Professional Expertise & Experience

Charles Marrow is a cybersecurity professional and academic with global experience in the software and industrial automation industries. His deep expertise is focused on the complex security challenges of embedded, medical, and industrial IoT (IIoT) devices, a domain where security failures can have critical, real-world consequences.

During his tenure at IriusRisk, his work was centered on:

• Operational Technology (OT) Security: Providing expert guidance on securing complex systems like Industrial Control Systems (ICS), the energy sector, and oil and gas infrastructure.
• Embedded Device Security: He specialized in translating the unique security requirements of embedded devices into the threat modeling process.
• Regulatory Compliance: He focused on the practical application of standards like IEC/ANSI 62443 to ensure critical systems achieve and maintain compliance.

Key Contributions and Achievements

Charles’s contributions have been foundational to IriusRisk’s authority in the OT security domain:

• Framework Creation: He is the creator of the specialized EMB3D™ Threat Modeling Framework, a structured approach designed specifically to identify, evaluate, and mitigate vulnerabilities in embedded devices.
• Industry Standards Leadership: He was instrumental in IriusRisk becoming a Technical Member of the ISA Security Compliance Institute (ISCI), actively contributing to the ISASecure Cybersecurity Conformance Scheme.
• Published Works: He authored extensive technical content detailing the application of the IEC/ANSI 62443 standard to various components, including Medical Devices, OT Communications Protocols, and Hardware Security Requirements.
• Academic Credentials: He holds an MSc in Cyber Security and continues to support research and teach Cyber Security subjects at Anglia Ruskin University, reinforcing his academic authority.