Erkan Akköse

OT/IT Network and Security |OT NSE7| NSE7|NNCE| OT Pentest | Product Specialist | Python | Packet Analysis | IEC 62443 | NIST| Linux | Topology Designer | OT security solution Architect | Risk Assessment | GRC Consultant

Ankara, Ankara, Türkiye

About

With a decade of passionate experience in the ICS/OT sector, focusing on R&D, design, and predominantly cyber security, Erkan has demonstrated his ability to serve and consult in the OT industry through his work on critical, high-profile projects. RECENT EXPERIENCE: Erkan has been at the forefront of one of the world's largest OT cyber security projects, leading high-level OT consultancy, asset management, network design, regulatory compliance, and cyber security initiatives across oil and gas, electricity production, distribution, and transmission, as well as chemical factories and facilities. Over the course of four years, he successfully completed this project, which has greatly motivated him to contribute to the development of the OT cyber security industry and establish himself as an indispensable expert in the field. Working both offensively and defensively across all aspects of OT cybersecurity, Erkan continues to meticulously undertake consultancy, regulatory compliance, risk and vulnerability assessments, penetration testing, recovery planning and implementation, product management, OT network architecture creation, specification, design, acceptance testing, installation, and site acceptance/commissioning. His expertise also extends to configuration, creating separation between IT and OT, and other crucial tasks across 16 industries designated as critical infrastructure in the OT sector, including electricity generation and transmission, water and wastewater management, manufacturing, refineries, airports, and oil and gas facilities.

Experience

  • Senior ICS/OT Cyber Security Architect and GRC Consultant at Cyber Security Consulting & Industrial Automation
    Jun 2026 - Present · 2 mos

    Subject Matter Expert (SME) with over a decade of passionate, hands-on experience in R&D, design, and cyber-physical security across IT/OT/IIoT industries. Providing independent, vendor-agnostic technical consulting, advanced risk/vulnerability assessments, GRC compliance, and offensive/defensive cybersecurity solutions for critical infrastructures globally. Fully prepared to deliver site-hardened protection, FAT/SAT deployment, and secure network architectures. Core Consulting Services & Capabilities: • OT Security Architecture: Designing and securing industrial networks across the Purdue Reference Model, implementing strict IT/OT segmentation, and creating robust cyber security monitoring solutions. • Risk & Vulnerability Assessments: Comprehensive technical configuration reviews, physical security reviews, personnel interviews, and advanced OT Penetration Testing using specialized methods. • GRC & Framework Compliance: Aligning industrial control systems with IEC 62443, NIS 1 / NIS 2, NIST SP 800-82, and NERC CIP regulations. • Engineering & Lifecycle Support: Managing end-to-end industrial projects including Specification, Design, Factory Acceptance Testing (FAT), Site Acceptance Testing (SAT), Installation, and Site Commissioning. Subject Matter Expertise & Toolset: • OT Visibility & Security Platforms: Nozomi Networks, Tenable OT, Opshield, OPSWAT, ICSFusion, Claroty, OpsHub GE Digital REST API (OT Dashboard design), SIEM design, Python (socket programming, custom scripts/payloads), YARA & Packet rules. • Protocols & Packet Analysis: Expert level Wireshark packet analysis for industrial communication protocols. Critical Infrastructure Track Record: Successfully delivered high-profile, end-to-end OT security initiatives across hundreds of critical sites designated sectors including Oil & Gas, Refineries, Petrochemical, Power Generation, Substation, Electricity Transmission/Distribution, Mining, Transportation (ITS-NTCIP), Airports, and Manufacturing.

