OT Cybersecurity: Zero to Hero

A guide to kick start and successful career in OT Cybersecurity.

This blog is my effort to best capture the Journey to ICS or OT Cybersecurity. This is a compilation of my experiences and learnings.

Before i begin let me give you a context of Cybersecurity Workforce shortage. According to a report by Forbes in December 2022 on cybersecurity staff shortage there were 700000 vacancies in the US alone, While the overall shortage is close to 3.4 million.

The field of OT Cybersecurity is specialized and there is a lack of skilled workforce. According to SANS Institute white paper The State of ICS/OT Cybersecurity in 2022 and Beyond"The ICS security workforce is becoming more skilled and valued".

The Journey towards a successful OT Cybersecurity Career can be divided into 5 distinct phases. These phases would need different amount of time based on the background and experience of a candidate in Computer Systems or Control Systems.

The five phases are:

1. Before the Journey
2. Prerequisite
3. Tradecraft
4. Practice
5. Launch

1. Before the Journey

This phase is the important ground work for getting into computer and Information technology. Knowing a Language is helpful in many ways and at various levels in your career. I have neglected this part in my graduation and had to be dependent on colleagues for small roadblocks. This knowledge can be gained either through your education or through the online courses available for free. Few of My favourites are:

• Learn Python the Hard Way
• Python Tutorials
• Python full course for Beginners by mosh
• Python for Everybody - Full University Python Course (Recommended)
• Learn C Programming with Dr. Chuck (feat. classic book by Kernighan and Ritchie)

2. Prerequisites

Getting into OT Cybersecurity needs to understand the concepts of Computer and Network Security in general and Control and Automation Systems in particular. There are lots of resources available again for understanding the Computer and Network Security and my curated list is as below:

• Become a Cybersecurity Professional
• SANS Reading Resources
• David Bombal's Youtube Videos especially on Wireshark and Ethical Hacking (Though the entire library is amazing)

The second important Skill is understanding the Control And Automation Systems. There are few old videos that explain this in details:

• PLC Programming by PLC Professor
• RealPars Videos
• Understanding SCADA
• Energy 101 Series of Videos
• Wastewater Treatment Plant
• OEM Sites Like Siemens, Rockwell, Schneider, GE Etc

3. Tradecraft

Now that you understand the Computer security and Control system both. The next step is to learn the Cybersecurity Specific to ICS. There are few free resources that can really help you on this.

• SANS ICS Library
• SCADA hacker Library
• ICS kill Chain whitepaper
• Resources by Dragos
• S4 Event Video Library
• ICS Training by CISA(US)
• ICS Advisory Dashboard
• Industrial Cybersecurity Books by Pascal Ackerman

4. Practice

Practicing the tradecraft is very essential as this will boost confidence and organise the learning. You may need to build small labs to practice. These tools and books will help you get this.

• Awesome ICS Git Repo by hslatman
• ICS Security Tools Git Repo
• Cybersecurity for Industrial Control Systems: SCADA, DCS, PLC, HMI, and SIS
• Industrial Cybersecurity: Case Studies and Best Practices
• CLaroty Resources Library
• Nozomi Resources Library

During this phase you should also acquaint your self with the Industry standards like IEC/ISA 62443 which is the standard for Industrial Automaton and Control Systems Security. Other reginal standards shall also be learnt like NERC-CIP, CSA(Singapore) etc. ISO standards are also available for few OT specific application like ISO 27019 (Information Controls for the Energy Utility Industry)

Gaining a certificate would boost your employability and confidence. I intentionally dd not put the certification in the previous phase as certification without practice is useless and you would forget the knowledge in few days. Few ICS specific certifications are:

ISA/IEC 62443 Cybersecurity Certifications

SANS Global Industrial Cyber Security Professional (GICSP) Beginner Level

SANS Global Response and Industrial Defense (GRID) Advanced Level

SANS GIAC Critical Infrastructure Protection (GCIP) Beginner level

5. Launch

This is the final phase to get placed in the desired OT cybersecurity Role, Based on the experience there are roles available at various levels like Analysts, Leaders/Consultants and Heads. To get placed and visible you need to network with the people in the industry through social media (especially Linkedin) and various conferences. Few Groups and People to follow includes:

• Dale Peterson
• Robert M. Lee
• ???? Dean Parsons ????
• Andrew Ginter
• Tim Conway
• Justin Searle
• Daniel Ehrenreich
• Manjunath Hiregange
• Nathan Boeger - CISSP-ISSAP
• Shiv Kataria (thats me and I post on linkedin very frequently)
• Cybersecurity For Real Time Systems
• ICS OT Security IEC62443 Cyber and Physical
• ICS/OT Cyber Security Opportunities
• Industrial Control System Cyber Security (ICS-CS)
• SANS Security Summits

This journey would help the aspirants get into the OT Cybersecurity career path. While the phases are shown sequential but they may not necessarily be followed like that. Like you may start networking and following the content online to get updated on the recent trends and reports.

Wish you a Happy OT Security Journey.