Products

OUR FOUNDATION

Industries

Waste-to-energy

Discreet manufacturing

Energy utilities, TSOs and DSOs

Food & beverages industry

Energy storage manufacturers

Pharma & chemical industry

Water supply & waste water treatment

Oil & Gas industry

Renewable Energy Resources

Healthcare & Hospitals

Use Cases

OT risk analysis

Identifiying prevalent vulnerabilities and security gaps

OT security monitoring & NIDS

Early detection of OT cyberattacks & error states

Building OT cybersecurity know-how

Bridging the skills shortage through on-the-job training

SIEM Integration

OT security incidents visible in the SIEM systemmachen

Security compliance

Ensuring your compliance with NIS2 and Co.

Asset detection & inventory

Understanding & documenting your OT

Condition monitoring

Localizing network problems and misconfigurations

Mitre Att&ck for ICS integration

Recognizing multi-level attacks on your OT

Log integration in SIEM systems

Integrating OT security alerts in your SIEM

References

Resources

Podcast

Listen to deep talk with OT sec insiders in OT Security Made Simple

Webinars

Get your OT security questions answered - live and via on-demand video

Blog

Dig into commentary and insights on all things OT security

Events

Search fairs and conference to meet us live

Videos

Get your OT security explanation short and simple

Downloads

Find and download all white paper and product flyers

About us

Team & mission Career Press releases Press Sales partners Schedule a demo

Deutsch English

Podcast

Which low-hanging fruits to grab on the OT security journey

New Zealand’s Peter Jackson from SGS (not of Lord of the Rings fame!) speaks about right-sizing cybersecurity legislature, OT security assessments and the low-hanging fruits in building resilience. He discusses with host Klaus Mochalski how an OT security assessment helps understand the risk landscape, how resilience can be hardened fast and easy, what challenges prevail in segmentation and isolation processes and why it is important to talk about genuine risks and not the bogeyman.

Duration:

25 min

Guest in this episode:

Peter Jackson

SGS

Listen to us also on:

Transcript

Takeaways

New Zealand cybersecurity legislation islikely to be similar to Australia’s SoCI regulations.

Cost of living from the power side is astrong factor in defining measures for critical infrastructure.

An OT vulnerability assessment is the firststep in the OT security journey.

Risk analysis involves people, processes,networks, technologies and communication.

Any assessment will identify bothlow-hanging fruits and more strategic long-term measures.

OT companies should define and test theirisolation processes to ensure fast and reliable disconnection of OT from IT incase of an attack.

There are several low-hanging fruits thatorganization can grab to build OT security fast.

To make spill-over more difficult, a cleanprotocol break between IT and OT can help.

Cyber resilience must be based on genuinerisk scenarios that are real and palpable to get that budget.

Sound Bites

For mostindustrial organizations, their core business is in that OT world. That's wherethey should be spending their time to improve their resilience and outcomes.

One ofmy favorite tools is the SANS “5 critical controls for ICS”. It’s basicallyabout being prepared for a bad day.

As we'vebuilt up that connectivity and we're increasing risk, we want to move from thatrobustness piece into that resilience piece.

Securityalways makes things a little bit harder, but we don't want to make it too hard,because then it's impossible for people to do their jobs.

Chapters

00:00 Introduction

02:00 Legislationin New Zealand

03:40 Right-sizinglegislation

04:40 Riskfrom a holistic perspective

05:10 Howan OT vulnerability assessment as the first step works

08:00 UnderstandingOT as core business

10:15 3low-hanging fruits in OT security

15:06 Thecylinder of excellence in OT security

16:52 Howto segment correctly

18:50 Challengeof new technologies in OT

20:10 Cyberresilience based on genuine risk scenarios

23:10 CommunicatingOT security to the management

23:50 Wrap-up

‍

Share on

You might also be interested in these podcasts

Jul 29, 2025

23 min

Why the state has a stake in driving OT security

Cybertech influencer and expert in cybersecurity and mechanical engineering Olaf Classen talks about cybersecurity as a competitive advantage and why German and European companies in particular should extend their engineering expertise to cybersecurity. He calls for government support (not just regulation) and for cybersecurity and digital sovereignty to be treated as a project for European society as a whole. The podcast is in German.

Listen now

Jul 17, 2025

24 min

Can intrusion detection systems become a security risk?

Manuel Atug, co-founder of the independent AG Kritis, critically challenges, from his own experience, what an IDS should provide, how good their own security is and how providers from non-European countries handle the data. As a bonus, we finally find out where his social media handle ‘HonkHase’ comes from.

Listen now

Jul 1, 2025

23 min

Navigating OT security procurement in geopolitically instable times

Danish OT security consultant Søren Knudsen discusses the challenge of OT security procurement in light of current geopolitical tensions. He and host Klaus Mochalski explore how procurement processes have shifted, the importance of due dilligence in procurement processes, and the risks associated with relying on foreign vendors.

Listen now