  • ICS/OT Cyber-Physical Security Consultant, Instructor and Turkey Operations Responsible at OTIFYD
    Mar 2023 - Jul 2026 · 3 yrs 5 mos

    • I apply knowledge of cyber security and industrial equipment and processes to help develop and guide strategies that enable clients to secure OT networks, reduce cyber risks, and design and implement OT cyber security monitoring solutions. • I meet with business and technology leaders, key customer stakeholders, and supporting engagement managers to develop strategies and present findings. • I take an active role in OT cyber security efforts, which may include conducting physical security reviews, observations, technical configuration reviews, and personnel interviews. Skills; • Securing and designing OT network architecture across the Purdue reference model • System security engineering, design engineering, security testing and evaluations, and risk assessments for ICS, DCS, SCADA or other OT systems • Working with common industrial networking protocols including Serial, Modbus, Profibus and EthernetIP, DNP3, IEC-60870 etc. • IEC 62443, NIS 1 / NIS 2, NIST SP 800-82, NERC CIP or other industrial control frameworks and regulations • Analysis of vulnerability and security risk assessment tool results • Partial use of automation or control systems programming software • Participate in OT security solution design • And more..

  • ICS/OT&IT Network & Cybersecurity Specialist at SBI BİLİŞİM A.S.
    Mar 2019 - Mar 2023 · 4 yrs 1 mo

    TrIot IoT R&D Project, ICS/OT Security SGOM (Cyber Security Operations Center) Project Republic of Turkey Ministry of Energy and Natural Resources (TEİAŞ, BOTAŞ, EÜAŞ) ICS/OT Security SGOM (Cyber Security Operations Center) Project is the world's largest cyber security project in the field of ICS/OT Good knowledge of OT network communication protocols (For example: DNP3, Modbus, IEC 61850, OPC DA-UA, MMS, SRTP2, OPC UA, PROFINET, S7COMM, IEC101/104, etc.) Good knowledge of ICS technologies and/or environments. Examples include SCADA, DCS, RTUs, IACS, PLCs, HMIs, etc. Network architecture is very important in the environments where ICS/OT systems run in critical infrastructure sites. If the network topology is not optimally designed, you may encounter many problems such as loop, broadcast storm, letancy, and as a result, it will cause many problems such as crashing your ICS/OT systems. I have done many OT and in particular IT topology professionally on both physical and logical topologies. I mostly worked on "Ring Topology". Within the scope of the SGOM (Cyber Security Operation Center) project, I worked in the institutions of EÜAŞ (The Electricity Generation Corpporation) BOTAŞ (Petroleum Pipeline Corporation) and TEİAŞ (Turkish Electricity Transmission Corporation), which are affiliated (depending) to Republic of Turkey Ministry of Energy and Natural Resources. I worked on the installation and commissioning (deployment or activation) of Opshield OT security systems, writing rules and policies, and transferring the traffic to the center. I also made detailed exploration and research work at power generation plants, oil and natural gas pipelines, electricity transmission centers where the systems will be installed, and I created business processes and installation topologies. The main purpose of the established OT security systems is to ensure the continuity of the working systems of institutions with different communication infrastructures.

  • Research and Development Staff, Production and Technical Service Manager at GENTEK ELEKTRONIK SAN TIC A.S
    Feb 2017 - Aug 2018 · 1 yr 7 mos

    I worked as a R&D engineer, Production and Technical Service Manager from February 2017 to the end of 2018 at gentek electronics company, which is my second workplace. At gentek electronics, we both designed and produced transmitters such as control devices, pressure, temperature and flow meters for the industrial electronics sector. Especially the devices we designed were 4-20ma, 0-10v analog and modbus digital outputs. Actually, I first learned about OT and ICS systems here.

  • Research And Development, Test and Control Engineer at Desi Security & Lock Systems
    Sep 2015 - Jan 2017 · 1 yr 5 mos

    From 2015 to the end of 2016, I worked as an R&D, test and control engineer at DESI security and locks systems company. I was responsible for software, circuit design, testing and assembly related to Military Target and Alarm Systems at DESİ. I took an active role in home and workplace alarms, fingerprint reading with android and bluetooth, military electronic target production processes. I have developed myself enough to make prototypes and small designs both in software and circuit design. I actively used ARES and ISIS, which are the schematic and printed circuit modules of the proteus program. I also learned about the components used in electronic board designs. Such as opamp, regulator, passive and active circuit elements.