About Me

Innovation only creates lasting value when people can trust what they build. My work is to help them get there — by making security an architectural property from day one, not a control bolted on afterwards.

I'm Dr.-Ing. Marcel Winandy, Enterprise Security Architect at E.ON, focused on the AI control plane and secure AI infrastructure. Alongside my primary role, I selectively work with a small number of organizations as an independent security advisor.
I do not advise organizations that compete with my primary employer or its affiliated entities.


From Trusted Systems to Trusted AI

The through-line of my career is straightforward: I've spent over twenty years designing security for systems that have to be trusted. The domains have shifted — microkernel operating systems, TPM-based trusted computing stacks, software-defined networking, IoT gateways, and now autonomous AI agents — but the underlying question hasn't. How do you build a system so that the trust you place in it is actually warranted?

That arc is why I keep saying AI security challenges aren't new — only amplified. Prompt injection, hallucination, and agent misbehavior are the newest expressions of problems system security has grappled with for decades: adversarial input, unreliable output, and unbounded execution. The tools are different. The architectural discipline is the same.

I've worked across three sides of that discipline — as a Research Associate and PostDoc at Ruhr-Universität Bochum in trusted computing and microkernel OS security, as a Principal Research Engineer at Huawei doing SDN security research, and as a Technology Advisor at Kaspersky Labs. I now design enterprise-scale AI security architecture at E.ON, and publish the frameworks I develop — PALIM for secure GenAI applications, LAMINA for agentic AI control planes — as public references anyone can build on.

What I Write About, and Why

My published work sits in three places: Frameworks for named, reusable architecture models; Writing for deep dives that connect research to enterprise practice; and Media for talks, videos, and conversations. Everything reflects three fused perspectives — the purpose-driven mindset of a strategic leader, the causal rigor of a security researcher, and the structured, decision-oriented thinking of an enterprise architect.

If you're a security architect, AI/ML engineer, CTO, or technical leader working on AI adoption and governance — this site is written for you.

Credentials

Career

  • E.ON - Enterprise Security Architect
  • innogy - Senior Cybersecurity Architect
  • Kaspersky Labs - Technology Advisor
  • Huawei - Principal Research Engineer / Security Technologist
  • Sirrix AG security technologies - Senior System Architect
  • Ruhr-University Bochum - Research Associate / PostDoc
  • University of Bonn - Research Assistant
  • SRC Security & Research Consulting - Software Engineer

Education

  • Dr.-Ing. (PhD) in IT Security, Ruhr-University Bochum
  • Diplom (MSc) in Computer Science, University of Bonn

Recognition

  • ACM AsiaCCS Test of Time Award, 2026
  • IEEE Senior Member, 2023
  • ACM Senior Member, 2022
  • Huawei GRC Handshake Award, 2018
  • Huawei Science & Technology Award, 2017
  • Huawei Future Star, 2015 & 2016
  • Huawei Customer Support Award, 2015
  • German IT Security Award, 2nd prize, 2010

50+ scientific and technical publications. Full list under Research → Publications.

Off the Clock

Science fiction and fantasy for the stories that ask how would this actually work? — same instinct that drives the day job. Time with my wife, and ongoing (mostly successful) attempts to guide our dogs into behaving as intended.