OT/ICS · NIS2 · SUPPLY CHAIN ASSURANCE
GIPPO PARTNERS

Your Supply Chain
Is Your Attack
Surface.

OT/ICS Architecture · NIS2 Governance · TPRM
OT/ICS ARCHITECTURE NIS2 COMPLIANCE SUPPLY CHAIN ASSURANCE SOC ENGINEERING UK-BASED GSEC CERTIFIED

We secure OT/ICS environments and validate NIS2 compliance across your vendor estate — before adversaries map it for you. Engineered by former industrial practitioners, delivered through rigorous architectural governance.

VIEW SERVICES SEE THE PLATFORM →
Architecture
Network Schema
Control
Industrial Control
Resilience
System Resilience
Assurance
Supply Chain Assurance
01 — LEADERSHIP & GOVERNANCE

The team behind
the architecture.

Gippo Partners was founded on a simple conviction: effective OT security requires practitioners who have operated the systems they protect. Our principals bring complementary disciplines — industrial engineering and operational governance — that large consultancies cannot replicate with generalist teams.

We deliver intelligence-led security architecture across UK manufacturing and critical national infrastructure. Our engagements span OT/ICS assessment, NIS2 compliance programmes, and continuous third-party risk monitoring — all governed by a structured methodology, not ad-hoc consultancy.

"Most consultancies have never stood next to a running CNC machine. We have — and we know what 'downtime' actually costs a manufacturing operation."

Our Associate Bench extends delivery capacity across specialist OT and enterprise security disciplines, enabling scalable engagements without compromising on technical depth or principal oversight.

ICS
HANDS-ON OT/ICS BACKGROUND
NIS2
EU 2022/2555 · APPLIED IN ROLE
TPRM
SUPPLY CHAIN RISK INTELLIGENCE
UK
BASED · REMOTE & ON-SITE
🏗️
Oleg Gumeniuc — Principal Architect
A decade of industrial operations spanning CNC programming and precision engineering — followed by enterprise security leadership in detection, response, and OT/ICS architecture. Oleg has led OT visibility PoVs, designed sensor placement strategies for live manufacturing environments, and built NIS2 compliance programmes from the ground up. He bridges the physical consequence of a compromised PLC and the enterprise security architecture required to prevent it.
GSEC · MANAGEMENT LEVEL 3 · IEC 62443
⚙️
Head of Operations & Principal PM
Our Head of Operations brings a background in organisational psychology and project governance, ensuring every engagement is delivered on time, within scope, and with measurable outcomes. She manages vendor relationships, SLA accountability, and coordinates our Associate Bench — including specialist engineers across UK and Eastern European markets. Where the Principal Architect designs the solution, she ensures it lands.
OPERATIONS · VENDOR MANAGEMENT · SLA GOVERNANCE
📋
Governance & Compliance Framework
Every Gippo Partners engagement is underpinned by structured methodology: IEC 62443 security levels, NIS2 Art.21/23 controls mapping, and MITRE ATT&CK for ICS threat modelling. We deliver audit-ready documentation, not advisory decks.
IEC 62443 · NIS2 · MITRE ICS
🎓
Certifications & Professional Standing
GSEC (active) · CySA+ (in progress) · GICSP & IEC 62443 practitioner (roadmap). Pursuing CIISec MIISec membership and UK Cyber Security Council registration — establishing formal professional standing in the UK cyber community.
GSEC ACTIVE · CIISEC APPLYING
02 — WHAT WE DO

Services.

PRIORITY
01
OT/ICS Security Assessment
Full-scope security review of operational technology environments. Network architecture, segmentation analysis, protocol exposure, asset inventory — delivered by practitioners who have operated these systems.
  • Purdue model gap analysis
  • OT network segmentation design
  • Protocol exposure assessment
  • OT visibility platform PoV support
  • Remediation roadmap
NIS2
02
NIS2 Outside-In Assessment
Zero-touch presales intelligence. We show prospective clients what attackers already know about their perimeter — before any engagement begins. No client access required.
  • Shodan attack surface mapping
  • Subdomain & shadow IT discovery
  • CVE exposure on perimeter
  • NIS2 Art.21 / Art.23 scoring
  • Executive PDF report
RETAINER
02a
Supply Chain Assurance (TPRM)
Your organisation cannot audit 100 suppliers manually. Our continuous intelligence framework scores the NIS2 perimeter posture of your entire vendor estate — quarterly, automatically, board-ready.
  • Vendor estate OSINT scoring
  • NIS2 Art.21 supply chain mapping
  • Third-party CVE & exposure alerts
  • Quarterly Intelligence Briefing
  • Board-level risk register output
03
Smart Buildings & BMS Security
Building Management Systems are increasingly connected and increasingly targeted. BACnet, Modbus, KNX — I assess and secure the IT/OT convergence layer in modern facilities.
  • BMS network exposure review
  • BACnet / KNX / Modbus audit
  • HVAC & physical access control
  • IT/OT boundary segmentation
  • NIS2 Essential Entity scoping
04
SOC Capability Review
Is your SOC actually detecting OT threats? We review detection coverage, SIEM rules, and alert quality specifically for industrial environments.
  • SIEM use case review (OT focus)
  • AI-powered NDR / XDR coverage gap
  • OT-specific alert logic
  • MITRE ATT&CK for ICS mapping
  • Detection engineering
05
NIS2 Compliance Programme
End-to-end NIS2 gap analysis and evidence building for Essential and Important Entities. Art.20, Art.21, Art.23, Art.32 — structured and audit-ready.
  • Scope & classification advice
  • Art.21 controls mapping
  • TTN / incident reporting process
  • Vendor & supply chain audit
  • Board-level reporting pack
06
Virtual CISO / Advisory
Fractional security leadership for manufacturers and infrastructure operators who need senior cyber expertise without the full-time headcount. We act as your embedded strategic function.
  • Strategic security roadmap
  • Board & C-suite briefings
  • Vendor selection support
  • Incident response planning
  • Security awareness programme
03 — FIELD EVIDENCE

