Bridging the OT Security Skills Gap: A Spotlight on Hacktonics

In our latest webinar, we had the pleasure of hosting Awais Rashid and Joe Gardiner, co-founders of Hacktonics. Both Awais (a professor of cybersecurity at the University of Bristol) and Joe (a lecturer with hands-on ICS experience) are on a mission to make ICS and OT cybersecurity training far more accessible - an urgent need in an industry where the skills gap often slows progress and leaves critical infrastructure exposed.

Hacktonics’ Approach

1. Hands-On Training Boxes Hacktonics has developed portable training kits that simulate realistic ICS environments. Trainees gain experience configuring, attacking (ethically!), and defending actual devices. This direct exposure fosters far deeper understanding than any purely theoretical or virtual course ever could.
2. LinICS (Linux for ICS) The team created a specialist Linux-based platform, bundled with OT-specific tools mapped to the MITRE ATT&CK for ICS framework. Think of it as “Kali for ICS,” but with an emphasis on protocols like Modbus, DNP3, and industrial-grade hardware. By providing a one-stop platform - containing both modern and legacy utilities - Hacktonics cuts the usual complexity of spinning up ICS test labs.
3. Boot Camps & Bespoke Courses Free, introductory sessions for newcomers or anyone curious about transitioning into OT security. These allow you to trial real ICS scenarios under expert guidance. Bespoke Courses: Tailored corporate training to upskill in-house teams — particularly beneficial for IT security teams who want to gain OT fluency or safety engineers who need to weave security into their processes.
4. Community Focus Although Hacktonics offers commercial solutions, their ethos is firmly rooted in community building. They regularly host sessions at local meetups, B-Sides events, and student conferences, aiming to nurture new talent by lowering the barriers to entry.

It was a pleasure to host our latest webinar session, the experience in our panel was shining through, even with the early morning start in New Zealand for Gavin and Stefano fighting off an illness, the team were on top form.

In this session, we explored the essential building blocks of ICS/OT cybersecurity, perfect for practitioners and leaders in OT Security, tasked with building defences from the ground up. Our panel for the session:

• Sam Taylor – Current CISO/Project Manager at Enfinium (formerly GSK and Johnson Matthey), overseeing OT cyber programmes
• Andres Prieto – A seasoned engineer, based in Barcelona, who transitioned from IT into global OT cybersecurity
• Stefano Saccomani – With over twenty-five years of experience in rail, focusing on rail control systems, signalling, and OT security
• Gavin Dilworth – An OT all-rounder from New Zealand, bringing experience as an operator, automation engineer, managing consultant, and security advisor

In our latest OT Security Connect session, we explored OT penetration testing with our excellent panel providing insights into the unique challenges, the absence of standardisation, and the strategies to enhance security within OT environments.

We also witnessed the birth of a new phrase "Living off the Plant" - credit to Ric Derbyshire on this 😁

Panel

Ric Derbyshire - Principal Security Researcher at Orange Cyberdefense

Gavin Dilworth - Principal Consultant at Assessment Plus

Martin Slack - Head of ICS at Pen Test Partners

Asif Hameed Khan - Cybersecurity Professional

🌐 Key Themes and Insights

The Case for Standardisation The team debated the feasibility of a unified standard for OT penetration testing. While a universal approach seems impractical due to the diversity of OT environments and the lack of an arbitrator, the group agreed that more flexible, descriptive frameworks could provide valuable guidance.

For instance, a baseline guide to help asset owners could lean more into the IEC 62443 model, using security levels to align tests with sector-specific risks, criticality, and risk appetite, to help determine appropriate testing approaches.

Challenges of OT Penetration Testing A significant challenge in OT penetration testing lies in the diverse approaches taken by testers, particularly those transitioning from IT-focused backgrounds. It can be a struggle to adapt, as their methods tend to prioritise vulnerabilities over the operational processes central to OT environments.

In contrast, successful testers focus on identifying how attackers could disrupt key processes and systems, as this aligns more closely with asset owners' priorities.

Organisations with well-established test beds often achieve better outcomes in penetration testing, as these environments allow for controlled experimentation and more realistic simulations. However, the lack of test beds in many organisations remains a barrier to effective testing.

