ICS security practitioner careers
What is an OT security practitioner?
Power plants, nuclear reactors, electrical grids: our critical infrastructure is vulnerable to cyberattacks, and it’s the job of an OT security practitioner (or ICS security practitioner) to ensure that doesn’t happen. Are you wondering how to work in OT or ICS security or how much you could earn? Here is a quick overview of the OT security career path and positive job outlook!
An OT security practitioner or ICS/SCADA security engineer monitors, protects and provisions access to ICS systems and devices. Innovations like IoT and cloud technology have brought new avenues of attack — and increased job opportunities for ICS, OT and SCADA security professionals. The ICS security market is expected to grow to 23.7 billion by 2027.
What does an OT security practitioner do?
An OT security practitioner protects industrial systems from unauthorized users and intruders. They monitor activity within industrial and automation systems for possible digital or physical threats. OT and ICS security practitioners also manage ICS assets like Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs) and Human-Machine Interfaces (HMIs).
OT security practitioner job roles
Job titles for OT and ICS security practitioners vary depending on a few important factors: industry, organization size, daily responsibilities and seniority level. At a smaller company, OT professionals are more likely to wear multiple hats, while larger organizations will often have entire teams of people working in more specialized roles.
Related job titles include information security engineer, cybersecurity engineer, security systems engineer, IT security engineer, IS architect, system security administrator, UNIX/Windows system administrator, LAN/WAN administrator, server administrator, security solutions architect and cybersecurity architect.
The role also relates to the following NICE work roles: systems testing and evaluation specialist, technical support specialist, network operations specialist, system administrator, cyber defense infrastructure support specialist, information systems security developer and security architect.
Why is ICS security important?
Without ICS cybersecurity, nothing would stand between cyber attackers and our critical infrastructure. However, properly securing these facilities in both the physical and cyber realms can be extremely challenging. This is where highly trained ICS security experts enter the scene!
“Controls systems were designed for robustness; they were designed for safety but [they] weren’t designed for security,” says Francis Cianfrocca, CEO of Insight Cyber Group. “Adding computer-style security controls to industrial environments is exceptionally difficult.” That means much of ICS security has to be done manually and with a dash of creative problem-solving.
Cianfrocca adds, “Even patching is almost impossible to do with hardcore industrial controls for a really important reason. They’re designed for safety. They’re tested for safety. Even if you change an operating system just a little bit to patch it, you’ve invalidated all your safety testing.”
OT and ICS security practitioner FAQs
OT and ICS security practitioners are responsible for safeguarding industrial control systems from being accessed and exploited by unauthorized users. To succeed in this field, practitioners require extensive knowledge of OT and IT protocols, physical security, network security and incident response. Here are some popular questions about this exciting career track.
What is ICS?
Industrial control systems (ICS) can be found in a wide range of settings, from nuclear power plants to HVAC installations and prisons. The control system combines software and integrated hardware to manage and monitor the facility’s machinery and associated devices. ICS systems are usually managed via a Supervisory Control and Data Acquisition (SCADA) system, which provides a graphical user interface so operators can monitor processes, receive alarms and make any necessary adjustments to keep the system running smoothly.
What is ICS SCADA?
SCADA (Supervisory Control and Data Acquisition) Systems are a core component of industrial control systems. SCADA is a catch-all term for the hardware and software that industrial systems use to control, monitor and gather data.
SCADA systems include a graphical user interface so operators can supervise processes, receive alarms and make necessary adjustments to keep the processes running smoothly. Power plants, oil and gas pipelines and space stations are examples of facilities that utilize SCADA technology.
What is ICS security?
ICS security refers to protecting industrial control systems from cyberattacks. In the past, operational technology (OT) systems were separated from IT networks, greatly reducing the threat of attack. However, increasing connectivity between OT and IT systems has created new opportunities for attackers to exploit. ICS security is a collection of systems, tools and practices to protect ICS systems from attack and detect ongoing intrusion attempts.
Some common ICS security practices include:
- Vulnerability management
- Access management
- Network intrusion detection
- Endpoint detection and response
What roles and responsibilities does an ICS security practitioner typically have?
ICS cyber security practitioners can be found in various settings, from nuclear power plants to municipal water districts and oil refineries. Some common ICS security roles have titles like security systems engineer, operational technology engineer, OT cybersecurity analyst, controls engineer and SCADA specialist.
Specific duties vary from role to role, but generally speaking, most ICS practitioners are responsible for monitoring, protecting and provisioning both digital and physical access to industrial control systems and devices like RTUs (Remote Terminal Units) and PLCs (Programmable Logical Computers).
On average, how much do ICS cyber security practitioners make at each level of their career?
The ICS cyber security practitioner salary is competitive and varies based on job title, education level, years of experience, industry and geographic location. Here's the average yearly salary for a few common ICS cybersecurity job titles, according to Salary.com 2023 figures:
- SCADA systems engineers: $105,437–$138,015
- SCADA administrators: $37,272–$54,003
- SCADA specialists: $58,255—$80,906
- SCADA engineer: $100,110—$128,884
- SCADA analysts: $62,667–$79,911
Keep in mind that average salaries vary depending on location and experience. For example, a SCADA systems engineer in San Francisco has a base salary of around $150,000 and can earn even more with bonuses and other incentives. For more details, read our Average SCADA security salary article.
Where can I find free OT security practitioner training?
If you’d like to learn more about this subject, you can take advantage of some free OT security training opportunities:
- The Cybersecurity & Infrastructure Security Agency provides free classes and ICS cyber security certification programs.
- Infosec offers a collection of training courses around OT and ICS Security. You can try them all for free for seven days by creating a free Infosec Skills account.
