Interview with Dr.-Ing. Christian Zenger, Co-founder and CEO of PHYSEC


PHYSEC provides cyber and cyber-physical threat detection and prevention as well as cloud-based monitoring, management and response platform for IoT devices. It is a Germany-based start-up that was founded 5 years ago at the university of Bochum.

On 2nd February, PHYSEC received the ECSO’s European Cybersecurity STARtup Award. Through this initiative, ECSO aims to increase the European cybersecurity posture, by increasing the prevalence of European uptake of European solutions.

Steve Clement, Security Engineer at CIRCL, had a chat with Dr.-Ing. Christian Zenger, Co-founder and CEO of PHYSEC.

In this interview, Christian Zenger tells the story of PHYSEC.

After conducting a workshop related to his PhD research, gathering engineers and economists, the to-be-PHYSEC-team wrote an application to a Research Transfer Fond of the German Government, focusing on IoT security as core business. At that time, it seemed already obvious that IoT would be subject of security risks. “With more devices getting into public or open environment, it was an easy calculation to make in order to see this will be a big issue in the future”, Christian Zenger said. “If there is a physical contact with the system, it’s just a matter of time until the system is broken or compromised”, he added.

An ecosystem favourable to start-ups

The University of Bochum is a nest of security engineers and developers thanks to a 21-year-old IT security studies program involving 26 professors.

There are several other founders of cybersecurity companies here in Bochum, which creates a nice ecosystem that brings the option of building a company real and close to students”, Christian Zenger continues, “having a good team, willing to do this, to have less money and do more work, take risks and so on” is necessary to take on this adventure.

The business model

PHYSEC did pivot its business model, or at least its technical targeted solutions. At the beginning, PHYSEC generated the keys out of the environment to authenticate the device without any input or classical interfaces to an existing network. Although this was very useful and energy efficient, “companies would rather use classical aspects that are usually motivated by regulations” Christian Zenger explains.

PHYSEC finetuned its strategical advantage and now focus on fields where using its technology is the unique advantage, something nobody else can do, such as proximity authentication or verifying the integrity of an entire object. PHYSEC also offers an interface where customers can use its technology to do additional applications (for maintenance for example).

To prove or assess integrity of an object or an IT component requires today a chain of complex processes. Using modern solution can be even cheaper than the existing ones.”

Christian Zenger sees the IoT trust through the 2 following aspects:

  1. Number of technical aspects, resources, energy restrictions, interface restrictions
  2. Where the device is applied. Security and risk combined in IoT device is usually defined on the operational environment where the device is located:
  • “if it is a laptop in the office or a server in the core data center, you have an access control, so you can trust this hardware,
  • if it is a hardware in a public or shared environment, then this changes. For critical infrastructures, you need to assume that as soon as someone has an unauthorized access to the device, then the device might be compromised.
  • Being sure that this is not the case is pretty much what we offer. Not only for the operations but also for the logistics”.

From a start-up to a larger organisation

We are a year out of the classical start-up”, Christian Zenger explains, “we are more than 40 people so we need an organizational structure with second and third layers of managers who handle the team and projects. 2 years ago, that was a flat hierarchy”.

PHYSEC is currently looking to grow its team with engineers and embedded software and back-end developers.

Contributing back to the open-source community

On the back-end side, the entire solution platform is based on several generic or micro services coming from open source.

We are continuously contributing to the open-source community. The plan is to provide an open-source version of our solution on the embedded side. We will publish in about a year an embedded framework, so people can use low resolution chips and use our platform as an API to assess the physical integrity of objects or to verify states, on a free-basis”.

All details about PHYSEC solutions here.