Clear communication of testing objectives and outcomes is another critical success factor. Testers must articulate the scope and purpose of their assessments in terms that resonate with OT asset owners, ensuring alignment between testing practices and operational realities.

🚀 Key Takeaways for OT Security Professionals

• Pen-testing Certifications: Professional development recommendations from the panel for industry professionals interested in Penetration testing in OT. OCSP and SANS highly rated by the Gavin and Martin 📚
• Pen-testing to Address Hybrid IT-OT Environments: Most pen-testing is IT TTPS and focussed towards more general purpose operating systems within the OT environments. As a result there should minimal safety and reliability issues
• Pen-Testing Outcomes Impacting Security Posture: Whole point of a pen-test is to help end users improve security postures. Reduce risk and enable the organisation to review gaps and plan security programme going forward

🌐 Exploring OT Security Maturity: Insights from Industry Experts

In our recent OT Security Connect webinar, panellists Alexander Staves (Bridewell), Ric Derbyshire (Orange Cyberdefense), and Sam Maesschalck (Nexova Group) dove into the critical challenges and advancements shaping OT security today.

Key highlights included:

🔹 Realistic Threats to OT Environments – A review from Ric on historical attack data including the predominant source of OT impacts, IT driven OT ransomware attacks, the opportunity of mitigating against ransomware attacks and the frequency of specific OT specific attacks.

🔹 Adopting OT Security Standards & Regulations – Alex provided an overview of the regulatory landscape, highlighting the rapid expansion of standards, the complexity of IEC 62443, and the frequent updates that make compliance a challenging task for OT operators.

🔹 Implementing OT Security Controls – Sam outlined three pillars for OT security: robust asset management, practical network segmentation, and IT-OT collaboration. He stressed using specialised tools for asset visibility, designing segmentation that aligns with operational needs, and building IT-OT teams to reduce silos. Sam also advocated for security training that respects operational demands and recommended a 'Crawl, Walk, Run' approach—starting with essentials and layering advanced controls over time

Join the OT Security Connect community as we navigate the evolving OT security landscape, connecting leaders, practitioners, and researchers to build resilient systems.

Join our LinkedIn community here - https://www.linkedin.com/groups/13002294/

Welcome to another session from OT Security Connect!

In this webinar, our expert panel tackles one of the most pressing issues in the OT environment: the urgent need to build a robust cybersecurity talent pool to safeguard ICS and OT businesses.

Speakers:

📣 Eliot Davies: Founder of OT Security Connect and Quanta Hire, Eliot sets the stage by highlighting the critical need for cyber resilience in OT and the alarming global shortage of cybersecurity professionals.

📣 John Allen: John delves into the specialised skill sets required for OT security, emphasising the blend of IT, cybersecurity, and industrial control system knowledge.

📣 Kimberley Dick: Kimberley discusses the rapid changes in IT and OT convergence, and how these dynamics increase the complexity of securing OT environments.

📣 Asif Hameed Khan: Asif explores strategies to address the skills gap, including training programs, certifications, and industry collaborations.

📣 Sam Taylor: Sam shares insights on the future outlook for OT security, predicting trends and challenges that professionals will need to navigate.

Key Topics Covered:

📍The current state and future projections of the cybersecurity workforce gap.

📍Challenges unique to OT security, including specialised skill sets and rapid technological changes.

📍Strategies for developing and attracting OT security talent.

📍The role of industry and educational institutions in mitigating the skills shortage.

Join OT Security Connect to gain valuable insights and practical advice on fortifying your OT security posture in the face of a growing skills gap: https://www.linkedin.com/groups/13002294/

Another great session with Rob Hayes, Max Higginson, Sam Taylor and Michael Woo talking through "Incident Response and Recovery" in the latest OT Security Connect webinar.

The team did a fantastic job highlighting the challenges, here's some key points:

Importance of IR in OT Security:

💡 IR builds resiliency, ensures critical systems can be recovered based on their importance, in the event of an incident

Pre-Incident Considerations:

💡Assign criticality to different systems to help align cyber risk management with business risk management

💡Map technology, set control targets, develop clear recovery plan. Testing and continuous improvements are key

Post-Incident Recovery and Restoration:

💡Safety is first priority, recovery follows operational sequences and ensures systems are brought back online safely

💡Situational factors such as time of year can affect recovery priorities. Manual processes should be defined for critical operations