Piotr Polak
Cybersecurity and standardization expert
I am a cybersecurity expert who drives the development and certification of secure connected products. I actively contribute to global product security standards through my work with CEN-CENELEC, the Connectivity Standards Alliance, and the International Telecommunication Union.
I bring over twenty years of experience at Philips, NXP , and currently Signify, working in connected product development with a strong and consistent focus on product security. My expertise spans both technical implementation and standards-driven security, including:
- Product security leadership
- Connected product cybersecurity
- Product security architecture and lifecycle management
- Cybersecurity standards and certification (RED Delegated Act, Cyber Resilience Act, EN IEC 62443, EN 303 645)
- Operation Technology (OT) and Information Technology (IT) security, including OT and IT integration
- Network access control and security (IEEE 802.1X, 802.11i)
- Wireless and connectivity technologies (Zigbee, Matter, LiFi, Wi-Fi, Bluetooth, NFC)
- Hardware-based security (smart cards, secure elements, TPMs)
- Trusted Execution Environment (TEE)–based solutions
Domains of Expertise
- IoT Systems: OT and building automation security, LiFi connectivity, IT network security, NFC commissioning
- Automotive: V2V/V2I communication, telematics, OTA updates
- Mobile: TEE, secure element, NFC
Standards Contributions
I help shape the future of connected product security by driving global standards and best practices. I currently contribute to Cyber Resilience Act–related standards at CEN-CENELEC and ETSI, and have played a key role in developing standards such as RED DA (EN 18031-1/2/3:2024), Zigbee Direct, LiFi and Power Line Communication ITU standards, and the Fairhair specification. My work ensures that connected products are secure, inter-operable, and ready for the challenges of tomorrow.
- RED DA standards: EN 18031-1/2/3:2024
- Zigbee Direct standard, now part of the Zigbee Core specification
- LiFi and Power Line Communication ITU standards
- Fairhair specification
Product & Process Compliance
I have extensive experience ensuring that connected products and processes meet global security and safety standards, including Cyber Resilience Act (CRA), RED Delegated Act (RED DA), IEC 62443, NIST SP 800-82, and UL 2900. My work bridges regulatory requirements and practical implementation, helping organizations achieve secure, certified, and future-ready products.
White papers
- ELIoT: enhancing LiFi for next-generation Internet of things.
- Security Architecture for the Internet of Things (IoT) in Commercial Buildings
Patents
So far, during my professional career, I have filed for thirty patents to protect the following
Standardization organizations
I am a contributing member to the following standardization organizations.
CEN-CENELEC
Representing the national committee of The Netherlands: Normcommissie Cybersecurity Privacy, Normcommissie Industrieel meten, regelen en automatiseren (NEC 65).
Memeber of the follwoing committees:
JTC13 Cybersecurity and data protection
- WG8: Radio Equipment Directive DA security standards development
- WG9: Cyber Resilience Act security standards development
TC65X Industrial-process measurement, control and automation
- WG3: Cyber security
TC205 Home and building electronic systems
- WG20: IT security and data protection
Connectivity Standards Alliance
Member of the Security Advisory Group and Product Security Working Group Steering Committee driving Product Security Certification Program.
I am also a liaison between the Connectivity Standards Alliance and CEN-CENELEC.
International Telecommunication Union
Contributor to the LiFi and Power Line Communication ITU standards: enabling enterprise security (IEEE 802.1x network access control)
