Digital Threat Digest Insights Careers Let's talk

Industrial Control Systems Security Specialist (ICSSS)

Our Industrial Control Systems Security Specialist training provides the expert level skills required to manage security teams within an ICS/OT environment, to detect, analyze and implement technical and non-technical measures to mitigate cyber security threats and ensure ICS/OT operations are managed effectively.


This training can be delivered virtually, at our London or Bristol facilities, or at our clients’ premises; training is typically for group bookings only.


PGI Cyber Academy – Completion Certificate


By the end of this training, you will have learnt to consolidate, develop, and apply your operational, business and ICS/OT security specific knowledge to secure and mitigate risks to automation and control system technologies at an advanced level.


Senior practitioner-level ICS/OT cyber security professionals who wish to understand how to manage all aspects of industrial control systems security effectively. Example roles might include:

  • ICS/OT SOC analysts
  • ICS/OT cyber security risk or compliance officers
  • ICS/OT incident response practitioners
  • ICS/OT cyber security architects
  • Senior IT/Cyber security practitioners with responsibilities with industrial control systems or operational technology
Learning outcomes
  • Implement test procedures, principles, and methodologies relevant to developing and integrating cyber security capability.
  • Determine network traffic analysis tools, methodologies, and processes.
  • Understand remote access technology processes, tools and capabilities and their implications for cyber security.
  • Design identification and reporting processes.
  • Consider statutes, laws, regulations, and policies governing the collection of information using cyber security techniques.
  • Explain concepts, terminology, and operations of communications media.
  • Discuss network technologies in IT and ICS/OT environments.
  • Provide best practice cyber security risk management methodologies for the IT and ICS/ OT domains.
  • Develop system protection planning measures for IT and ICS/OT environments.
  • Review an organisation’s architectural concepts and patterns in IT and ICS/OT environments.
  • Evaluate supervisory control and data acquisition system components.
  • Design ICS network architectures and communication protocols.
  • Analyse the ICS threat landscape.
  • Identify, capture, contain and report malware.
  • Secure network communications.
  • Recognise and interpret malicious network activity in traffic.
  • Analyse tools, techniques and procedures used by adversaries remotely to exploit and establish persistence on a target.
  • Access databases where required documentation is maintained.
  • Design multi-level and cross domain security solutions applicable to IT and ICS/ OT environments.
  • Translate operational requirements into protection needs in an IT and ICS/OT environments.
  • Protect an ICS/OT environment against cyber threats.

Ideally, either GICSP training and/or qualification or GRID training and/or qualification, with five or more years practical experience in an ICS security practitioner role.

Knowledge of:

  • Any national cyber security regulations and requirements relevant to their organisation.
  • Human-computer interaction and the principles of usable design, as they relate to cyber security.
  • An organisation’s policies and standard operating procedures relating to cyber security.
  • Security event correlation tools.
  • Multi-level security systems and cross domain solutions applicable to IT and ICS/OT environments.
  • Integrating the organisation’s goals and objectives into the system architecture in IT and ICS/OT environments.
  • Demilitarized zones in IT and ICS/OT environments.
  • ICS operating environments and functions.
  • ICS devices and industrial programming languages.
  • Threats and vulnerabilities in ICS systems and environments.
  • Intrusion detection methodologies and techniques for detecting ICS intrusions.
  • ICS security methodologies and technologies.

Skills in:

  • Applying host and network access controls.
  • Protecting a network against malware.
  • Performing cyber security related impact and risk assessments.
  • Utilizing feedback to improve cyber security processes, products, and services.
  • Applying cyber security and privacy principles to organisational requirements.
  • Conducting cyber security reviews of systems.
  • Conducting information searches.
  • Identifying a network’s characteristics when viewed through the eyes of an attacker.
  • Assessing the cyber security controls of ICS/OT environments.

This training can be tailored to an industry or for a defined audience, with various durations. Example topics typically include:

Module 1 – Understanding the Flow

  • Course introduction and Lab setup
  • Level 0 and 1 – Devices and communications
  • Understand the attack surface of a level 1 device (including process weaknesses)
  • Passive and Active discovery
  • Exercise – NMAP discovery
  • System architecture and data flow
  • HMIs and EWS
  • HMI to PLC relationships
  • PLC to HMI communications (including operational functions)

Module 2 – SCADA and Protocols

  • SCADA components and communications paths
  • Understanding peer to peer
  • Peer to peer communications
  • OPC and other protocols
  • OPC and Beyond

Module 3 – Design and Devices

  • Network architecture and design
  • Levels 2 and 3 communications (including trusted communication flows)
  • Perimeter prevention and detection
  • Data diode or firewall?
  • Databases
  • Databases exploration
  • Using VPNs

Module 4 – Monitoring what you have

  • System Monitoring
  • Logging and alerting
  • Asset Management and Validation using tools
  • Managing and validating assets

Module 5 – Bringing it all together

  • ICS Attack and Defend including troubleshooting
  • Understand and exercise on local processes and environment
  • Vendor security models and industrial DMZs
  • Pivoting and positioning in an ICS target environment
  • Operational traffic reverse engineering
  • Protocol-level manipulation
  • Firmware manipulation
  • Industrial wireless discovery and attack
  • Time synchronization manipulation
  • Data table and scaling modifications

Exam Preparation