About Nikola Novoselec

Head of Zero Trust Strategy and Architecture. Technical Director of the largest technological transformation program a Swiss critical infrastructure provider has undertaken in decades. Senior Cybersecurity and Network Architect across logistics, finance, transportation, and public sector - highly distributed environments with hybrid multicloud at the core.

Image
Image
Image
Image
Image
Image
Image
Image
Image

Integration at Enterprise Scale

Learn More About MeDetails

00 + years

Turning disconnected requirements, products, and services into integrated architecture that works at enterprise scale. Working systems deployed across hybrid multicloud, legacy IT, and OT environments where failure isn't an option. From complex integration challenges to infrastructure that required custom approaches. The same integration expertise that built Zero Trust for critical national infrastructure, brought to organizations ready for architecture that delivers quantifiable business outcomes. Production systems, not shelf documentation.

000 ° view

Complete understanding of your environment from edge to inference. Complexity that seems infinite often becomes manageable when someone maps the connections. My focus is how everything connects, where the handoffs fail, where policy enforcement breaks down, and what it takes to make the entire security layer move as one coherent system. That's the difference between theoretical frameworks and production architecture. When you understand end-to-end, problems that looked impossible become engineering challenges with clear solutions.

0  Fabric

One integrated architecture, one policy fabric. Regardless of your starting point, security maturity level, technology stack, or organizational complexity - the target is always convergence. Security, connectivity, and AI working together instead of breaking apart at component boundaries. Not point solutions failing in the gaps between them, but one coherent framework where the entire layer enforces decisions together. The same policy decision, enforced everywhere, simultaneously. That's what Zero Trust actually means when it works.

For over 14 years, I have worked as an architect at one of Switzerland’s largest critical infrastructure providers - across a plethora of projects in different domains. Beyond the theoretical frameworks of Zero Trust whitepapers, I have lived the failure points of legacy migrations - where small gaps become systemic incidents.

I learned that in high-stakes environments, complexity is not just an inefficiency - it is a vulnerability.

Most enterprises keep buying tools (DLP, CASB, identity controls, behaviour analytics) hoping for safety, but end up with vertical silos. And silos create blind spots. Blind spots create risk.

The answer was horizontal policy. Security woven into connectivity, not bolted on afterward. One enforcement and governance model applied consistently across identity, device, network, workload, and data - so controls do not fail at the seams. The result? Security that adapts to the user, not the other way around. Invisible when context is low-risk. Decisive when it matters.

At Gray Matter, I provide clear, accountable advisory to help organisations design, integrate, and operationalise Zero Trust architectures. I align technical architecture to executive objectives - bridging the gap between packets and protocols and the business outcomes that matter. This is how security stops being an impediment to delivery and starts enabling it.

My focus is Zero Trust that survives Swiss enterprise realities: federated organisations, legacy and OT environments, and board-level governance constraints.

Zero Trust at Critical Infrastructure Scale

This work provides a practical foundation - hands-on experience from leading one of Switzerland’s most significant Zero Trust transformations.

The Scale Challenge

At enterprise scale, failure will happen. The architecture had to assume breach - isolate quickly, detect faster, remediate autonomously. Prevention is a fantasy; resilience is the strategy.

Geographic Complexity

3,500+ locations requiring uniform security posture without unacceptable latency. From urban headquarters to remote field offices - one policy fabric.

Organisational Complexity

100+ subsidiaries with varying risk tolerances, all brought under a single horizontal policy model. Not by force, but by design that made adoption the path of least resistance.

User Scale

5M+ users across end customers, business customers, partners, suppliers, and employees - all governed by the same identity and access framework. Different trust levels, different access patterns, one coherent policy fabric.

Technical Debt

Decades of legacy IT and OT integrated without breaking critical national services. IoT devices. Industrial control systems. Mainframes from three decades ago. All governed by the same policy framework.

Governance Navigated

Complex organisational structure with multiple governance layers. Approved across IT leadership, executive management, and the board - then funded and executed as a multi-year programme.

This demonstrates the stakeholder alignment required for enterprise cybersecurity transformation over multiple years - not just the technical competence.

Comprehensive Pillar Coverage

All seven Zero Trust pillars addressed: Identity and access management. Device trust and posture. Network segmentation. Workload protection. Data security. Visibility and analytics. Automation and orchestration.