Work that speaks
for itself.

The following assessments were conducted using public OSINT sources only — no client authorisation required. Each represents a real organisation with real exposure, presented here in anonymised form. These are representative samples from our continuous intelligence programme.

MANUFACTURING · OT
Global bearing manufacturer · 50k+ employees
61%
NIS2 SCORE
161 CVEs on Public Perimeter
Outside-in OSINT scan revealed significant attack surface across global manufacturing infrastructure — OT-adjacent systems and unmanaged subdomains.
CVEs DETECTED 161
SUBDOMAINS FOUND 327
EXPIRED CERTS 149
ART.21E SCORE 60%
→ Art.21d shadow IT · Art.21e patch gap · Art.21f CVE backlog identified
MANUFACTURING · BMS
Precision components manufacturer · UK/EU
73%
NIS2 SCORE
14 Services Exposed Behind CDN
CDN masking created false sense of security. Direct IP enumeration revealed 14 exposed services including OT-adjacent management interfaces.
EXPOSED SERVICES 14
CDN BYPASS YES
ART.21E SCORE 88%
ART.21D SCORE 85%
→ CDN bypass vector documented · management interface exposure remediated
NIS2 · SHADOW IT
Industrial equipment supplier · UK
73%
NIS2 SCORE
Shadow IT & Expired Certificate Chain
Surface-level scan revealed unmanaged subdomain infrastructure and expired certificate chain — classic shadow IT indicating uncontrolled asset growth.
EXPIRED CERTS 1
SHADOW IT DOMAINS 1
ART.21D SCORE 65%
CVEs 0
→ Certificate lifecycle gap · supply chain audit recommended · Art.21d

All assessments conducted using legal public OSINT sources only (Shodan, crt.sh, VirusTotal, BGP/ASN).
No client systems were accessed. Company identities withheld. Data accurate at time of scan.

04 — TOOLS & CREDENTIALS

Technical stack.

SOC PLATFORMS
Enterprise SIEM
AI-Powered NDR
XDR Platform
Email Security Gateway
PowerShell Automation
Log Analysis
OT/ICS TOOLS
OT Visibility Platform (PoV)
OT Detection Platform (PoV)
Shodan Industrial
Nessus / OpenVAS
Wireshark / tcpdump
MITRE ATT&CK for ICS
OSINT & RECON
Shodan API
crt.sh
VirusTotal
BGP / ASN lookup
SecurityTrails
URLScan.io
FRAMEWORKS
NIS2 (EU 2022/2555)
IEC 62443
NIST CSF
MITRE ATT&CK
Purdue Model
ISO/IEC 27001
GSEC · GIAC
CySA+ · IN PROGRESS
CIISec MIISec · APPLYING
IEC 62443 · APPLIED IN ROLE
GICSP PLANNED
UK Cyber Security Council
05 — PROPRIETARY TPRM PLATFORM

Continuous intelligence.
Board-ready reporting.

Gippo Partners utilises a bespoke continuous intelligence framework to map and monitor your external attack surface and third-party vendor risk. We deliver board-ready, NIS2-aligned intelligence — identifying perimeter CVEs, shadow IT, and exposed OT protocols before they impact your manufacturing continuity.

GIPPO TPRM PLATFORM · CONTINUOUS INTELLIGENCE
⚠️
CRITICAL — OT/ICS PROTOCOLS EXPOSED TO PUBLIC INTERNET Modbus TCP :502 · Siemens S7 :102 · 2 hosts · NIS2 Art.21e violation
61%
PARTIAL
161
CVEs ON PERIMETER
327
SUBDOMAINS FOUND
149
EXPIRED CERTS
2
OT PROTOCOLS EXPOSED
DATA SOURCES: SHODAN CRT.SH VIRUSTOTAL BGP/ASN SNUSBASE · SOON SPF/DMARC · SOON
06 — LET'S TALK

Request an
Intelligence Briefing.

We can run a zero-touch outside-in assessment of your domain before your first call — at no cost. You will see exactly what we see, and exactly what adversaries see about your supply chain perimeter.

✉ CONTACT US ↗ LINKEDIN ⬡ REQUEST INTELLIGENCE BRIEFING
UK-BASED · REMOTE & ON-SITE · MANUFACTURING SECTOR FOCUS