Adnan Beciri

Lead Cyber Security Engineer · IT / OT / ICS

I work where cybersecurity meets real‑world systems: industrial control platforms, embedded products, and large engineering organizations. My focus is practical security — building things that actually survive audits, production environments, and long life‑cycles.

Email LinkedIn

Who I Am

I’m a Lead Cyber Security Engineer with a strong bias toward hands‑on work. Most of my time is spent deep inside product architectures, SDLC processes, and technical discussions with developers, testers, and architects — not just writing policies.

My core domain is industrial and product security (ICS / OT), where availability, safety, and long‑term maintainability matter just as much as classic IT security controls. I help teams design, test, and ship secure products that comply with standards like IEC 62443‑4‑1 / 4‑2, ISASecure, and upcoming EU regulations such as the Cyber Resilience Act.

How I Work

  • Context before controls. I start by understanding how the system is built, operated, and maintained — especially in production environments.
  • Security that engineers can live with. If a control can’t be explained, automated, or scaled, it won’t survive.
  • Evidence matters. I focus on producing clear, auditable cybersecurity evidence that stands up in real certifications and assessments.
  • Shift left, but verify. Secure design early, test continuously, and validate assumptions late.

What I Actually Do

  • Threat modeling and attack surface analysis at system, component, and feature level
  • Defining and improving security testing strategies (SAST, SCA, DAST, fuzzing, protocol testing)
  • Supporting product teams through security assessments, audits, and certifications
  • Building security guidelines, templates, and tooling that engineers actually use
  • Mentoring engineers and growing security capability inside large organizations

What I Care About

I care about security that works in reality — not just on slides. Especially in OT and embedded environments, bad security decisions live for decades. Getting it right early saves operators, engineers, and customers enormous pain later.

I’m also interested in how modern security practices (automation, DevSecOps, SBOMs, continuous testing) can be adapted to legacy platforms and safety‑critical systems without breaking everything.

Beyond the Job Title

Outside of day‑to‑day work, I build side projects, experiment with full‑stack systems, and explore how cybersecurity concepts apply to areas like healthcare platforms and critical infrastructure. I also enjoy breaking things apart — cars, electronics, software — to understand how they really work.