All Episodes

Episode 88 — Prepare for Incidents: Draft and Update IR Documentation That OT Can Use

Episode 87 — Execute Escalation and Notification: Internal, Government, and Regulator Expectations

Episode 86 — Plan Mutual Aid and Retainers: ISACs, Peer Support, and IRR Readiness

Episode 85 — Coordinate IT and OT During Incidents: Nuances, Authority, and Safety Priorities

Episode 84 — Address Overarching OT Incident Considerations: Cyber, Physical, Crisis, and Facilities

Episode 83 — Describe OT Incident Management Frameworks: PICERL and ICS4ICS With Clear Roles

Episode 82 — Apply a Collection Management Framework: What to Collect, How Often, and Why

Episode 81 — Map Assets to a CMDB: Attributes, Relationships, and Drift Control:

Episode 80 — Maintain Software Inventory and Map to Hardware: Visibility That Enables Decisions

Episode 79 — Capture Key Asset Attributes: Identity, Location, Ports, Ownership, Vendor, and Function

Episode 78 — Choose Discovery Methods Carefully: Passive, Active, and Manual Approaches in OT

Episode 77 — Operationalize Asset Management: Inventory Discovery, Creation, Validation, and Maintenance

Episode 76 — Implement Perimeter Controls: Fences, Barriers, and Access Governance for Facilities

Episode 75 — Use Surveillance and Inspection: Walkdowns, Video, Motion Detection, Spectrum Analysis

Episode 74 — Secure Rooms, Cabinets, and Cabling: IDFs, MDFs, and Exposure Reduction

Episode 73 — Apply Physical Security in OT: Badges, Readers, Biometrics, and Turnstiles

Episode 72 — Maintain Interoperability and Simplicity: Compatibility Without Expanding Attack Surface

Episode 71 — Build for Performance, Auditability, and Observability: Trust You Can Prove

Episode 70 — Engineer Compartmentalization and Criticality: Limiting Blast Radius Without Breaking Control

Episode 69 — Design for Operational Resilience: Endurance, Redundancy, High Availability, Recoverability

Episode 68 — Explain Secure OT Architectural Principles: Least Privilege, Determinism, and Defense in Depth

Episode 67 — Turn Telemetry Into Intelligence: Logs, Sessions, and Anomalies That Matter

Episode 66 — Operationalize Intel Data Types: IOCs, STIX, YARA, and Where They Fit in OT

Episode 65 — Identify OT Threat Vectors: Remote Access, Media, Supply Chain, and IT-to-OT Pivoting

Episode 64 — Analyze the OT Threat Landscape: Actor Motives, Capabilities, and Physical Consequences

Episode 63 — Learn from Indirect-Impact Events: Colonial Pipeline, SolarWinds, Maersk, AcidRain, CrowdStrike 2024, RTX

Episode 62 — Learn from Direct-Impact OT Events: Stuxnet, TRISIS, BlackEnergy, FrostyGoop, Industroyer

Episode 61 — Apply Threat Intelligence Frameworks: Diamond Model, ATT&CK for ICS, and Kill Chain

Episode 60 — Use the Intelligence Life Cycle: Collection, Analysis, Dissemination, and Feedback Loops

Episode 59 — Threat Intelligence Foundations: Intelligence Types and What Each One Delivers

Episode 58 — Monitor and Disposition Risk: Residuals, Audits, Reporting, Escalations, and Decisions

Episode 57 — Operate a Controls Calendar: Scheduling, Evidence, and Sustainable Compliance

Episode 56 — Track Inherited Risk and Maturity Indicators: What You Own Versus What You Inherit

Episode 55 — Control and Treat OT Risk: Controls Catalogs, Documentation, and Acceptance Criteria

Episode 54 — Understand OT Pen Tests and Adversarial Emulation: Safety Constraints and Value

Episode 53 — Conduct Architecture Reviews for OT Risk: Data Flows, Trust Boundaries, and Weak Links

Episode 52 — Choose Qualitative Versus Quantitative Risk: When Each Method Actually Helps

Episode 51 — Use Failure Mode and Criticality Thinking: Safety, Reliability, and Cascading Effects

Episode 50 — Evaluate Third-Party Risk: Integrators, Remote Support, and Shared Responsibility

Episode 49 — Assess Supply Chain Risk in OT: Hardware, Software, and Vendor Dependencies

Episode 48 — Apply Scenario-Based Risk Methods: Realistic Failure Paths and Meaningful Mitigations

Episode 47 — Identify OT Threat Surface: Vectors, Exposure, and Threat Actors in Context

Episode 46 — Scope OT Risk Assessments: Assets, Networks, and Boundaries You Can Defend

Episode 45 — Model Likelihood and Consequence: Risk Variables That Drive Real Decisions

