Brief Intro to IT & OT CySEAT (Cyber Security Education & Awareness Training)


Learn -> Build -> Execute -> Manage -> Monitor -> Improve -> Review -> Rinse -> Repeat.

Who's this Course for?


Ideal candidates for IT & OT CySEAT training program are practitioners from: 

  • CDO (Chief Digital Officer) organisation or business unit.
  • CISO / CIO / CTO's - IT / ICT Teams organisation or business units.
  • OT/ICS production plant organisations or business units (e.g. Engineering, Operations, Maintenance, Industrial IT, etc.).
  • Other business organisation / functions (Audit, Leadership, BCP/Crisis etc.).


Responsible for:

  • building, governing, managing and executing an IT and OT / ICS cybersecurity program activities.
  • improving the overall enterprise cybersecurity hygiene for industrial environments (e.g. all types of manufacturers).

What You'll Learn?

IT & OT CySEAT (Cyber Security Education & Awareness Training)

~~~ Increased Digital Literacy for a Cybersecurity Savvy Workforce ~~~


Most analyst firms predicts a very high percentage of data breaches would involve human element. 


CySEAT is designed to equip businesses and practitioners both from IT & OT teams:

  • be better prepared to address cyber risks in a digitally transformed environment i.e. Industry 4.0 ready.


CySEAT addresses role specific cybersecurity training requirements beyond just simple / generic user security awareness:

  • meet requirements from international standards / best practices e.g., NIST CSF, ISA/IEC 62443, & more.
  • meet regulatory compliance requirements such as SG CCOP, AUS - AESCSF, Europe-NIS2, Saudi Arab-NCA-OTCC etc.


Below outlines a list of key topics covered within IT & OT CySEAT (Cyber Security Education & Awareness Training):

IT OT/ICS Security Objectives

IT & OT/ICS Security Objectives


Learn Cybersecurity Principles:

  • IT & OT/ICS Security focus
  • Understanding stakeholders objectives
  • Key differences between IT & OT/ICS
  • Comparisons around multiple lifecycle and security domains.

Digital Manufacturing Lifecycle & Automation Stack


Throughout Manufacturing and OT Project Lifecycle stages and across the different layers of automation stack from edge devices / PLCs up to the cloud, presents a wide range of attack surface, that could be leveraged by both internal and external threat actors. IT & OT / ICS teams having a good understanding of such threats, would help in mitigating multitude of cyber threat scenarios.


IT & OT CySEAT will cover several threat scenarios and mitigation best practices.

STL - Smart Manufacturing + Automation Stack

Industry 3.0 / 4.0, IIOT & Digital Transformation

Learn about what is:

  • Industry 3.0
  • Industry 4.0
  • Difference between 3.0 & 4.0
  • Digital Transformation
  • IIOT (Industrial IOT)
  • UNS (Unified Name Space) Concept and more.
Industry 4.0, IIOT, Digital Transformation

Digital Transformation & Cybersecurity

Bridges the knowledge gap between IT & OT / ICS Teams - Key to Digital transformation & Cybersecurity Strategy.

Increased industry demands for digitally transforming businesses (especially in manufacturing), are driving technology innovations, connectivity & convergence of IT & OT environments to get real-time analysis for operational efficiency, productivity, process optimization, and analytics for predictive maintenance. Therefore, cybersecurity needs to be integral part of digital transformation strategy.


IT & OT CySEAT (Cyber Security Education & Awareness Training) is tailored to equip IT & OT / ICS practitioners to have a common understanding of cyber risks across the entire automation stack.

Cyber Threat Landscape


Learn and understand what's at stake:

  • Industry stats
  • Common Myths & Mistakes
  • Emerging IT & Industrial cyber threat landscape
  • Comparing stats / survey vs. real-life case study of a manufacturer before an attack.
Cyber Threat Landscape
Cloud and CRM

Cloud and CRM


Learn Cloud and CRM (Customer Relationship Management):

  • What is Cloud and CRM?
  • Purpose as part of manufacturing or automation lifecycle
  • Notable Incidents / Attacks
  • Related Cyber Risks
  • Cybersecurity Best Practices.

The Enterprise & ERP Layer


Learn about Enterprise layer & ERP (Enterprise Resource Planning):

  • What is Enterprise layer and ERP?
  • Purpose as part of manufacturing or automation lifecycle
  • Notable Incidents / Attacks
  • Related Cyber Risks
  • Cybersecurity Best Practices.

The MES Layer


Learn MES (Manufacturing Execution System):

  • What is MES? (other components at this layer)
  • Purpose as part of manufacturing or automation lifecycle
  • Notable Incidents / Attacks
