Platform Engineering Security Strategies, Challenges, and Lessons Learned Bruno Amaro Almeida VP, IT Operations March 2025 Photo by taopaodao on Unsplash

Hello! Bruno Amaro Almeida VP, IT Operations Fortum brunoamaro.com

We are one of the cleanest power generators in Europe with strong Nordic focus 3

IT STRATEGIC PRIORITIES Customer Centric Cost Efficient Secure and Reliable

IT vs IT credit: Spy vs Spy comic

6

“A digital platform is a foundation of selfservice APIs, tools, services, knowledge and support which are arranged as a compelling internal product.” Evan Bottcher https://martinfowler.com/articles/talk-about-platforms.html

⃗ manual. ticket. ⃗ automated. days. ⃗ self-service. minutes. Photo by CardMapr.nl on Unsplash

Core IT Digital Development App B App C App A IT Service Managers Service X Product X Experiment X AI & Data Team SWD Team I&V Team

Core IT Digital Development App B App C App A IT Service Managers Managed Services Provider (MSP) Platform / DevSecOps / DEX Team Service X Product X Experiment X AI & Data Team SWD Team I&V Team

Core IT Digital Development App B App C App A IT Service Managers Platform Engineering Service X Product X Experiment X AI & Data Team SWD Team I&V Team

#1 // What Platform Engineering Capabilities? Platform Service Management 12 Platform Engineering (Datacenters, Cloud and DevEx) M365 & IAM Includes application areas such as: onpremises,cloud management (AWS, Azure, ..) and DevOps Tooling Includes areas such as: Authentication & access, Exchange, E ntra ID, PKI, PAM, IGA Includes areas such as: SSE / Zero Trust, Remote Access, IT and OT connectivity, .. Target Customers / Audience: Fortum Developers and Service Managers Target Customers / Audience: Fortum Developers and Service Managers Target Customers / Audience: Fortum Developers and Service Managers Network Cyber Security Platforms Includes areas such as: IT SOC Data Platform, OT SOC Platform, SOC Tooling Target Customers / Audience: SOC Analysts, IT and OT Cyber Security Specialists Data Platforms Includes areas such as: Customer Data Platforms, Asset Data Platforms, Integrations, … Target Customers / Audience: Fortum Developers and Service Managers

#2 // How Should the Holistic Delivery Model Work? 13

#3 // How Platform Engineering Changed How We Think About Cyber Security (and vice-versa) Core IT Applications and Services Digital Development Cyber Strategy and Governance Compliance Cyber Risk Cyber Culture Awareness … IT Service Desk Application Management Security Operations Center Platform Operations Center Cyber Security Platforms Platform Engineering (Datacenters, Cloud and DevEx) 14 Data Platforms M365 & IAM Network

Personas x User Centric Operating Model 15 Service Offering x Service Delivery Model Workflow and Process x Automation

Personas x User Centric Operating Model Service Offering x Service Delivery Model Workflow and Process x Automation o Iterate over the relation and working model across different Cyber Security responsabilities areas: Cyber Governance x Security Engineering x Operative Security Operations o Establish dedicated Cyber Security Platforms (e.g. SOC Data Platforms) o Ensure security mindset is part of all Platform Engineering teams o Smaller, gradual and purposeful changes based on organization maturity at that time

Questions & Answers Bruno Amaro Almeida VP, IT Operations brunoamaro.com