Principal Cyber Consultant · Thales Group

Securing the vehicles
and infrastructure
the world depends on

12+ years enabling OEMs, Tier-1 suppliers, and critical infrastructure operators to achieve regulatory compliance and resilient security — from vehicle concept to homologation, and from plant floor to cloud.

ISO/SAE 21434 UNECE R155 / R156 AIS-189 / 190 IEC 62443 NIST CSF 2.0 NERC-CIP ISO 27001 CRA RED
Get in Touch Download Resume
Maharaj Shree Kumar Sood
12+
Years in Cybersecurity
2
Domains: Automotive + ICS/OT
8+
Certifications
50+
Regulatory Work Products
Why it matters

A rare dual-domain edge

Most consultants specialise in automotive or industrial security. Very few hold deep, certified expertise in both — which is precisely where today's connected vehicles and smart factories converge.

End-to-end automotive compliance

From early TARA workshops and security concept definition through to CSMS/SUMS framework implementation and type approval readiness under UNECE R155/R156 and India's AIS-189/190.

Industrial & critical infrastructure security

OT/ICS risk assessments, architecture reviews, and cyber validation (FAT/SAT) aligned with IEC 62443, NIST CSF 2.0, and NERC-CIP across SCADA, DCS, SIS, and Level-1 control environments.

Regulatory & stakeholder engagement

Active engagement with ARAI, SIAM, ACMA, and CIRT — translating regulatory intent into engineering action for OEMs, Tier-1 suppliers, and certification bodies.

Security-by-design across the lifecycle

Embedding cybersecurity from concept through decommissioning — not as an audit afterthought, but as a structured engineering discipline across connected ECUs and OT assets.

Core domains

What I work on

Across two converging worlds — connected mobility and industrial operations.

Automotive Cybersecurity
ISO/SAE 21434 · UNECE R155/R156 · AIS-189/190
TARA CSMS / SUMS Type Approval ECU Security Secure Boot FOTA Security Supplier Management Penetration Testing
ICS / OT Security
IEC 62443 · NIST CSF 2.0 · NERC-CIP · NCIIPC
OT Risk Assessment SCADA / DCS SIS Security Cyber FAT / SAT Network Segmentation Vulnerability Analysis Security Architecture
Embedded & IoT Security
Connected ECUs · Firmware · Cryptography
PKI / TLS Secure Debug Cryptographic Controls MISRA / CERT-C Secure Firmware Update Interface Security
Regulatory Compliance & Advisory
CRA · RED · Global Homologation
RFI / RFP Support Work Product Validation Homologation Readiness Security Architecture Gap Analysis Training & Awareness
Career

Work history

12 years building expertise from embedded systems to enterprise-level cybersecurity strategy.

Thales Group Apr 2022 – Present Current
Principal Cyber Consultant
  • Lead cybersecurity engineering for connected automotive platforms — enabling OEM programs to achieve UNECE R155/R156 type approval readiness through structured CSMS and SUMS framework implementation.
  • Conduct vehicle-level TARA workshops across ECU, system, and vehicle layers, translating risk findings into actionable security requirements for engineering and program teams.
  • Deliver OT/ICS security assessments and architecture reviews aligned with IEC 62443 (3-2, 4-1, 4-2) for SCADA, DCS, and SIS environments in critical infrastructure sectors.
  • Develop cybersecurity policies, procedures, and security architecture guidelines aligned with IEC 62443 and NIST frameworks for automotive and industrial programmes.
  • Represent Thales's automotive cybersecurity practice at industry events (CAEV 2026) and in engagements with regulatory stakeholders including CIRT, ARAI, SIAM, and ACMA.
  • Support pre-sales and consulting engagements — scoping security architecture, evaluating RFIs/RFPs, and defining programme-level cybersecurity strategies for complex OEM and industrial programmes.
HCL Technologies Apr 2021 – Apr 2022
Technical Lead — Automotive Cybersecurity
  • Led end-to-end TARA for connected vehicle platforms and infotainment systems, producing risk-driven security requirements mapped to NIST and OWASP frameworks.
  • Designed and validated secure boot, secure debug, and FOTA update mechanisms through hands-on proof-of-concept implementations, ensuring ECU software integrity.
  • Assessed FOTA architecture and Android-based connected application security, identifying and mitigating critical vulnerabilities before production.
Marelli India Sep 2018 – Mar 2021
Senior Security Developer — Embedded Systems
  • Developed secure embedded software for BCMs and instrument cluster ECUs across global OEM programmes, integrating security controls at the hardware–software boundary.
  • Delivered cryptographically secured remote keyless entry and PEPS/immobiliser systems, ensuring authentication integrity against relay and replay attacks.
  • Created software architecture models using Enterprise Architect, enabling scalable and secure ECU design across complex multi-module vehicle platforms.
  • Implemented MISRA and CERT-C compliant secure coding practices, reducing software vulnerability surface across complex ECU ecosystems.
Hi-Tech Robotics Systemz Feb 2015 – Sep 2018
Embedded Research Engineer — Defence Robotics
  • Developed embedded control software for remote-operated robotic platforms used in IED detection and surveillance — recognised by the Indian Army for successful field deployment.
  • Designed CAN-based multi-module communication architectures, transitioning from distributed multi-MCU designs to centralised controller architectures for improved reliability.
  • Integrated hardware interfaces including SPI, UART, GPS, and CAN Open protocols, performing motor control tuning and system integration for robust field performance.
Services

