Course Catalogue.

By the end of this course, you will be able to:

• Differentiate Information Technology (IT) and Operational Technology (OT) environments in ways that matter for cybersecurity decisions (architecture, operations, and risk).
• Identify and assess how IT compromises can translate into OT impacts, including operational disruption and safety consequences.
• Apply practical controls for IT/OT integration, including access governance, segmentation, monitoring, and asset visibility.
• Integrate cybersecurity into the full system development lifecycle (requirements through decommissioning) for converged environments.
• Navigate key standards and regulatory expectations relevant to OT security, with attention to Canadian context and obligations.

Description

Integrating operational technology (OT) systems with enterprise IT can unlock real operational benefits, including remote access, improved data quality, and more efficient decision-making. But it also introduces new cyber pathways where issues that start in IT can escalate into OT environments, affecting availability, reliability, and, in some settings, safety and essential services.

This course equips you to manage that risk using a lifecycle‑based, risk‑informed approach. You’ll examine how threat activity and common failure modes manifest in converged environments, using well-known incidents and practical scenarios to connect “what happened” to “what should change” in architecture, governance, and operational practice.

You’ll leave with structured, transferable strategies you can apply across sectors, grounded in recognized standards and emerging regulatory expectations, so you can make defensible decisions about how to integrate IT and OT securely, not just whether you should.

Who Should Attend

This course is designed for:

• Engineers and technologists working with industrial control systems, automation, utilities, manufacturing, or critical infrastructure
• IT professionals supporting operational environments or moving into OT‑adjacent responsibilities
• OT professionals strengthening cybersecurity practices within operations and maintenance
• Cybersecurity practitioners responsible for enterprise security where OT connectivity or remote access is in scope
• Risk, compliance, and audit professionals assessing cyber risk in operational and safety‑critical contexts
• Technical managers, architects, and leaders overseeing IT/OT integration initiatives

Course Syllabus

Module 1: Introduction to IT and OT Systems

• Definition and scope of IT and OT
• Common OT systems (PLC, SCADA, DCS, BMS, IIoT)
• Organizational and cultural differences between IT and OT teams
• Traditional air‑gapped architectures 

Module 2: The IT/OT Convergence Trend 

• Drivers of IT/OT integration
• Benefits and business motivations
• Expanded attack surface and new threat pathways
• TCP/IP adoption and Internet connectivity 

Module 3: Cyber Threat Landscape for OT

• Overview of cyber threat actors
• Nation‑state threats and geopolitics
• Ransomware and Cybercrime‑as‑a‑Service
• Canadian and global threat assessments

Module 4: Case Studies of IT‑to‑OT Cyber Incidents

• WannaCry and the NHS (healthcare impacts)
• Stuxnet and industrial sabotage
• Triton/Trisis and safety‑instrumented systems
• Power grid attacks and critical infrastructure disruption
• Lessons learned from each case

Module 5: Governance and Organizational Controls

• Accountability for IT and OT cybersecurity
• IT–OT–Cybersecurity collaboration models
• Enterprise Risk Management (ERM)
• Three Lines of Defense model
• Cybersecurity policies, standards, and training

Module 6: Infrastructure Security for IT/OT Integration

• Access control strategies (MFA, PAM, authentication servers)
• Network segmentation and reference architectures (Purdue Model, ISA‑95)
• Secure remote access (VPN vs. ZTNA)
• Logging, monitoring, and SIEM integration
• Asset inventories and bills of materials (BoM / SBOM)

Module 7: Cybersecurity Across the System Development Lifecycle

• Requirements and security‑by‑design
• Secure architecture and physical security
• Secure development and testing
• Deployment and change management
• Operations, maintenance, and vulnerability management
• Backup, recovery, and resiliency planning
• Secure system decommissioning

Module 8: Regulation, Standards, and Compliance

• Overview of key standards (NIST SP 800‑82, ISA/IEC 62443, ISO 27002)
• Sector‑specific standards (Energy, Oil & Gas, Water, Transportation)
• Canadian Critical Cyber Systems Protection Act (CCSPA)
• Regulatory obligations, enforcement, and penalties

Module 9: Emerging Issues and the Future of IT/OT Security

• Supply chain risks
• Software and hardware bill of materials
• Long‑lifecycle OT systems
• Post‑quantum cryptography and future threats
• Cybersecurity implications of AI
• Building long‑term cyber resilience

Module 10: Course Wrap‑Up and Practical Application

• Integrating course concepts into real organizations
• Common pitfalls and challenges
• Strategic takeaways for leaders and practitioners
• Final discussion or applied case/project (optional)