Why Direct Engagement Works

Experienced security leaders know the challenges of large-firm engagement models:

Engagement Continuity Large firms often staff engagements with a rotating cast of junior consultants. This requires constant re-education, and context is lost at each handover. Direct engagement ensures a single, accountable architect who maintains the vision from assessment through to operationalisation.

Incentive Alignment Large firms measure consultants on utilisation and sales. This creates pressure to extend engagements, expand scope, and make recommendations that generate follow-on work rather than solve problems. My success is measured by your outcomes, not my billable hours.

Practitioner Experience Partners at large firms often have not done hands-on technical work in years or decades. Their guidance is second-hand, removed from day-to-day delivery. My guidance comes from recent, hands-on experience building the systems I advise on.

This is not the right model for every engagement. If you need a team of 50 consultants or a global programme management office, a large firm is the appropriate choice. But if you need expert guidance from someone who has actually done the work, direct engagement delivers better outcomes.

To be clear: I architected and directed the Zero Trust transformation as Technical Director - working with internal teams and implementation partners over multiple years. The same architectural expertise that designed that transformation is what I bring to consulting engagements. I don’t implement at scale alone. I design at scale, then guide your teams through execution.

How I Work

Transparent Architecture Assessment I provide early-stage validation to prevent misallocated capital. Early course corrections prevent costly downstream rework. My goal is your success, not the next engagement.

Survivability Over Theory If a policy cannot survive peak operational loads or a legacy SAP instance, it is a liability, not a security measure. Every recommendation must be implementable within your constraints. Architecture that cannot survive contact with your budget, organizational culture, and legacy systems is not architecture - it is theory. I prioritise resilient, pragmatic architecture over theoretical models.

Impartial Vendor Neutrality No vendor partnerships. No referral fees. No undisclosed incentives. The architectural question is not “who should own everything?” It is “which vendors excel at their domains, and how do we integrate them so the gaps disappear?” When I recommend a product or approach, it is because I believe it serves your interests. This independence is non-negotiable.

End-to-End Programme Stewardship Security transformation is not a series of disconnected projects. It is a coherent programme that requires consistent vision. I stay engaged from assessment through implementation, ensuring that strategy actually translates into outcomes.

Resilience Over Perfection I design for failure - not to prevent it, but to survive it. Concentrated dependencies on global platforms will occasionally fail. The architecture that wins accepts this deliberately and designs for graceful degradation. “Total and rare” beats “partial and constant.” I do not design for a world where technology never fails - I design for a business that survives when it does.

Governed Autonomy - AI at Enterprise Scale

The principles of Zero Trust now extend to the next frontier: Artificial Intelligence.

AI agents need autonomy to respond at machine speed - but you cannot grant autonomy unsupervised. The solution is not removing humans from the loop; it is designing the governance loop so humans govern outcomes, not individual actions.

The same governance rigour used for identity is the only way to safely deploy AI. This principle shapes my approach to both AI security and traditional Zero Trust: governance that enables rather than restricts. By applying horizontal policy to AI pipelines, we ensure that automated remediation never violates compliance guardrails.

Founder

The Architect

I architected Zero Trust in one of Switzerland's most complex enterprise environments. Hybrid multicloud. Legacy systems. IoT and OT. One policy fabric across it all.

Six lessons learned:

  • Zero Trust is the great equalizer
  • There is no one solution to rule them all
  • Complexity is the enemy
  • Integration is the architecture
  • Zero Trust fails between components, not within them
  • Simplify. Reduce. Converge.
Nikola Novoselec

Nikola Novoselec

Founder & Zero Trust Architect

Get Started

Ready to Transform Your Security Posture?

We start by mapping every identity, data flow, and enforcement point - then pinpoint where risk pools between systems. Whether you need a Zero Trust maturity assessment, a security architecture review, or guidance on integrating AI into your security operations, let us talk directly about your challenges. Our discussions are strictly confidential, respecting the discretion required in Swiss B2B relationships.

Schedule a Conversation
0 M+

Users

Customers, Partners, Employees

00000 +

Endpoints

Secured across hybrid multicloud infrastructure

0000 +

Public Domains

Secured across the enterprise footprint