cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

Six steps to learning OT Security

Hi All

 

I thought this article would be useful to members, especially those who are wondering how to go about learning OT Security or Critical infrastructure.

 

https://www.linkedin.com/pulse/six-steps-learning-ot-cybersecurity-john-kingsley%3FtrackingId=tjPpAC...

 

Regards

 

Caute_Cautim

 

5 Replies
JKWiniger
Community Champion

Fist off I want to say thank you for always bringing news and articles to keep us informed!

 

Just the other day I had someone asking me how to get into IT. I started to point him to Microsoft learn, but when I went to find exact courses there were none! Microsoft learn does not do the basics. I did find that Cisco does! He was like do I need a degree, well some companies require it but that is being fault. Certifications.. yes they are good, but what is best is just knowing what you are talking about. I told him the first thing to look into is a networking class. He said but what if I want to get into game design? I told him, when your game is slow it will be good if you understand the possible reasons why... then I told him I can sum what you ned to learn in one question...

 

Why can't I get on the internet?

 

Networking.. it's where you start!

 

Better ideas, let hear them!

 

John-

Caute_cautim
Community Champion

@JKWinigerThank you John, it is because constantly each and every day, I try to put aside at least an hour a day to learn something new, or conqueror a learning objective or to develop something new or to explore something I do not not fully understand.  Plus the fact my organisation has a modus operandi of constant learning and developing.   Rather like refreshing the parts that other beers do not reach etc.

 

I like your idea: 

 

Perhaps re-igniting curiosity?  

 

Why won't my phone work?

Why I cannot obtain a signal?

What do you know about Quantum Computing?  AI? Automation? Data Security?

What are my learning objectives for this month? Or today, this week?

 

Suggestions: 

 

https://www.cybrary.it/free-content

 

https://www.udemy.com/?utm_source=adwords&utm_medium=udemyads&utm_campaign=Branded-Topic_la.EN_cc.RO...

 

https://www.securitylearningacademy.com/

 

https://www.learningtree.com/

 

Podcasts - active listening

 

https://blog.feedspot.com/ibm_podcasts/

 

https://learningnetwork.cisco.com/s/podcasts

 

https://aws.amazon.com/podcasts/aws-podcast/?podcast-list.sort-by=item.additionalFields.EpisodeNum&p...

 

https://news.microsoft.com/podcasts/

 

https://podcasts.apple.com/us/podcast/howstuffworks-now/id1107301102

 

You get the gist...

 

Regards

 

Caute_Cautim

 

 

 

 

 

 

 

JKWiniger
Community Champion

@Caute_cautim I am going to show my age for a minute... things were so much easier before the internet! Yes, I went there! I don't know if it's just me but at times I feel really dumb because I hit a problem that stumps me, and think but I have been doing this forever, what am I dumb! There is just so much today, so many programs and things popping up that I have just never heard of, it's exhausting! Let me ask you this, there are the things we have done for / at work but what about the other things? I seem to have a much better grasp on a lot of things than most people, it more of a natural aptitude. So, I never worked in finance, or legal, or a bunch of other things but I seem to be good at them. Is there any way to put this stuff out there when job searching? Like the person I mentioned, I do things like that all the time, can I say I mentor? Many, many years ago I was told something that made me take pause, a hiring manager told me outright they they expect a certain percent of a resume to be BS, and since mine is 100% honest I am hurting myself... thoughts? It's like so many people say tailor your resume for the job and I just don't get that! I am who I am, I have done what I have done, what is there to tailor?

 

Let me stop, I know I kind of went off course there, but I feel they are still good questions, so I am leaving it...

 

John-

 

dcontesti
Community Champion

Unfortunately lots is being written on this subject (OT Security) and not all of it is really "helpful",

 

In my mind only, this gent took something that we commonly use in IT and is trying to apply it to OT (ICS/SCADA/etc.).  Doing this, MIGHT prepare one for a job in IT and maybe an entry level into Security but definitely not into OT.

 

Let's look at OT and some of the real issues associated with it:

 

The lifespan of OT (ICS) systems. Most systems that sit at Level 0 of the Purdue model (https://en.wikipedia.org/wiki/Purdue_Enterprise_Reference_Architecture) were built to last and not change due to required uptimes, the cost and the risk.  in running some applications, the required uptime for these systems is 99.99%

 

Airgaps are gone.  In the past, these systems were air gapped and we used what we now call sneaker net to transfer data. However with the adoption of newer technologies the value chain has changed and not we find these systems sitting on corporate networks.

 

There are other risks associated with these devices.

 

As one moves up the Purdue Model and start looking at Level 1 and 2, we see IT-OT converging, thus seeing new technologies increasing the risk. As digital transformation breaks down IT-OT barriers, advancements in networking and data analytics reshape processes, and new sophisticated cyberattacks appear, ICS frameworks are slow to adapt.

 

I strongly recommend anyone who is increased in OT Security, first learn about networking, basic security topics before even attempting to secure an OT environment.

 

Several great courses are available from SANS (and they have a certification for it).  Another course, but I believe enrollment is from Idaho National Labs/  Also check out https://www.cisa.gov/ics-training-available-through-cisa

 

d

Caute_cautim
Community Champion

Very useful to all readers. Nice one

 

Regards

 

Caute_Cautim