O. A Oyewumi

Engaged s Security Architect and Product Owner delivering a next-generation smart metering platform as part of the client’s AMI modernization program, replacing legacy systems with Honeywell AC-250 NXS technology.

The platform supported approximately 700,000 residential smart meters and 2,550 telemetry master data collectors distributed across 12 stations in multiple U.S. states. These collectors aggregated meter consumption and device health telemetry, securely forwarding data to the IoT cloud and centralized data centers for analytics, billing, and operational monitoring.

Scope and Responsibilities

• Refined and implemented the secure architecture(Purdue Model) for large-scale AMI and OT environments, ensuring availability, integrity, and safety of the gas metering and telemetry systems.
• Led the design and implementation of OT security monitoring and detection capabilities using the Dragos OT Cybersecurity Platform across the AMI landscape.
• Utilized Dragos asset discovery and fingerprinting to gain continuous visibility into smart meters, data collectors, field gateways, and OT communication paths.
• Leveraged ICS-native detection and behavioral analytics in Dragos to identify anomalous telemetry patterns, unauthorized command activity, and potential lateral movement between AMI components.
• Integrated Dragos threat intelligence to enrich detections with OT-specific adversary context, enabling risk-based prioritization of incidents affecting metering and telemetry systems.
• Conducted threat hunting and forensic investigations using Dragos timelines and packet-level visibility to reconstruct attack paths from initial access through collector and cloud interaction.
• Defined and operationalized incident response playbooks tailored to AMI and OT safety requirements, ensuring deterministic rollback and protection of service availability.
• Implemented secure IT/OT segmentation and monitoring of north-south and east-west traffic between field devices, collectors, DMZs, cloud services, and data centers.
• Worked closely with engineering, operations, and vendors to embed security-by-design controls throughout the AMI modernization lifecycle.

Outcome
Deliivery of a resilient, OT-aware and security-by-design AMI platform, significantly improving visibility, detection, and response capabilities through the Dragos OT Platform while ensuring safe, reliable, and scalable smart metering operations.

•Supported the rollout of a new Manufacturing Execution System (MES) in the industrial complex as part of

digital transformation.

• Unified data flows from various OT and IoT devices like PLCs, SCADA systems, and factory sensors using OPC

UA as the communication standard.

• Led the integration of EMQX 5.0 to convert raw OT data into AI-driven insights for predictive decision-making.

• Delivered clear improvements in manufacturing efficiency through better data analytics.

• Implemented IoT/ICS asset inventory and baseline using OTbase for improved asset visibility.

• Used the ITIL framework to organize service delivery by integrating OTbase with ServiceNow.

• Mapped current identity controls to meet NIS2 rules across cloud and on-site systems.

• Tested aligning human and non-human identities (NHIs) to improve NIS2 governance and compliance.

• Ran a pilot for Identity Threat Detection and Response (ITDR) using Silverfort.

• Improved threat detection response times by 20%, reducing identity-related security risks in OT environments.

• Enhanced security architecture frameworks tailored for operational technology and industrial control systems

• Performed assessments during treatment to determine progress according to goals.

• Implemented IoT/ICS landscape inventarization and baseline using OTbase.

• Integrated OTbase with ServiceNow leveraging ITIL for structured service delivery.

• Mapped identity controls to NIS2 requirements and piloted alignment of human and non-human identities for

improved governance.

• Piloted Identity Threat Detection and Response (ITDR) capabilities with Silverfort, enhancing threat detection

response times by 20% and to remediate finding from NIS2 complaince and to mitigate threats against GE

Proficy Historian Server.

• Developed OTSPM program with KPI roadmaps (OEE, MTBF, MTTF, MTTR)

• Deployed Dragos OT Cybersecurity Platform for continuous non-disruptive monitoring and threat hunting.

• Conducted tabletop threat modeling exercises to align technical and operational teams.

• Performed compliance assessments based on CENELEC norms (EN 50126/28/29).

