TRAINING.

Overview

By the end of this course, you will be able to:

• Differentiate Information Technology (IT) and Operational Technology (OT) environments in ways that matter for cybersecurity decisions (architecture, operations, and risk).
• Identify and assess how IT compromises can translate into OT impacts, including operational disruption and safety consequences.
• Apply practical controls for IT/OT integration, including access governance, segmentation, monitoring, and asset visibility.
• Integrate cybersecurity into the full system development lifecycle (requirements through decommissioning) for converged environments.
• Navigate key standards and regulatory expectations relevant to OT security, with attention to Canadian context and obligations.

Description

Integrating operational technology (OT) systems with enterprise IT can unlock real operational benefits, including remote access, improved data quality, and more efficient decision-making. But it also introduces new cyber pathways where issues that start in IT can escalate into OT environments, affecting availability, reliability, and, in some settings, safety and essential services.

This course equips you to manage that risk using a lifecycle‑based, risk‑informed approach. You'll examine how threat activity and common failure modes manifest in converged environments, using well-known incidents and practical scenarios to connect what happened to what should change in architecture, governance, and operational practice.

You'll leave with structured, transferable strategies you can apply across sectors, grounded in recognized standards and emerging regulatory expectations, so you can make defensible decisions about how to integrate IT and OT securely, not just whether you should.

Who Should Attend

This course is designed for:

• Engineers and technologists working with industrial control systems, automation, utilities, manufacturing, or critical infrastructure
• IT professionals supporting operational environments or moving into OT‑adjacent responsibilities
• OT professionals strengthening cybersecurity practices within operations and maintenance
• Cybersecurity practitioners responsible for enterprise security where OT connectivity or remote access is in scope
• Risk, compliance, and audit professionals assessing cyber risk in operational and safety‑critical contexts
• Technical managers, architects, and leaders overseeing IT/OT integration initiatives

Prerequisites

A basic understanding of IT systems or industrial/engineering systems is recommended. Deep cybersecurity expertise is not required.

More Information

Time: 10:00 AM - 6:00 PM Eastern Time

Show in my timezone (GMT -8:00) Pacific Time (US & Canada) (GMT -7:00) Mountain Time (US & Canada) (GMT -6:00) Central Time (US & Canada) (GMT -5:00) Eastern Time (US & Canada) (GMT -4:00) Atlantic Time (Canada)

Please note: You can check other time zones here.

Syllabus

Module 1: Introduction to IT and OT Systems

• Definition and scope of IT and OT
• Common OT systems (PLC, SCADA, DCS, BMS, IIoT)
• Organizational and cultural differences between IT and OT teams
• Traditional air‑gapped architectures 

Module 2: The IT/OT Convergence Trend 

• Drivers of IT/OT integration
• Benefits and business motivations
• Expanded attack surface and new threat pathways
• TCP/IP adoption and Internet connectivity 

Module 3: Cyber Threat Landscape for OT

• Overview of cyber threat actors
• Nation‑state threats and geopolitics
• Ransomware and Cybercrime‑as‑a‑Service
• Canadian and global threat assessments

Module 4: Case Studies of IT‑to‑OT Cyber Incidents

• WannaCry and the NHS (healthcare impacts)
• Stuxnet and industrial sabotage
• Triton/Trisis and safety‑instrumented systems
• Power grid attacks and critical infrastructure disruption
• Lessons learned from each case

Module 5: Governance and Organizational Controls

• Accountability for IT and OT cybersecurity
• IT–OT–Cybersecurity collaboration models
• Enterprise Risk Management (ERM)
• Three Lines of Defense model
• Cybersecurity policies, standards, and training

Module 6: Infrastructure Security for IT/OT Integration

• Access control strategies (MFA, PAM, authentication servers)
• Network segmentation and reference architectures (Purdue Model, ISA‑95)
• Secure remote access (VPN vs. ZTNA)
• Logging, monitoring, and SIEM integration
• Asset inventories and bills of materials (BoM / SBOM)

Module 7: Cybersecurity Across the System Development Lifecycle

• Requirements and security‑by‑design
• Secure architecture and physical security
• Secure development and testing
• Deployment and change management
• Operations, maintenance, and vulnerability management
• Backup, recovery, and resiliency planning
• Secure system decommissioning

Module 8: Regulation, Standards, and Compliance

• Overview of key standards (NIST SP 800‑82, ISA/IEC 62443, ISO 27002)
• Sector‑specific standards (Energy, Oil & Gas, Water, Transportation)
• Canadian Critical Cyber Systems Protection Act (CCSPA)
• Regulatory obligations, enforcement, and penalties

Module 9: Emerging Issues and the Future of IT/OT Security

• Supply chain risks
• Software and hardware bill of materials
• Long‑lifecycle OT systems
• Post‑quantum cryptography and future threats
• Cybersecurity implications of AI
• Building long‑term cyber resilience

Module 10: Course Wrap‑Up and Practical Application

• Integrating course concepts into real organizations
• Common pitfalls and challenges
• Strategic takeaways for leaders and practitioners
• Final discussion or applied case/project (optional)

Instructor

John Che-Jen Wang, P.Eng., MBA, CISSP, CISA, CRISC
John is a cybersecurity and risk management professional with more than 25 years of experience securing complex IT and operational environments across government, critical infrastructure, healthcare, utilities, manufacturing, and financial services. He is an adjunct professor at George Brown Polytechnic, where he has taught information security management for over a decade, and the owner of a security consulting firm specializing in governance, risk, compliance, incident response, and threat‑risk assessment. John has led and advised on cybersecurity programs for large public-sector organizations and regulated industries, including oversight of municipal election security, manufacturing, healthcare systems, mining operations, and industrial facilities, with hands‑on experience addressing the real‑world risks created by IT/OT integration. His work is grounded in recognized standards such as NIST SP 800‑82, and ISO 27001/27002, and Canadian regulatory expectations, and he is known for translating complex technical and governance concepts into practical, defensible strategies that resonate with engineers, technologists, and business leaders alike.