  • Related Cyber Risks
  • Cybersecurity Best Practices.

The SCADA Layer


Learn SCADA (Supervisory Control And Data Acquisition) systems:

  • What is SCADA? and DCS?
  • SCADA vs. DCS?
  • Purpose as part of manufacturing or automation lifecycle
  • Notable Incidents / Attacks
  • Related Cyber Risks
  • Cybersecurity Best Practices.
SCADA
The HMI

The HMI Layer


Learn HMI (Human Machine Interface) layer:

  • What is HMI?
  • Purpose as part of manufacturing or automation lifecycle
  • Notable Incidents / Attacks
  • Related Cyber Risks
  • Cybersecurity Best Practices.

The PLC Layer


Learn the PLC (Programmable Logic Controllers) layer:

  • What is PLC?
  • Other edge devices at this layer.
  • Purpose as part of manufacturing or automation lifecycle
  • Notable Incidents / Attacks
  • Related Cyber Risks
  • Cybersecurity Best Practices.
The PLC
The WMS Layer

The WMS Layer


Learn WMS (Warehouse Management System):

  • What is WMS? & other components at this layer.
  • Purpose as part of manufacturing or automation lifecycle
  • Notable Incidents / Attacks
  • Related Cyber Risks
  • Cybersecurity Best Practices.

Shipping & Supply Chain Layer


Learn about Digital Supply Chain & Shipping:

  • What is Supply Chain and Shipping/distribution process?
  • Purpose as part of manufacturing or automation lifecycle
  • Notable Incidents / Attacks
  • Related Cyber Risks
  • Cybersecurity Best Practices.
Shipping Supply Chain Layer
The AR/AP

The AR/AP layer


Learn about AR (Accounts Receivable) / AP (Accounts Payable):

  • What is AR / AP?
  • Purpose as part of manufacturing or automation lifecycle
  • Notable Incidents / Attacks
  • Related Cyber Risks
  • Cybersecurity Best Practices.

IT-OT/ICS Governance


Learn about building an IT & OT/ICS Cybersecurity Joint Governance Committee:

  • Org. structure / hierarchy (levels - from Execs to plant floor)
  • Ownership - Chair and Vice Chair selection
  • Meeting Cadence and more.
IT-OT/ICS Governance
The Discovery Process

The Discovery Process


Learn where to start - the discovery:

  • Identifying key assets (crown jewels)
  • Identifying data flows, architecture, vulnerabilities, and risks
  • Building business inventory across the automation stack
  • and next steps.

Cybersecurity & Resilience Strategy


Learn about building, executing and managing:

  • IT & OT Cybersecurity & Resilience Strategy
  • Framework Selection
  • Strategy Document & Presentation to BOD/Execs.
  • Cyber Resilience Transformation Program Roadmap & Execution.
Cybersecurity Resilience Strategy
Secure Network Architecture

Secure Network Architecture


Learn the basics around:

  • Purdue / PERA and Other Reference Models
  • Build a Secure and defendable network architecture
  • Segmentation between IT & OT/ICS
  • Concepts around Zones & Conduits.
  • Conceptional Designs vs. Reality.
  • Few reference examples.

What You'll Get? - Key Takeaways


  • More than a-day worth of video content.
  • Reference guidelines and whitepapers.
  • Recommendations on tools / solutions.
  • Many supporting resources and reference links.
  • Many downloadable bonus curated resources.
  • Certificate of Completion.

Knowledge Transformation - RFT?


Helps practitioners builds foundational understanding of:

  • IT vs. OT / ICS security principles and differing priorities.
  • Emerging trends (threats, IIOT, industry 3.0, 4.0, etc.).
  • Digital Transformation & Cybersecurity Strategies.
  • Cyber risks across the Digital factory (manufacturing workflows, automation stack, reference models).
  • Building and executing a Cybersecurity Resilience & Transformation Program.
  • Common goals and best practices for securing the enterprise stack.

All in all, helping you get ready to secure today's and tomorrow's industrial environments for a smart and safer society.

RFT - Ready for your Transformation journey?

IT & OT CySEAT - What is it Not?


  • Phishing Simulation & Education Training.
  • Generic User Security Awareness & Education Training.
  • Getting started in IT & or OT / ICS Cybersecurity Training.
  • Vulnerability Assessment & or Penetrating Testing Training.
  • Incident Response & or Table Top Exercise Training.
  • Lab based tools or Solutions Implementation & Training.


However, it covers these elements from an IT & OT / ICS Cybersecurity Strategy & Program perspective only.

Author/Instructor: M. Yousuf Faisal

(EMBA, B.E Electrical, ISA/IEC 62443 cybersecurity certified, CNSSP, ISO 27001 Lead Auditor, CISSP, CISM, CISA)


Bringing more than two decades of professional industry experience in technology & Cybersecurity, while working both at an end user environment and as a cybersecurity advisor / consultant (serving clients globally). Have experience building and growing GRC, PCI & OT / Emerging Tech consulting practices across APAC.

