Looking for resources to get started in ICS/OT Cyber Security? Robert M. Lee [Thanks, Rob!] has a long running blog post, most recently updated in January 2023, that provides a long list of resources to help you get started. Whether you are coming from an IT background, an ICS/OT engineering background or from somewhere else, the blog has (more than just) something for everyone. Here are a few things I took away from the blog when I first read it not too long after it was originally posted: 1. Coming from an IT cyber security background, I needed to think like an industrial control engineer. And to do so, I needed to learn like an engineer - learning how the physics of each different facility operates, learning not only how to program a PLC, but also to wire its inputs and outputs to start. 2. The world of ICS/OT is vast and often unseen. Most people take their always present electricity, clean water, transportation, pharmaceuticals and other manufactured goods, for granted. Working in cyber security in ICS/OT, you are going to be even more of an "unsung hero" that those that work in traditional IT cyber security roles even as you help to protect the world around you. 3. The great thing about the ICS/OT world to me is that it is so varied, and it can take you anywhere and everywhere. I consider myself very fortunate to be able to work in different environments - power generation, commuter rail, offshore oilrigs, LNG terminals, mining, refineries and so on. Every facility is its own unique adventure. 4. The fundamentals of IT cyber security most definitely apply in ICS/OT environments, but they are most definitely applied differently. Rob, and by extension Dragos, Inc., have worked to highlight the differences such as with vulnerability management which is a stark comparison between IT and OT in how processes such as security patching functions. You can find Rob's blog post with a list of resources at https://lnkd.in/gRr45aRX. #icssecurity #icscybersecurity #otsecurity #otcybersecurity #cybersecurity #security
Terrible Picture... "cough"
Ever since taking the SANS 410 course back in 2018, Rob's blog site is the first link I share when anyone asks what to read for getting started in OT Security. Foundational and inspirational. Seems like Rob has always knew he would be teaching and sharing ! :)
Very usefull and precise post, as always. Thanks Mike. Point #4 is a battle of everyday. I nickname it Divergence OT-IT... to recall application is so different.
This is an amazing post and resource list Mike Holcomb, I came from an IT background and I have learned how important and vast ICS/OT world is.
Aaron, I thought this was insightful and wanted you to see it.
Thank you, this is a great piece of info. Thank you rob as well!
Great perspective and feedback, thanks! I am going to share this out as I think it’s an awesome third party endorsement of the material Rob is providing to the community.
Thanks for the share!
Founder and CEO, Dragos, Inc.
10moThanks for sharing!