- You can also stay up-to-date with the latest news, trends and tools with free publications like SCADAhacker, SCADAfence and Infosec's critical infrastructure security articles and ICS/SCADA videos.
Do you need a degree to be an OT security practitioner?
A degree isn’t necessary but can be beneficial for gaining foundational knowledge of cybersecurity and computer programming. Although no degree programs are specifically for OT, professionals in this field often have degrees related to information technology, computer programming or engineering.
Do ICS security practitioners need certifications?
ICS cyber security certifications such as Infosec's Certified SCADA Security Architect (CSSA) or SANS Global Industrial Cyber Security Professional Certification (GICSP) are important because they validate your ICS/SCADA security skills. Certifications signal to employers that you’re knowledgeable, up-to-date and job ready.
Certification can be a good stepping stone if you want to land your first ICS security role. More experienced ICS security practitioners may be able to receive career and salary advancements by validating their skills through certification.
Where can I find ICS SCADA security training?
If you’re interested in receiving ICS SCADA security training, there are a number of formal and informal options to choose from. Infosec offers an ICS/SCADA Security Fundamentals self-paced courses and a live OT/ICS Certified Security Professional (ICSP) Training Boot Camp. There is also a collection of paid OT and ICS security courses. Check out the training section below for more options.
Earning a certification like Industrial Control Security Practitionerer (ICSP), formerly CSSA, or GIAC Critical Infrastructure Protection Certification (GCIP) can strengthen your skills and give you a competitive edge.
If you’re interested in learning resources that don’t involve certification, the Industrial Control System Information Sharing and Analysis Center (ICS-ISAC), International Society of Automation (ISA) SCADAhacker and Infosec's critical infrastructure blogs give you plenty of online resources to choose from.
On average, how long does it take to become an OT security practitioner?
OT security practitioner roles aren’t typically entry-level positions. Most people get into industrial control systems security after working in network security. This is because ICS security is rooted in network security and physical security.
That being said, there aren’t any prerequisites or requirements for the ICSP or GIAC Global Industrial Cyber Security Professional (GICSP) exams, so you can take them at any stage of your career.
Where can I find OT security practitioner jobs?
When it comes to finding OT security practitioner jobs, you can choose between general job boards and cybersecurity job boards. Below are some of the most popular in each category:
General job boards:
Cybersecurity job boards:
How to become an OT security practitioner
Becoming an OT security practitioner requires skills and training. “Credentialing yourself is number one,” explains Emily Miller, vice president of national security and critical infrastructure at Mocana. If you're new to the field, CompTIA Security+ is an excellent gateway into OT and ICS security. Once you have mastered the fundamentals, you can move on to more advanced ICS certificates. Miller also recommends creating your own lab to build and demonstrate skills you haven’t had a chance to deploy in a professional environment.
OT security practitioner requirements
Requirements vary depending on the specific job you’re applying to. However, there are some core technical and soft skills that OT and ICS cybersecurity companies want to see. OT security practitioners should be adept at problem-solving and creative thinking. ICS security differs from traditional IT security because many of the most common malware-hunting techniques don’t apply.
According to Francis Cianfrocca, CEO of Insight Cyber Group, manually detecting malware via behavior analysis is a critical skill in this field. It’s important that ICS security practitioners are “looking at attacks in progress rather than signatures or vulnerabilities. In most cases, we find signs of malware with no signatures.”
OT security practitioner certifications
Earning certifications is an excellent way to break into an OT security practitioner role or move up in your career. Which certifications are best for OT, ICS and SCADA security professionals? Here are a few popular options:
- CompTIA Network+: Covers foundational topics like network infrastructure, operations and troubleshooting.
- CompTIA Security+: The most popular entry-level cybersecurity in the world. Covers topics like risk management, cryptography, and more.
- Infosec Institute ICSP: Formerly named, Certified SCADA Security Architect (CSSA), the updated Industrial Control Security Practitioner certification covers common SCADA threats and vulnerabilities, remote access and risk assessment in an industrial environment.
- GIAC Critical Infrastructure Protection Certification (GCIP): Covers NERC CIP (Critical Infrastructure Protection) strategies, strategic implementation and program maintenance.
OT security practitioner interview questions
Common OT and SCADA security practitioner interview questions include:
- What is programmable logic controller (PLC) technology?
- Are you flexible regarding scheduling?
- What are some benefits of using object-oriented graphics?
- Is redundancy necessary in SCADA? If so, what redundancy plan would you use?
- What is considered the SCADA master unit?
Read our Top 30 supervisory control and data acquisition (SCADA) technician Q&A article for the answers. For more guidance, download our ebook: Cybersecurity interview tips: How to stand out, get hired and advance your career.
OT and ICS security courses
Live OT and ICS boot camps and on-demand courses provide expert, guided instruction to build your knowledge and skills. A few popular options are listed below:
More cybersecurity career advice
Whether you’re just beginning your OT and ICS security journey or looking to keep your skills sharp, plenty of free and self-study resources help you meet your goals. Here are some of the best ICS security learning resources for self-guided study:
- Start an Infosec Skills free account and explore dozens of courses
- Get free training materials in the Infosec Resource Center, including a cybersecurity career guide
- Visit the Network +, Security+ and CISSP hubs for all things cert — from exam domains to salary
- Watch the Cyber Work Podcast
Want more career advice? Read these popular articles:
- 7 steps to building a successful career in information security
- 10 reasons why you should pursue a career in information security
- Most valuable cybersecurity skills to learn
- Which cybersecurity certifications are best for your career?
- How to specialize in cybersecurity: Find your path and your passion
- 133 cyber security training courses you can take now — for free
- ICS/SCADA Security specialist/technician role