Marcel Rick-Cen is an automation engineer turned OT security nerd with over two decades of hands-on experience, from global service engineering roles to research about tamper detection at the German Bureau of Information Security. With a background in electrical engineering and a master's focused on automation technology, he now leverages his expertise as an OT/IIoT consultant, helping organizations fortify their operational technology environments.

Projects

CVE-2025-41688

Discovery of sandbox bypass in LUA interpreter in an OT remote access gateway. Due to improper isolation a remote attacker can execute arbitrary OS commands as root using an undocumented method allowing bypassing the implemented LUA sandbox.
 

Industrial Pentesting Training Platform

A training environment was developed to simulate real industrial networks with virtual PLCs and protocols like, S7Comm, Modbus and MQTT. Participants use standard tools in realistic scenarios for hands-on cybersecurity training and skill development.

CVE-2024-57790

Hardcoded root credentials were discovered in a specific firmware memory region using hardware tools costing less than $30. The vulnerability allowed full root access via physical extraction and led to CVE-2024-57790. Findings highlighted hardware-level risks in OT environments.

OT Security Training

An in-person training program introduced the workforce of a local security service Provider to OT fundamentals and security principles. The focus was on aligning physical and cyber efforts to better protect industrial customers through joint operational strategies.

Lab for Research and Training

An in-house lab was established to test attacks and explore vulnerabilities in a safe environment using industrial hardware. The setup supports research, training development, and hands-on experimentation with common industrial devices.

Tamper Detection for PLCs

A tamper detection system was implemented using native PLC code and libraries. It monitored the PLC's "heartbeat", detected deviations, and generated fingerprints to detect unauthorized changes without external tools or hardware.

Designing Automation Systems from Electrical Planning to PLC Code

End-to-end automation system design included electrical drawings, panel layouts, and PLC development. Emphasis was placed on legal safety requirements and integrating cybersecurity best practices despite limited project budgets.

Secure Remote Access Architecture for Industrial Environments

A secure remote access environment was designed using a combined tech stack of VPN, access control, segmented network design, and firewall rules to safely enable third-party access to OT systems without compromising security.

Cybersecurity Assessment for a Manufacturing Facility

An evaluation was conducted to assess cybersecurity controls across production systems. The review covered network design, system hardening, and physical access, resulting in a practical improvement roadmap for factory operations.

Top 20 Secure Coding Practices for PLCs

Secure coding practices were contributed, developed from academic research and implemented using native PLC tools and objects. All practices avoided external dependencies to ensure compatibility with standard industrial environments.

Cybersecurity Assessment of Emerging IIoT Infrastructure

An IIoT architecture was reviewed and designed for secure integration parallel to OT systems. Recommendations included enforcing outbound-only traffic and strict segmentation to prevent interaction with critical control processes.

CV

From Oct. 2022

OT SECURITY CONSULTANT (IN-HOUSE)

Responsible for leading global OT security projects, including managing an in-house remote access solution and performing factory security assessments. Coordinates red team exercises and develops hands-on OT training materials, integrating cybersecurity best practices across industrial environments, from factory floors to remote access systems.

May 2020 - Sep. 2022

AUTOMATION ENGINEER

Focused on the design of electrical layouts, component selection, and PLC programming using high-level, object-oriented code. Ensured that cybersecurity best practices were incorporated into all phases of automation system design, commissioning, and troubleshooting, strengthening OT security in operational technology environments.

Sep. 2018 - Feb. 2020

MASTER STUDENT AND AUTOMATION ENGINEER IN PART TIME

Thesis project centered on developing a PLC-native tamper detection system for cyber-physical processes. Gained practical experience in control software programming and commissioning while applying cybersecurity best practices, bridging academic theory with real-world OT security solutions.

Jan. 2015 - Aug. 2018

SERVICE ENGINEER

Specialized in commissioning and troubleshooting high-performance automation systems worldwide, covering software, electrical, and mechanical aspects. Led training sessions and support for operators with a focus on OT security, including a key role in the Asia-Pacific region from 2016 to 2018, addressing diverse cultural environments.

© 2025 FOXGRID Industrial

Update cookies preferences Update cookies preferences