
Bridge IT and ODT cybersecurity by teaching protection of industrial control systems, including SCADA and DCS. Build a secure ODT environment by applying Purdue Model, MITRE ICS, and pentest concepts.
Get to know your instructor, Tej, an IT Security Architect specializing in OT cybersecurity. Learn about his experience bridging IT and OT security and what inspired this course
Explore five major OT cyber incidents that reshaped industrial cybersecurity—from Colonial Pipeline to Toyota. See how IT breaches can cascade into real-world operational impacts.
Understand what Operational Technology (OT) is and how it enables digital control of physical processes—bridging the gap between manual operations and smart, connected systems.
Learn what OT security means and why protecting industrial networks from cyber threats is vital—where a single compromise can disrupt pipelines, factories, and critical infrastructure.
Get a clear overview of the course structure — from understanding IT and OT systems to hands-on demos, governance, and real-world threat modeling for complete OT security awareness.
A quick overview of what you’ll learn in Section 1—how IT system architectures like client, server, and database models evolve toward industrial system design.
Learn what defines a system, how systems interconnect through data and services, and why these interdependencies introduce new layers of vulnerabilities to address.
Discover how architectures define system structure, how components interact, and how frameworks like TOGAF and Zachman help represent architectures at different abstraction levels.
Explore the basics of client-based systems, their standalone design, and common risks such as weak authentication, local data exposure, and device loss vulnerabilities.
Understand how server-based systems enable communication between clients, servers, and databases, their multi-tier design, and key risks like weak authentication and unpatched software.
Learn how database systems store and manage data using CRUD operations, support multi-user access, and face security risks like inference, aggregation, and weak encryption.
Recap the core concepts of system architectures — from client and server models to database systems — and understand how each plays a role in secure data and network design.
Get an overview of industrial control systems, their architecture, and key components like PLCs, HMIs, and sensors that drive automation and control in OT environments.
Learn how industrial control systems manage physical processes, ensure uptime and safety, and why their security needs differ fundamentally from traditional IT systems.
Understand key ICS technologies such as PLCs, RTUs, and SCADA systems, and learn how they enable monitoring, control, and automation in industrial environments.
Learn how OT integrates ICS, DCS, and SCADA systems with traditional IT, and understand how their overlap drives automation while creating new security challenges.
Explore key devices in OT and ICS setups, including PLCs, HMIs, sensors, gateways, and data historians, and understand how they work together to enable industrial automation and control.
Understand how PLCs automate industrial processes, their communication protocols, connectivity challenges, and the security risks that arise from legacy designs and weak configurations.
Learn how HMIs visualize and control industrial processes, their role in operator interaction with PLCs, and why balancing safety and cybersecurity is critical in OT environments.
Discover how data historians collect, store, and share process data across IT and OT systems, their security risks, and best practices like using DMZs and one-way communication for protection.
Learn how DCS manages localized industrial processes, its layered control design, communication protocols, and why it’s vital for secure, plant-level automation in industries like power and manufacturing.
Understand how SCADA systems enable remote monitoring and control of industrial operations, their architecture, and how modern IP-based protocols are reshaping security in connected environments.
Recap the core concepts of ICS and OT, their key components like PLCs, HMIs, SCADA, DCS, and Data Historians, and understand how these systems differ yet interconnect within industrial environments.
Get an overview of Section 4. Understand how the OSI and Purdue models help compare IT and OT network design, layering, segmentation, and security relevance in the Industry 4.0 era.
Explore how IT and OT systems are merging through connected architectures, enabling data sharing and analytics while introducing new challenges for cybersecurity and network design.
Learn how the OSI model represents IT communication layers and how the Purdue model maps information and control flows in OT systems for effective segmentation and visibility.
Dive into the Purdue Model’s layered structure. Understand each level’s purpose—from field devices and control systems to enterprise networks and demilitarized zones.
Assess the Purdue Model’s strengths and limitations in today’s connected environments. Discover how IoT, cloud, and Industry 4.0 are reshaping traditional OT network design principles.
Get an overview of Section 4. Learn how IT and OT security differ in focus, asset lifecycle, and maturity. Explore how each environment’s priorities shape cybersecurity strategies and controls.
Understand how IT and OT differ in security priorities. Learn why IT focuses on confidentiality, while OT emphasizes availability and safety, where real-time response is critical.
Explore the OT threat landscape, map assets and vulnerabilities with the Purdue model, and analyze attack paths and the MITRE matrix through the Colonial Pipeline case study.
Learn what makes OT environments high-value cyber targets. Explore how recent incidents have shown severe financial and reputational impacts from attacks on industrial systems.
Explore KPMG’s survey findings on cybersecurity risks to ICS components like PLCs, HMIs, and historians. Understand which devices are most exposed and why remote accessibility increases risk.
Analyze how cyber threats target different ICS layers across OT, DMZ, and IT zones. Learn how layered architectures influence risk exposure in industrial environments.
