Hi mike , thanks for all the videos. I'm an apprentice as an OT engineer - could you please give me some advice on how I could break into OT cyber security within the next 3-4 years.
Hi @Situide - Thanks for watching the videos! I hope you're finding them helpful! I did put together a free eBook for people like yourself with an OT background on how to get into ICS/OT cyber security. You can find it at github.com/utilsec/Getting_Started_with_ICS/blob/main/Getting%20Started%20in%20Industrial%20Cybersecurity%20for%20OT%20Professionals.pdf. Check it out and let me know if you have any questions!
Great session Mike, thanks! Did you notice CiscoLive in Europe presented ICS/ OT solution with CyberVision and Cisco rugged switches to PLC we are reselling at Orange Business?
Thanks for sharing, @JohnDoe-tx - I haven't kept close tabs on CiscoLive for the last few years with everything else going on so I'm glad you mentioned it. Thanks again for sharing!
Hi Mike, thank you so much for your videos. They are really amazing and I like your way of explaining the course. I do have one questions please. When you mentioned having retainers with Dragos or other. Did you mean that to use the help of third party in case of any security incident or if our in house incident response team failed to identify or deal with the incident?
Hi Abo - Thanks for watching the videos and for the kind words! As far as a retainer with an outside firm, you'll always want one (even if it's a zero cost retainer) "just in case." Even if you have an incredible in-house response team, if an incident is significant enough you'll need the additional help and most often you'll need an outside party to attest to what occurred. Most people won't want to take your own word for what occurred which is in part why you'll need an outside party. I hope this helps answer your question!
Thanks for saying, @auser4872! A recent favorite book I like to recommend for people just starting out is a fairly new book - "Practical Industrial Cybersecurity: ICS, Industry 4.0 and IIoT" by Charles Brooks and Philip Craig Jr. Check it out and let me know what you think!
Hi Ronny - If you were only able to place one honeypot, I would start with the IT/OT DMZ as ideally it would be best suited to catch an attacker moving from the IT network (the most common route) into the OT network. If you were able to place additional ones, I would continue working down the different layers as time and money allow! I hope this helps!
Hi Mike, Hope you are doing well, Currently i am working as IT incident response and digital forensics consultant and would like to learn more about ICS/OT. So could you please suggest me any affordable course which covers ICS/OT related topics
Well, I'd like to think you're taking the most affordable one right now, Shabee09! Plus the CISA courses that they post online for free. Otherwise, you're looking at investing. Check out my video on ICS/OT Cyber Security Certifications for other idea. Hope this helps!
Hi Josh - SNMP is more for monitoring the overall health of a network device such as a switch, so while it could start to give you an extremely limited view of the data we are looking for, it would definitely fall short when compared to NetFlow.
Hi mike , thanks for all the videos. I'm an apprentice as an OT engineer - could you please give me some advice on how I could break into OT cyber security within the next 3-4 years.
Hi @Situide - Thanks for watching the videos! I hope you're finding them helpful! I did put together a free eBook for people like yourself with an OT background on how to get into ICS/OT cyber security. You can find it at github.com/utilsec/Getting_Started_with_ICS/blob/main/Getting%20Started%20in%20Industrial%20Cybersecurity%20for%20OT%20Professionals.pdf.
Check it out and let me know if you have any questions!
Great session Mike, thanks! Did you notice CiscoLive in Europe presented ICS/ OT solution with CyberVision and Cisco rugged switches to PLC we are reselling at Orange Business?
Thanks for sharing, @JohnDoe-tx - I haven't kept close tabs on CiscoLive for the last few years with everything else going on so I'm glad you mentioned it. Thanks again for sharing!
Hi Mike, thank you so much for your videos. They are really amazing and I like your way of explaining the course. I do have one questions please. When you mentioned having retainers with Dragos or other. Did you mean that to use the help of third party in case of any security incident or if our in house incident response team failed to identify or deal with the incident?
Hi Abo - Thanks for watching the videos and for the kind words! As far as a retainer with an outside firm, you'll always want one (even if it's a zero cost retainer) "just in case." Even if you have an incredible in-house response team, if an incident is significant enough you'll need the additional help and most often you'll need an outside party to attest to what occurred. Most people won't want to take your own word for what occurred which is in part why you'll need an outside party. I hope this helps answer your question!
Hey Mike, excellent content as always. Can i ask, is there a particular book that covers the content you have gone through so far
Thanks for saying, @auser4872! A recent favorite book I like to recommend for people just starting out is a fairly new book - "Practical Industrial Cybersecurity: ICS, Industry 4.0 and IIoT" by Charles Brooks and Philip Craig Jr. Check it out and let me know what you think!
Thank you sir, I will check it out
Hi Mike, at which point of the ICS network would you suggest to place the Honeypot?
Hi Ronny - If you were only able to place one honeypot, I would start with the IT/OT DMZ as ideally it would be best suited to catch an attacker moving from the IT network (the most common route) into the OT network. If you were able to place additional ones, I would continue working down the different layers as time and money allow! I hope this helps!
Hi Mike, Hope you are doing well, Currently i am working as IT incident response and digital forensics consultant and would like to learn more about ICS/OT. So could you please suggest me any affordable course which covers ICS/OT related topics
Well, I'd like to think you're taking the most affordable one right now, Shabee09! Plus the CISA courses that they post online for free. Otherwise, you're looking at investing. Check out my video on ICS/OT Cyber Security Certifications for other idea. Hope this helps!
Hi Mike, I'm not familiar with NetFlow, but can network monitoring via SNMP achieve the same outcomes here or does it fall short?
Hi Josh - SNMP is more for monitoring the overall health of a network device such as a switch, so while it could start to give you an extremely limited view of the data we are looking for, it would definitely fall short when compared to NetFlow.
First!
Thanks for watching, as always, Josh!