Building Siemens’s Zero-Trust Program: 3 Things Thomas Mueller-Lynch Learned
Zero trust is a journey, not a destination. This is the best way to think about your zero-trust strategy. But it’s not always easy to understand what that journey looks like.
That’s why we spoke to Thomas Mueller-Lynch, global director of digital identities at Siemens, in our latest episode of The Segment: A Zero Trust Leadership Podcast. Thomas has led Siemens’s zero-trust journey for the last four years of his nearly 30 years’ experience in IT and cybersecurity at Siemens.
Here are the three things Thomas learned while leading Siemens’s zero-trust program.
1. Zero trust requires IT, cybersecurity, and business collaboration
Siemens began its zero-trust program about four years ago when a group of IT, cybersecurity, and business leaders approached the board. They had realized that building a zero trust program requires more than just IT involvement — it needs a unified approach across the entire organization.
"Zero trust cannot be driven solely by IT or cybersecurity,” Thomas said. “It requires the business units that own the assets to be at the table as well.”
This alignment ensures that security is integrated from the start rather than added later.
Achieving alignment means building strong relationships between IT, cybersecurity, and business units to ensure everyone works towards a common goal. This approach transforms security from a standalone concern into an integral part of business operations. It influences everything from product development to daily operations.
Here's how they achieved it:
- Foster a unified vision: Engage stakeholders from all departments early in the process to ensure everyone understands and supports the Zero trust initiative.
- Recruit cross-functional teams: Include members from IT, cybersecurity, and business units to work together on zero-trust implementation.
- Prioritize communication: Regular updates and transparent communication channels help maintain momentum and align all parties.
2. Building zero trust is an ongoing project
When Siemens started their cloud-first initiative a few years ago, it meant more data and apps moving to the cloud. Leaders across the organization were worried that the company's traditional perimeter-based security wasn’t enough to protect their growing, perimeter-less network.
“More and more things went to the cloud which put many, many holes in our perimeter,” Thomas explained. “The assumption that we can control the perimeter was simply not true anymore.”
The board approved a new zero-trust program for one year after leadership approached them with this concern. Now, under Thomas’s leadership, it’s become an organization-wide initiative for the last four years.
Thomas walked through the steps he and his team took to build Siemens’s zero-trust program:
Year 1: Communicating with stakeholders and defining scope
The zero-trust team started with communication. “Everybody started talking about zero trust, but nobody understood what it really meant in a practical way to implement it,” Thomas said.
They went on a tour throughout the company, speaking with teams across IT, cybersecurity, business. This prompted discussions about application dependencies, security policy requirements, and project timelines which helped better define the scope of the project.
Year 2: Preparing back-end systems
The zero-trust team looped in Siemens’s main technology partners like Microsoft to prepare the company’s network for a zero-trust architecture.
Thomas noted that the second year was the most difficult. “There were lots of back-end activities that didn’t result directly in risk reduction or tangible results,” he explained. “People started asking whether it still made sense or not.” But this prep work was an essential foundation for building the zero-trust program.
Year 3: Tangible zero-trust progress
By the third year, the program started seeing practical results.
“We showed progress in application and factory enablement,” Thomas said.
A major success was getting a live, shareable dashboard for the program. “We can now show senior management where we are in the total scope of all the different activities,” Thomas said.
Year 4: Product development and enablement
Today, the zero-trust team is helping to build zero trust into Siemens’s products. This reflects the program’s internal success at the company.
“We believe the security of our products is a main selling point,” Thomas noted. “Having zero trust-enabled products is a differentiation argument from our competitors.”
3. Zero trust can be a competitive edge
The strategic integration of zero trust didn't just enhance Siemens’s internal cybersecurity. By year four, Thomas was also collaborating with the product team on their own zero-trust initiative.
They ultimately discovered that building a zero-trust in their products was not only the best approach to security, but it created a distinct competitive advantage in the market.
"When companies integrate zero trust into their offerings, they can confidently deliver best-in-class security which sets them apart from competitors," Thomas pointed out.
By making security a core feature of their offerings, Siemens was able to position themselves as a leader in providing secure, resilient solutions that customers and partners can trust.
The integration process of zero trust may have been a gradual, years-long process that looked different across every business area. But the outcome is clear — there’s strengthened market position, enhanced customer trust, and long-term business success.
About Thomas Mueller-Lynch, global director of digital identities at Siemens
With 27 years at Siemens, Thomas has held various IT roles, including web and document management and IT infrastructure technology. Today, he’s at the forefront of Siemens' cybersecurity efforts, leading the company's zero-trust program as the global director of digital identities.
With a deep technical background, Thomas oversees critical identity systems. His passion for IT, automation, and security steered him into roles that shaped his expertise in identity management. Thomas has been a driving force behind Siemens' transition to a more secure zero-trust architecture.
Listen, subscribe, and review The Segment: A Zero Trust Podcast
Want to learn more? Listen to the full episode with Thomas on our website, Apple Podcasts, Spotify, or wherever you get your podcasts. You can also read a full transcript of the episode.
We'll be back with more zero-trust insights soon!