What I can do for you

Engagements ranging from point advisory to full-programme cybersecurity delivery.

TARA & Risk Assessments

Vehicle-level and component-level threat analysis aligned with ISO/SAE 21434 and IEC 62443.

Homologation & Type Approval

CSMS/SUMS framework build-out, work product validation, and audit readiness for R155/R156 and AIS-189/190.

Security Architecture

Security-by-design across automotive and OT environments — from concept definition to system-level controls.

Penetration Testing & Cyber FAT/SAT

ECU-level penetration testing and OT system cyber validation during factory and site acceptance phases.

OT Security Programmes

End-to-end IEC 62443 programmes for critical infrastructure: gap analysis, policy development, and ongoing compliance.

Training & Capability Building

Customised cybersecurity training for engineering, procurement, and management teams across automotive and industrial domains.

Regulatory Stakeholder Engagement

Interface with ARAI, SIAM, ACMA, CIRT, and homologation bodies — bridging regulatory intent and engineering delivery.

RFI / RFP Consulting

Early-stage scoping, solution architecture, and bid support for complex cybersecurity programme tenders.

Credentials

Certifications

Validated expertise across automotive cybersecurity, ICS/OT security, and information security frameworks.

Certified in Cybersecurity (CC)
TÜV SÜD ISO/IEC 27001:2022 Lead Auditor
TÜV SÜD Certified IEC 62443 Professional
Cisco Certified Cybersecurity Essentials
IBM Certified Cybersecurity Analyst
OMNEX Certified ISO 21434 Automotive Cyber Professional
Certified NIST CSF Lead Implementer
TÜV SÜD ISO/IEC 27001:2022 Lead Auditor Certificate
Insights & engagements

Thought leadership

Speaking, writing, and engaging at the intersection of automotive cybersecurity and regulatory policy.

Conference · Apr 2026

CAEV 2026 — Connected, Autonomous & Electric Vehicle Expo

Represented Thales at Bengaluru's leading automotive technology event, engaging with OEMs, regulators, and industry stakeholders on cybersecurity strategy and India's AIS-189/190 roadmap.

Bengaluru, India
Read on LinkedIn
Speaking · Jul 2025

Automotive ISAC — Securing the OT in a Connected World

Invited speaker at the Automotive ISAC community call, presenting on the convergence of IT and OT security in today's connected vehicle and manufacturing ecosystems.

Automotive ISAC Community Call
View on Automotive ISAC
LinkedIn · 2026

The Practitioner's Guide to the EU Cyber Resilience Act

Breaking down the EU CRA's implications for product manufacturers and connected device ecosystems — what compliance means in practice for automotive and industrial stakeholders.

Thought Leadership Post
Read on LinkedIn
Regulatory Engagement

India's AIS-189/190 & automotive type approval readiness

Active engagement with ARAI, SIAM, ACMA, and CIRT on India's evolving vehicle cybersecurity regulatory landscape and UNECE R155/R156 alignment for domestic OEMs.

ARAI · SIAM · ACMA · CIRT
Course · CyberFrat

ICS/OT Cyber Security — Published Training Course

Published course on the CyberFrat learning platform covering industrial cybersecurity fundamentals, OT risk assessments, and IEC 62443-aligned security practices for critical infrastructure environments.

CyberFrat Learning Platform
View on CyberFrat

Let's work together

Whether you're navigating regulatory compliance, designing a secure architecture, or building an automotive cybersecurity programme — I'd be glad to help.

securewithshree63@gmail.com +91-9711391314 LinkedIn Profile securewithshree.com
Send a message