Meet Wolfgang Korosec – helping secure critical infrastructure in a connected world
As societies become increasingly dependent on connected systems, cybersecurity is no longer only about protecting data and devices. It is also about securing the infrastructure that powers everyday life.With a background in mechanical engineering, business administration, IT, and cybersecurity, Wolfgang Korosec, has spent much of his career working with complex operational environments. Today, he focuses on the security of operational technology (OT) systems and critical infrastructure.In this conversation, Wolfgang shares his path into cybersecurity, the growing importance of OT security, and why curiosity and collaboration continue to drive him forward.
From engineering to cybersecurity
Wolfgang originally studied mechanical engineering and business administration, beginning his career in computer-aided design and manufacturing before gradually moving into IT and cybersecurity.
During his time at ETH Zurich (Swiss Federal Institute of Technology) around 20 years ago, cybersecurity was already becoming an important topic.“We had students who were eager to experiment and professors who were very creative,” he says. “But the real threat came from cybercriminals, because a large university is naturally an attractive target.”That experience sparked an interest that continued to grow throughout his career.
The growing importance of OT security
After moving into the energy sector and working in CIO and CISO roles, Wolfgang saw firsthand how digitalisation was transforming critical infrastructure.Modern energy systems increasingly rely on distributed IT and OT environments to support renewable energy, electric vehicles, battery storage, and other technologies shaping the future of energy.“With increased complexity also comes increased vulnerability,” Wolfgang explains. “Power plants, utility companies, water supply systems, wastewater treatment plants, and district heating systems all depend on secure and reliable OT systems.”He notes that cyber threats today come from both criminal groups and nation-state actors, and that the distinction between the two is sometimes becoming less clear.
“Cybersecurity is not just a job – it’s a mission. Choose an area that matches your interests and strengths. Get hands-on experience, combine practice with theory, build a strong network, and continue developing your soft skills along the way.
No one succeeds alone in this field. Cybersecurity is, and always will be, a team sport.”
A role focused on practical challenges
Today, Wolfgang works on several projects related to OT operations and security. His typical day involves client meetings, discussions with colleagues, and developing reports and recommendations. What he enjoys most is the combination of strategic and technical perspectives.“OT security is still a relatively new topic in many organisations,” he says. “You need to explain the risks and priorities to senior management, while also discussing highly technical details with specialists.”That combination was one of the reasons he decided to join the MSF team.
Learning from real-world incidents
One experience that stayed with Wolfgang happened during a hackathon, when a newly deployed server was compromised.“The attackers operated from a war zone and used a temporary vulnerability to install a Monero cryptominer,” he explains.Fortunately, no serious damage occurred, but the incident was a useful reminder of how quickly attacks can happen and how broadly attackers scan for opportunities.“It demonstrated that anyone can become a target.”
Collaboration matters
One of the biggest challenges in cybersecurity, according to Wolfgang, is understanding customers’ needs without overlooking hidden risks or unintended consequences.That is why collaboration is so important.“Discussions with experienced colleagues within MSF and across Allurity are extremely valuable,” he says.To stay updated, Wolfgang regularly follows specialised news sources, cybersecurity blogs, vendor roadmaps, and maintains contact with organisations such as the Swiss National Cyber Security Centre (NCSC) and SWITCH CERT.He also continues to invest in education and recently attended Stanford University’s seminar on “Cybersecurity and Executive Strategy.”
The threats shaping today’s landscape
Wolfgang points to several areas that are becoming increasingly important in cybersecurity:
- Supply chain attacks
- Expanding OT and IoT attack surfaces
- Ransomware and ransomware-as-a-service
- AI-driven attacks and social engineering
- Cloud security misconfigurations
As more systems become connected, he believes organisations need to think about cybersecurity in a broader and more integrated way.
Beyond cybersecurity
Outside work, Wolfgang prefers to disconnect by spending time with family and friends, cooking, exercising, and trying to avoid working weekends.And if he had not chosen cybersecurity?“Probably something in the energy sector,” he says. “Large-scale energy storage and nuclear fusion are especially interesting areas right now.”