I'm an Senior Software Engineer with part-time duties as PSE (Product Security Eingeer) and I've recently been lucky to pass CSSLP exam.
I was thinking about trying to switch my career to ICS/OT security engineer. Unfortunetaly my current organisation (even though being in ICS/OT industry, electricy sector) does not provide opportunities of career shift (talk about stiff and unflexible organisation).
From checking job offerings I'm missing hands on experience on frameworks like ISO27001, IEC62443 or NIST standards and familiarity with some trade tools (Nessus, SIEM solutions, Claroty, Nozomi networks).
Naturally next step would be to find job postings where I can aquire such experience/tool familiarty, but it would seem there is a limited number of "entry level" options, not to mention hardly anyone lists experience/toolset which can be got by working (at given position) and me having already some advanced career in software development. Another problem being possible salary downgrade (hello entry level position and career shift), which might be hard (due to being breadwinner).
So does anyone have any insights or advices how to best handle the situation or should I rather keep focus on "standard" Software Engineer role and just "organicly" try to shift if opportunity presents itself?
Hy there i can see your post and i must say
Understand ICS/OT Security: Familiarize yourself with the fundamentals of ICS/OT security, including the unique challenges, threats, and best practices associated with securing industrial control systems and operational technology environments.
Identify Transferable Skills: As a Senior Software Engineer, you likely have skills that can be valuable in the ICS/OT security field. These may include programming, network knowledge, system architecture, and problem-solving abilities.
Educational Requirements: Depending on the specific role and organization, you might need to gain additional knowledge or certifications related to ICS/OT security. Consider pursuing certifications such as Certified Information Systems Security Professional (CISSP) or Certified SCADA Security Architect (CSSA).
Thanks and regards
ChristineBo
Thank you @ChristineBo for good tips!
@3): I've found a following ISC^2 courses:
ICS Standards, Regulations, and Frameworks
Cybersecurity in Industrial Control Systems (ICS)
Are there any others resources you would recommend (I know there is quite some of them, yet probably ones are better than others) ?