Industrial cybersecurity has reached an inflection point.
For years, OT environments were treated as separate. Separate networks, separate teams, separate priorities.
But today, that separation is increasingly difficult to maintain. Connectivity, remote access, and modern operational demands have brought IT and OT closer together than ever.
This is often labeled as IT/OT convergence.
It’s also one of the most misunderstood concepts in industrial security.
In a recent Insane Cyber OT Office Hours leadership panel, our team discussed what convergence really looks like in practice — and why the biggest challenge isn’t technology.
It’s people, training, and operational reality.
IT/OT Convergence Isn’t a Buzzword
The term “IT/OT convergence” can feel overused. For many practitioners, it’s become shorthand for everything frustrating about industrial security.
But convergence isn’t a trend that may or may not happen.
It happened the moment control systems became connected to:
- Windows workstations
- Ethernet networks
- Remote access pathways
- Enterprise IT infrastructure
And in our experience supporting OT incident response and assessments, convergence becomes very real the moment teams have to coordinate across those boundaries under pressure.
At this point, the question isn’t whether IT and OT will overlap.
The question is whether organizations can prepare teams to secure these environments without disrupting the operations they depend on.
The Skills Gap Goes Both Ways
One of the most important truths about OT cybersecurity is that the learning curve isn’t one-directional.
Many OT security leaders started their careers on the operations side:
- Working with PLCs
- Maintaining control systems
- Supporting plant uptime
They were later pulled into cybersecurity responsibilities and had to learn IT concepts along the way.
At the same time, many IT security professionals are now being asked, sometimes suddenly, to support OT networks.
That transition is difficult because OT environments operate under entirely different constraints.
OT teams aren’t “behind”, they’re optimized for safety, uptime, and process integrity. IT teams bring critical experience in threat hunting, enterprise defense, and adversary tradecraft.
Successful convergence requires recognizing that both sides bring expertise. And both sides have gaps.
Start With the Plant, Not the Protocol
When IT professionals first enter OT environments, the instinct is often to start with tooling:
- What sensors are deployed?
- What protocols are in use?
- What vulnerabilities exist?
But one of the clearest recommendations from the panel was simple:
Talk to the people running the process first.
The operators and engineers on the floor understand:
- What systems must stay online
- What a “bad day” looks like
- Which outages are unacceptable
- Where the real operational risk lives
At Insane Cyber, we’ve seen again and again that the most effective security work starts with operational context. Production and safety drive every decision.
Training that ignores process reality will always struggle.
In OT, security has to begin with context.
Practical Training Paths That Don’t Overwhelm Teams
Industrial cybersecurity can feel intimidating because the technical depth is enormous. Protocols are complex, documentation is inconsistent, and environments vary widely.
The panel emphasized the importance of building competency in layers.
For IT teams moving into OT
A helpful starting point is focusing on the common conceptual foundation:
- These are computer systems
- Values are being read and written
- Devices communicate over networks
- Remote processing is still processing
Keeping that higher-level view prevents teams from getting lost in edge cases too early.
For OT teams learning cybersecurity
The challenge is often the reverse: understanding how attackers move through networks, abuse credentials, and exploit common enterprise weaknesses.
Both paths require patience and realistic expectations.
No one becomes fluent in OT security overnight.
Hands-On Learning Matters (When Done Safely)
OT training cannot be purely theoretical.
Hands-on familiarity builds confidence, especially for professionals new to industrial protocols and devices.
Some accessible entry points include:
- Learning foundational protocols like Modbus
- Experimenting with open-source or lab PLC environments
- Participating in OT-focused capture-the-flag events
- Attending community-driven training at conferences and ICS events
One important nuance: hands-on learning should almost always happen in lab or representative test environments, not on production networks where safety and uptime are at stake.
The barrier to entry is lower than it used to be, but continuous learning is still essential.
Relationships Are Part of the Curriculum
Unlike many IT domains, OT environments often depend heavily on vendors, OEMs, and proprietary systems.
That means training is not just about reading documentation.
It’s about building relationships:
- With operators
- With asset owners
- With trusted vendor communities
There are also realities around sensitivity: some defensive techniques and system details are not meant for broad public release.
In OT, learning often happens inside communities of trust.
Training Must Respect Operational Constraints
Perhaps the biggest difference between IT and OT security training is this:
In OT, you can’t break things to learn.
Even standard IT actions — deploying agents, applying patches, isolating systems — require operational coordination, change control, and a clear understanding of downstream impact.
Teams must operate within constraints such as:
- Limited ability to deploy host agents
- Legacy systems that cannot be patched quickly
- Strict uptime and safety requirements
- Remote sites with poor connectivity
The best security strategy fails if it ignores how industrial environments actually function.
Training must prepare teams not just to detect threats, but to respond in ways that keep operations stable.
What Success Looks Like
IT/OT convergence isn’t about forcing IT tools into plants.
It’s about building teams that share:
- A common vocabulary
- Mutual trust
- Operational awareness
- Realistic incident response plans
The most successful programs we see treat OT security as a partnership between engineering, operations, and security — not a one-time tool rollout.
When IT and OT teams collaborate, the hard problems become solvable.
When they stay siloed, gaps widen and attackers take advantage.
Closing Thought
The future of industrial cybersecurity depends on people as much as technology.
Training is the bridge between IT expertise and OT reality. Organizations that invest in that bridge will be the ones best positioned to defend critical infrastructure.