Discover which industries face the highest surge in OT cyberattacks. Learn how sectors like healthcare, manufacturing, and critical infrastructure have become prime targets for modern threat actors.
Examine how attackers target critical assets in healthcare and manufacturing. Understand the high-value systems, data theft risks, and safety implications driving OT-focused cyberattacks.
Explore how ransomware has evolved in OT environments. Learn about rising ransom demands, attacker motivations, and why industrial systems are increasingly becoming prime targets.
Learn about MITRE’s mission as a nonprofit advancing national security. Understand its independent role in shaping cybersecurity standards and frameworks used globally.
Explore the MITRE ATT&CK for ICS Matrix. Learn how adversary tactics like initial access, lateral movement, and impact are categorized to understand and defend OT environments effectively.
Analyze how the Colonial Pipeline ransomware attack maps to MITRE ICS tactics. Download the mapped file to explore DarkSide’s techniques and visualize the OT attack chain yourself.
Recap key takeaways: unique OT threats, Purdue model visibility gaps, OT-specific threat modeling, and how MITRE ATT&CK for ICS helps identify gaps through structured mapping and real-world cases.
Learn the five critical ICS security fundamentals from the SANS framework: incident response, defensible architecture, monitoring, secure remote access, and risk-based vulnerability management.
Understand why timely detection, response, and containment are vital in OT. Learn how SANS Control #1 strengthens resilience through structured OT/ICS incident response planning.
Understand the six key delays in OT incident response—from missing logs to slow mitigation—and why these make timely detection and containment the top SANS ICS security priority.
Learn how to design OT-specific response plans that balance cybersecurity with safety. Explore key elements—roles, playbooks, containment procedures, and training for real-world readiness.
Discover why a segmented, defensible OT network is critical. Learn how layered architecture protects industrial systems from lateral movement and limits the blast radius of cyberattacks.
Explore how unsegmented IT/OT environments increase risk. Learn why flat architectures enable lateral movement, hinder containment, and violate Purdue model principles.
Understand the first step toward OT network defense. Learn how basic IT/OT separation reduces exposure but still leaves risks from limited visibility and single-layer firewalls.
Learn how adding an OT DMZ strengthens IT/OT segmentation. Understand its role in monitoring data flows, reducing pivot risks, and why micro-segmentation is still essential.
Visualize how typical industrial shopfloors are structured. See how production lines, servers, and control assets are distributed before applying OT segmentation concepts.
Explore advanced OT segmentation approaches. Learn the difference between logical and zone-based segmentation and how they enhance defense-in-depth across industrial networks.
Discover how Purdue-aligned firewall zoning separates IT, OT, and OT DMZ layers. Learn the benefits of OT micro-segmentation and key risks like rule sprawl, misconfigurations, and legacy device gaps.
Understand VLAN-based segmentation in OT networks. Learn how logical isolation improves defense-in-depth, along with risks like VLAN hopping, ACL misconfigurations, and management complexity.
See how network segmentation maturity evolves from Level 0 to Level 3 and transforms into a full Purdue-aligned architecture — bridging conceptual maturity with practical blueprint design.
Explore how VLAN-based OT micro-segmentation strengthens defense-in-depth. Understand zone interactions across Purdue Levels 0–5 and how logical segmentation isolates ICS systems securely.
Learn how segmenting Active Directory between IT and OT strengthens defensible OT architecture, enabling isolated authentication domains and minimizing cross-domain compromise risks.
Understand how using a shared IT AD in OT environments expands the attack surface, weakens segmentation, and exposes critical systems—highlighted through real incidents.
Learn how a dedicated OT AD forest eliminates shared ports and containment risks, ensuring IT breaches don’t impact OT systems—achieving true identity and network segmentation.
Explore the importance of passive network visibility in OT environments. Learn how continuous monitoring supports anomaly detection, asset discovery, and early threat response in industrial networks.
Understand the risks of operating a “blind” OT network without asset inventory tools. Learn why discovering every device is the foundation for effective monitoring and threat detection.
Learn how OT visibility is achieved through passive scanning, selective active collection, and integrations with IT/OT tools—ensuring continuous, non-intrusive monitoring across the network.
See how visibility tools like Nozomi, Claroty xDome, and CyberVision transform passive data into actionable insights for asset classification, network segmentation, and risk reduction in OT environments.
Explore the importance of secure remote access in OT networks, aligned with SANS Control #4. Learn why strong authentication, isolation, and monitoring are essential for maintaining operational safety.
Understand key threats in OT remote access—compromised endpoints, weak authentication, unmonitored vendor access, and insecure protocols—and how poor segmentation enables lateral movement.
Learn the essential controls for securing OT remote access, including MFA, jump servers, RBAC, time-bound sessions, and vendor access governance to ensure safe, monitored, and compliant connectivity.
Learn the principles of SANS Control #5—how risk-based vulnerability management prioritizes OT asset protection by focusing on impact, exploitability, and operational criticality.
Explore how a risk-based approach helps OT security teams escape the endless cycle of patching by prioritizing vulnerabilities based on operational impact, exploitability, and criticality.
