaceutical company united by one purpose: we chase the miracles of science to improve people's lives. Our global team of over 100,000 Sanofians spans more than 70 countries, working together to turn the impossible into the possible for patients and communities worldwide. We believe in going further, faster for patients - leveraging breakthrough science, deep immune system expertise, and cutting-edge AI across our R&D value chain to develop transformative medicines and vaccines. Our culture is built on collaboration, curiosity, and a relentless pursuit of scientific progress. From our laboratories to our field teams, Sanofians are connected by a mindset to win and the energy to never settle. We operate across five core therapeutic areas - immunology, neurology, oncology, rare diseases, and vaccines - with 80 compounds in clinical development and 28 in phase 3 trials. We are people from different backgrounds, united by purpose, committed to creating compelling growth while doing the right thing for patients, the planet, and our employees. Whether we're turning off lights in one time zone or powering up in another, we're all chasing the same dream: better health outcomes for millions of people around the world.

Grifols is a global healthcare company founded in Barcelona in 1909 committed to improving the health and well-being of people around the world. The company develops, produces and provides innovative healthcare services and solutions in more than 110 countries. A pioneer in the plasma industry, Grifols develops innovative plasma-derived medicines and other biopharmaceutical solutions that treat patients with chronic, rare and, at times, life-threatening conditions. With a workforce of over 23,000 employees in more than 30 countries and regions, Grifols operates the largest network of plasma donation centers globally, spanning North America, Europe, Africa, the Middle East, and China. The company focuses on treating conditions across immunology, infectious diseases, pulmonology, critical care, hepatology, hematology, and neurology. As a recognized leader in transfusion medicine, Grifols offers a comprehensive portfolio of solutions designed to enhance safety from donation to transfusion, clinical diagnostic technologies, and biological supplies for life-science research and pharmaceutical manufacturing.

Stambaugh Ness operates at the intersection of compliance, tax strategy, and technology advisory for a sector with specific attack surfaces: architecture, engineering, and construction firms running project-based operations on Deltek ERP systems. Since 1918, the firm has specialized exclusively in AEC, which means their cybersecurity advisory practice isn't generic - it's built around the operational realities of distributed project teams, client data governance requirements, and the compliance frameworks that govern construction and engineering contracts. The technology stack centers on Deltek Ajera, Vantagepoint, and Vision - ERP platforms common in AEC that handle everything from project accounting to resource management. The firm also works within Microsoft Azure and Microsoft 365 environments, with Egnyte for file sharing and Teams for collaboration. The threat model here involves protecting project data across multiple stakeholders, securing financial systems tied to contract milestones, and maintaining compliance posture for clients subject to federal and state regulations. Stambaugh Ness is a remote-first organization hiring nationally, which means their security operations must account for a distributed workforce serving an equally distributed client base. Team members bring firsthand AEC experience, which translates to understanding how construction deadlines, bid processes, and multi-party project structures create operational constraints that security controls must accommodate rather than obstruct.

Infranode manages infrastructure capital from Nordic pension funds with a 25-year investment horizon - a timeline that reshapes the threat model. The firm operates across energy, transport, digital, and social infrastructure in Sweden, Norway, Finland, and Denmark, with offices in Stockholm, Oslo, Helsinki, and Copenhagen. When you're deploying institutional capital into decades-long physical and digital assets, security isn't a quarterly sprint; it's architectural. Digital infrastructure holdings mean exposure to operational technology, grid interconnects, and the expanding attack surface where legacy industrial systems meet modern networks. The stated Net Zero commitment by 2040 adds another layer: energy transition projects involve smart grid components, IoT-heavy monitoring systems, and supply chain dependencies that didn't exist in the previous generation of infrastructure. The firm partners with public and private entities, which means navigating compliance across multiple regulatory frameworks - Sweden's NIS2 implementation, Norway's critical infrastructure directives, and Denmark's sector-specific requirements. Security engineering here requires fluency in both enterprise IT and the industrial control systems that keep physical infrastructure operational. Infrastructure investment at this scale demands risk modeling that accounts for nation-state actors, ransomware targeting operational continuity, and the physical-digital boundary where a compromised SCADA system becomes a geopolitical incident. The tech stack mentions Excel and PowerPoint, which is standard for financial modeling but suggests cybersecurity tooling and security operations mature separately from those core workflows. The real technical challenge sits in protecting portfolio companies' operational environments and ensuring security due diligence scales across sectors that move at fundamentally different speeds.