Wood operates a global engineering and consulting infrastructure spanning 400+ offices across 60 countries, managing industrial asset lifecycles from design through decommissioning. The attack surface is substantial: operational technology systems at client sites across oil and gas, renewables, hydrogen, carbon capture, power generation, chemicals, life sciences, and minerals operations. The threat model includes supply chain compromise through consulting relationships, potential lateral movement between client environments, and the intersection of IT/OT security where advisory work meets physical infrastructure control systems.
The firm's integrated lifecycle approach means security teams must operate across multiple trust boundaries - client networks, partner ecosystems, and internal systems supporting engineering workflows. Project delivery capabilities span traditional energy infrastructure and emerging technologies like hydrogen facilities and carbon capture installations, each with distinct security requirements and regulatory frameworks. With operations in chemicals, life sciences, and critical infrastructure sectors, the security organization navigates diverse compliance regimes from NERC CIP to FDA regulations.
Wood's positioning at the intersection of legacy industrial systems and energy transition technologies creates specific technical challenges: securing engineering tools and CAD systems, protecting proprietary project data across distributed teams, and maintaining security posture during technology migrations from conventional energy to renewables infrastructure. The 10,000+ employee base distributed globally requires identity and access management at scale, with role-based controls spanning consulting advisors, field engineers, and operations specialists accessing sensitive client environments.