Understand the five stages of the OT vulnerability management cycle—Identify, Assess, Prioritize, Mitigate, and Monitor—to maintain continuous and risk-driven defense across industrial environments.
Explore five critical OT security controls: incident response, defensible network architecture with segmentation and OT AD, network visibility, secure remote access, and risk-based vulnerability management forming a foundation.
Learn how governance structures and processes—like change management, patch handling, and firewall rule reviews—ensure OT/ICS security controls are effectively implemented and sustained.
Understand the governance pillar of OT/ICS security—defining who ensures OT security implementation through committees, SMEs, clear roles, and oversight mechanisms.
Explore how governance translates into action through OT processes like asset onboarding, firewall rule governance, change management, remote access provisioning, and vulnerability handling.
Learn how to manage IT/OT communication requests through a structured firewall rule lifecycle—covering validation, temporary rule creation, periodic audits, and cleanup to prevent segmentation erosion.
Understand how structured change management prevents unauthorized OT network modifications. Learn workflow steps from ITSM request to dual approval, risk review, and CMDB validation.
Learn how to securely provision OT remote access using MFA, session recording, and temporary VPN credentials—replacing uncontrolled tools like TeamViewer or AnyDesk with defensible access pathways.
Explore how OT environments manage vendor patches and advisories through risk-based assessment, maintenance scheduling, and compensating controls—balancing security with plant uptime and safety.
Experience OT security in practice using LabShock. You’ll set up a virtual OT environment, interact with PLCs via Modbus, explore SCADA network components, and relate attacks to real-world OT risk scenarios.
Review the setup requirements for the LabShock OT security demo, including Ubuntu with Docker, Git, Modbus tools, and NVISO’s Refinery Raid script. Learn how to prepare your environment for the hands-on lab.
Understand the LabShock environment, its purpose as an open-source industrial cyber lab, and the disclaimer emphasizing ethical, educational use within isolated environments.
Demonstrate a controlled SCADA attack in a lab environment
Visualize and interact with a simulated SCADA system using FUXA HMI on port 1881. Understand how PLC value changes reflect in real-time, demonstrating the link between field devices and operator interfaces.
Understand how the PLC serves as the data hub of the process, communicating via Modbus TCP and hosting a web interface. Observe real-time input/output states and how they map to physical process values.
Understand what OT communication protocols are, why they exist, and what types of signals they transmit. Gain a foundation for analyzing industrial communication flows in ICS environments.
Learn how OT systems use supervision and control to exchange data between field devices, PLCs, and SCADA systems. Understand discrete vs. analog signals and how they are read, stored, and managed in real time.
Gain an overview of key OT communication protocols used across sectors like process automation, power systems, and building management. Understand which protocols are insecure by design and why that matters.
Understand how the Modbus protocol enables communication between PLCs and SCADA systems. Learn its client-server model, purpose in industrial automation, and why it’s considered insecure by design.
Learn how Modbus organizes data using coils and registers. Understand the role of discrete inputs, outputs, and holding registers in reading and writing process values between PLCs and SCADA systems.
Understand Modbus data types and address mapping in OpenPLC. Learn how coils, input contacts, input registers, and holding registers are used for reading and writing digital and analog process values.
Learn how to use the MBTGET tool to communicate with Modbus servers. Understand how to read and write coils or registers, view live tank levels, and simulate control actions like toggling pump states.
Walk through the Modbus write-attack demo to control PLC pumps using a Python script. Summarize key OT concepts learned in this section and acknowledge the industry sources that supported this course content.
Recognize the key references and contributors that shaped this course — including the CISSP All-in-One Exam Guide (for Sections 1 & 2), KPMG’s OT Threat Landscape Report (for Section 5), and the LabShock project with NVISO Labs’ “Refinery Raid” article (for Section 8).
In this course, you’ll learn how to secure industrial control systems (ICS/SCADA) by combining foundational knowledge, industry frameworks, governance practices, and practical lab exercises.
We’ll explore:
The OT threat landscape and how it differs from IT.
ICS/SCADA architectures and Purdue model segmentation.
Threat modeling using MITRE ATT&CK for ICS.
The five SANS critical controls for OT and how to apply them.
Designing secure OT network architectures with segmentation and governance.
Implementing key OT security processes such as asset onboarding, change management, firewall rule governance, and patch handling.
A guided hands-on OT penetration testing lab using LabShock — with step-by-step instructions to set it up at home.
By the end of this course, you will:
Understand the core differences between IT and OT security.
Be able to model, design, and govern secure OT environments.
Map real-world OT attacks to MITRE ATT&CK tactics.
Learn to build and operate your own OT security lab for practical, safe testing.
This course is ideal for:
IT security professionals who want to transition into OT security.
Plant engineers and OT staff looking to strengthen their cybersecurity skills.
Students and beginners eager to explore the growing field of industrial cybersecurity.
No prior OT experience required — we start from fundamentals and progress to advanced, hands-on security topics.