Am on a mission on helping individuals and organizations to secure their career & digital transformation journey and the future of smart things. Hope to see you within the Securing Things learners community. It's a great day to start Securing Things for a Smart & Safer Society.


LinkedIn https://www.linkedin.com/in/yousufzubairi

X - https://X.com/@SecuringThings

IT & OT CySEAT (Cyber Security Education & Awareness Training) Curriculum


(Not Final - Subject to Change)


Checkout Free Preview Videos below (Coming Soon).

  Week 1 - IT & OT/ICS Introduction & Overview
Available in days
days after you enroll
  Week 2 - Goals & Business Needs
Available in days
days after you enroll
  Week 3 - Digital Transformation (Opportunities & Cyber Risks)
Available in days
days after you enroll
  Week 4 - Building Strategy & Framework
Available in days
days after you enroll
  Week 5 - IT & OT Cybersecurity Strategy Execution
Available in days
days after you enroll
  Summing Up
Available in days
days after you enroll

This course is closed for enrollment.

Securing Things Newsletter


Don't just stop here.


Subscribe to Securing Things Newsletter for continuing your IT, OT/ICS, IIOT, IOT and AI Cybersecurity learning journey further, all year long.

Securing Things by M. Yousuf Faisal - Newsletter

Related Products


For more in-depth IT/OT cybersecurity related digital products, for your IT and OT practitioners / teams,

checkout below related advance courses / digital downloads.

OT/ICS Cybersecurity Best Practices Requirements Specification

OT/ICS Cybersecurity Best Practices Requirements Specifications, aligns cybersecurity requirements from industry best practices (e.g. IEC 62443, NIST, CSC etc.) integrated into industrial automation control systems lifecycle stages - especially for greenfield projects - which can be used as a basic guidance in terms of evaluating or setting basic criteria of procuring, designing, implementing, commissioning, maintaining and decommissioning an IACS systems.

M. Yousuf Faisal

M. Yousuf Faisal

$3,000

OT Cybersecurity Best Practices Requirements Specification (OT-CBPRS)

OT Cybersecurity Best Practices Requirements Specification (OT-CBPRS) by M. Yousuf Faisal. Securing Things's proprietary guidance on getting started with OT cybersecurity best practices.

M. Yousuf Faisal

M. Yousuf Faisal

PLEASE READ CAREFULLY


Due to the digital nature of our products and services, we do not offer any refunds or returns for any reason.


By enrolling in any of our products (courses, digital download, services etc.), you agree to accept following terms in addition to Terms of Use.


NO WARRANTIES, REPRESENTATIONS, GUARANTEES

The company (STA or School or Author) gives no warranties with respect to any aspect of the program or any materials related thereto or offered in connection with the program and, to the fullest extent possible under the laws governing these terms of service, disclaims all implied warranties, including but not limited to warranties of fitness for a particular purpose, accuracy, timeliness, and merchantability.

By purchasing the program, you accept, agree, and understand that you are fully responsible for your progress and results from your participation and that we offer no representations, warranties, or guarantees verbally or in writing regarding your future earnings, security of your business or its profit, marketing performance, audience growth, or results of any kind.

The company does not guarantee that you will get any results using any of our ideas, tools, strategies, or recommendations, and nothing in our program is a promise or guarantee to you of such results. Information provided about or in the program is subject to change.

Company makes no representation or warranty that the information provided, regardless of its source, is accurate, complete, reliable, current, or error-free. company disclaims all liability for any inaccuracy, error, or incompleteness in the program.


LIMITATION OF LIABILITY

You agree that under no circumstances will the company be liable for any indirect, special, consequential, or punitive damages (including lost profits) arising out of or relating to these terms of service or the transactions it contemplates (whether for breach of contract, tort, negligence, or other form of action) and irrespective of whether the company has been advised of the possibility of any such damage. In no event will the company’s liability exceed the price you actually paid to the company for the program.