Episode 44 — Explain OT Risk Assessment Frameworks: NIST and ISA/IEC Approaches in Practice

Episode 43 — Produce OT Documentation That Works: Policies, Processes, Standards, and SOPs

Episode 42 — Determine Asset Criticality: What Fails First, What Hurts Most, and Why

Episode 41 — Build Training and Awareness for OT Teams: Competence Without Chaos

Episode 40 — Measure OT Security With Purpose: Metrics, Measures, and What They Really Signal

Episode 39 — Use MOUs and SOWs Correctly: Scope, Responsibilities, and Deliverable Discipline

Episode 38 — Define OT SLAs: Internal Versus External Expectations That Protect Uptime

Episode 37 — Build OT Service Agreements: Procurement Requirements and What MSAs Must Cover:

Episode 36 — Manage Stakeholders in OT: Trust, Communication, and Change Acceptance

Episode 35 — Use the RACI Model in OT: Clear Ownership Across Engineering, Ops, and Security

Episode 34 — Develop Practical Roadmaps: Sequencing Improvements Without Production Disruption

Episode 33 — Benchmark OT Security Progress: Baselines, Targets, and Evidence That Holds Up

Episode 32 — Build a Cybersecurity Program in OT: Risk Levels, Registry, and Maturity Assessment

Episode 31 — Navigate Legal and Regulatory Drivers: Compliance Pressure and Non-Compliance Fallout

Episode 30 — Prioritize Safety Outcomes: Loss of Life, Environmental Harm, and Reliability Expectations

Episode 29 — Translate OT Business Impact: Financial, Reputational, Quality, and Operational Consequences

Episode 28 — Balance Security Versus Operations: Governance Structures and Decision Authorities

Episode 27 — Align OT Security to Business Objectives: Risk Appetite, Continuity, and Recovery

Episode 26 — Explain OT GRC Value: Security That Supports Operations, Not Fights Them

Episode 25 — Understand Privatized Backbones and Autonomous Systems: Security and Resilience Impacts

Episode 24 — Place OT Workloads in Cloud and Edge: Public, Private, Hybrid, and Vendor Services

Episode 23 — Evaluate AI in OT Security: ML, Generative AI, and Operational Risk Tradeoffs

Episode 22 — Use Containers, SDN, and Middleware in OT: Benefits, Risks, and Failure Modes

Episode 21 — Apply Modern OT Patterns: Virtual Machines, Hypervisors, Switching, and Virtual PLCs

Episode 20 — Manage Legacy OT Hardware and Ports: Physical Exposure, Protocol Limits, and Access

Episode 19 — Compare Legacy OT Constraints: Embedded, Proprietary, RTOS, and General-Purpose OSs

Episode 18 — Operate OT Wireless Reliably: VHF, AIS, VSAT, M-Bus, 802.15.4, and 802.11

Episode 17 — Handle Building Automation Networks: BACnet, KNX, and Profinet in Mixed Environments

Episode 16 — Use OPC DA and OPC UA Safely: Data Exchange, Trust, and Interoperability

Episode 15 — Engineer Ethernet OT Communications: EtherCAT, Modbus TCP, and CIP/EtherNet/IP

Episode 14 — Secure Serial Protocol Reality: Modbus RTU, Profibus, Data Highway Plus, and DNP3

Episode 13 — Work with Serial OT Communications: RS-232, RS-485, and Practical Limitations

Episode 12 — Track I/Os, Watchdogs, Timers, Current Values, and Tags Without Confusion

Episode 11 — Master Process Variables and Set Points: How Control Loops Behave Under Stress

Episode 10 — Explain Control Logic Foundations: Ladder Logic, FBD, Structured Text, and SFC

Episode 9 — Recognize Stand-Alone Systems and Networks Across Critical Infrastructure Sectors

Episode 8 — Distinguish ICS System Types: DCS, SCADA, SIS, MES, and Localized Control Networks

Episode 7 — Classify OT Workstations and Data Systems: Engineers, Operators, Historians, Portables

Episode 6 — Identify OT Device Roles: Sensors, Actuators, Controllers, PLCs, HMIs, and RTUs

Episode 5 — Explain OT Versus IT: Convergence, Responsibilities, and Operational Constraints

Episode 4 — Run a Job Safety Analysis in OT: Briefings, Outbriefs, and Safe Work Controls

Episode 3 — Apply OT Jobsite Safety: Hazards, PPE, and Lockout/Tagout Done Right

Episode 2 — Execute a Spoken Study Plan and Exam-Day Mental Model for SecOT+ Success

Episode 1 — Decode the SecOT+ SOT-001 Blueprint, Scoring, Policies, and Question Styles

Welcome to Certified: The CompTIA SecOT+ Audio Course