The House of OT Cybersecurity

OTSEC.IO Logo
September 9, 2023

“Every mentor has his own way” is an Arabic phrase used to illustrate the notion that each person or leader has his or her own unique method or approach to handling situations or challenges. In spite of how unified or similar an organization may appear from the outside, the saying emphasizes the uniqueness of individual strategies and perspectives. It reminds us that diversity exists even within highly engaged communities and groups.

When I was working for Cybersecurity company, my personal experience with learning OT began. During training in France, I was informed that the company would hold an event in my region (Oman), and I was required to present products’ capabilities regarding cyber security controls to an audience from the industrial world. While I assumed I would be doing the usual corporate pitch, I didn’t take that mission very seriously. The team asked me to perform a dry run the night before the event, and I did the presentation and demo confidently, expecting the usual applause and appreciation. Unfortunately, that did not happen. I received the worst feedback ever, even hearing that they might not let me go on stage the next day! My frustration was so great that I tried to figure out what was wrong.

My pitch was excellent for IT people, but not SCADA people, later that night they pointed out I did not understand SCADA security (that was the known term for OT security at the time), their questions became more complex, and I could not define any of them! The backup plan was to have me do the usual pitch and they will support me to ensure that my talk is relevant to the audience and I would spend a couple of hours the same night getting familiar with these terms.

That night, I stayed up reading any articles about SCADA security available online and watching any video about it. It was 9:00 am when I was called to prepare for my presentation at 10:00 am. I was afraid I might be embarrassed by some questions I would not be able to understand or know the answer to, but it went well! The time didn’t allow me to modify my slides, but I delivered a completely different pitch. As a result of this incident, the manager asked me to give the afternoon presentation as well, for a different audience, which I did. I learned a number of life lessons, but what stands out to me is that I decided to learn SCADA security.

Nowadays, OT has better resources available online, a number of great individuals and corporations have contributed to the online content, the term is now widespread, and I hope through my short course on Udemy, my book, and the professional training that will be available shortly on OTsec.io, I hope I contributed a bit to the great OT community.

When I wrote the book and later built the course on “How to be OT Cybersecurity Professional,” I assumed I was speaking to those who have no OT background or have little exposure to some parts of OT and had some confusion on the big picture.

During that time, the available resources can be classified as follows:

 

        Individual contributions: These include small YouTube videos that cover specific topics.

        Corporate contributions: Companies provide educational material that can be used as a starting point to learn more about their products and services.

        Websites: There are several websites with rich information. You can find them listed in the resources page of my book.

        Limited information on SCADA hacking.

        Expensive courses: While there are expensive courses available on parts of OT, they often lack adequate resources for learners to follow.My research revealed a gap in the existing material on the subject I was writing about. To address this gap, I decided to start from the basics of OT and build up the knowledge gradually from a strong foundation. My aim was to make the material accessible and easy to understand.

I believe that one doesn’t necessarily need to be proficient in programming websites to provide web security. Similarly, I don’t see the worth in investing time to learn PLC coding or HMI design to become an OT cybersecurity professional. Instead, I focus on imparting knowledge to the learners about PLC programming and emphasizing its security aspects. This helps them understand the concept better.

From my perspective, I strongly believe that this course is essential for learners who want to advance in OT Cybersecurity. It will provide them with the necessary knowledge to become professionals in the field. However, this is just the beginning of their journey. There are various specialty subjects, such as OT IR, or OT Auditing, that they might choose to work on, which requires them to continuously acquire new skills and knowledge to advance their career.

I strongly believe that learning Operational Technology (OT) is a unique experience compared to other subjects. OT is a mission-critical subject that is learned for a noble cause. With the blurring of lines between digital and physical worlds, the role of OT has become increasingly important. It forms the backbone of modern-day infrastructure, ranging from power plants and manufacturing to transportation systems. Cybersecurity professionals who specialize in OT are in high demand.

Leave a Reply

Your email address will not be published. Required fields are marked *