• Implemented OPC UA for real-time data connectivity from factory floors ( PLCs, IIoT devices) for predictive

maintenance and ingestion by Digital twins

• Customized standard plans to meet individual abilities and needs.

• Implemented OT/IOT security solution blueprint using Fortinet IOT Security Fabric for a client with assets at 40 laboratories in Germany, resulting in improvement in security posture and reducing cyber threats across.
• Improved technical capability to unify data flows from diverse OT and IoT assets, including PLCs, SCADA systems, and factory sensors via OPC UA (Unified Architecture) as the standard communication layer.
• Additionally, I led the integration of EMQX 5.0 to convert raw OT data into AI-driven, actionable insights-enabling predictive decision-making.
• Guided clients in deploying Fortinet SASE solutions, achieving Zero Trust Security in IT and OT environments,

which led to a reduction in unauthorized access and

improved overall network security.

• Collaborated with client CISO to track the success of SASE(ZTNA), and vulnerability management implementations, resulting in a reduction in security vulnerabilities and an increase in overall compliance metrics.

• Engaged as an OT Security Owner and Lead Engineer to implement security for the new global Azure deployed IOMT Product Digital Maintenance Infrastructure for OT Lab equipment at more than 60 Tertiary Hospitals globally.
• Led OT/IOT asset discovery and CMDB migration using Claroty, and strengthened IOMT network resilience by securing IT/OT convergence, service account access, and identity management through Silverfort and Azure AD integration.
• Implemented agentless, proxy-less protection for HMIs and specialized workstations, enforced FIDO2 MFA for critical Purdue zones, and applied virtual fencing to safeguard sensitive diagnostic data.
• Enhanced platform security using Azure IoT solutions, optimized real-time data processing with Azure Stream Analytics, and deployed Zero Touch Provisioning via Azure IoT Hub DPS to streamline device onboarding.
• Monitored and improved compliance and security performance using O365 Secure Score and Compliance Manager, reducing vulnerabilities and ensuring regulatory alignment.

Provided internal MFA consultancy and led a team of 15 global engineers in a global MFA migration program for crown jewels.
Also engineered CA API Gateway integrations with OAuth 2.0 secure token services, and managed the migration of the existing DLP environment from 1K key size to 2K using Microsoft Rights Management Services . Also implemented key migration using Gemalto/Thales HSM for teh DLP solution. Implemented ACS SCOM monitoring with custom rules and packages for DLP servers, and deployed an audit database in Azure PostgreSQL to track Right Management Service events, enhancing visibility, compliance, and governance across the enterprise.

At ABB, I led several key cybersecurity initiatives to enhance data protection and threat detection. This included :

• Implementing Office 365 Data Loss Prevention (DLP) using Azure AIP and deploying a VIP Mobile DLP solution for enhanced data security.
• Implementation of SIEM monitoring for OT critical assets using IBM Qradar and Snare Agents, ensuring real-time threat detection.
• Implemented hardening of OT Historian Servers
• Implementation of endpoint security protection with IBM Trusteer
• Implementation of Defense-in-Depth pilot utilizing Fireeye NX and HX.
• Integration of Microsoft ACS SCOM to propagate event data into Qradar.

Architected and implemented a secure SCADA/EMS security architecture aligned with IEC 62351, NIST, and COBIT. Delivered IT/OT visibility, system hardening, privileged access controls, whitelisting, APT mitigation, and SOC operating model design, improving regulatory compliance, change management maturity, and operational resilience of electric grid control systems. Other outcomes are :

• Hardening of the infrastructure servers, Historians and directory servers.
• Leverage Tenable OT to inventarize assets and provide OT footprint visibility.

Worked as Senior Security Architect in CA professional services delivering end-to-end security transformation programs across banking, insurance, energy, aviation, automotive, and logistics clients. Owned full project life-cycle from assessment and presales(RFI/RFP) through architecture, implementation, and operational handover. Delivered IAM architecture design and solution to several clients in diverse industrial sectors. As part of my role I had management responsibility for 2 consultants in DACH . Also involved in training clients on CA technology products.