r/OTSecurity

First-year Telecom Engineering student targeting OT/ICS cybersecurity. Pursuing Security+ → GICSP path. Looking for advice on building a strong foundation before graduation. Any guidance appreciated

I'm a electrical engineering student, and our clg has a lab with top-notch equipment and a worldwide reputation. many CVEs . I am hoping to work as a researcher or intern there in the topic of OT security research. I've been learning and enjoying it for months, now I'm I was just wondering if firms like Claroty, Dragos, Schiendler Electric, and Siemens really hire freshers and are there relevant opportunities in this industry. Since I don't notice many employment and internship postings, I would like to know the extent of this sector and does remote jobs are available.I would like guidance and opinion.

I’ve been an Instrumentation and Controls Technician for about 8.5 years now. I’m looking to make the jump into OT/ICS cybersecurity and would appreciate any tips. I’ve been seeking out any and all trainings available, and I’m scheduled for the level 1 of ISA 62243 on a few weeks.

Currently working on an AS in computer science, then planning to transfer to a BS in cybersecurity. I have 10 classes left for the AS, and then 16 for the BS.

Title: OT/ICS people: have you seen an authorized action cause problems because it was valid but unsafe?

I’m trying to understand whether this is a real OT/ICS problem or whether I’m overthinking it.

I’m looking for real examples where:

• the person was authorized
• the session/access path was approved
• the asset was legitimate
• the command/change/action was technically valid
• but it still caused, almost caused, or could have caused a problem because of timing, sequence, value, process state, or field context

Examples I’m thinking about:

• Breaker/switch/pump/valve command issued at the wrong time
• Rapid repeated open/close or start/stop commands
• Wrong setpoint, threshold, mode, or register value
• Vendor had approved remote access but too much freedom once inside
• Protection/automation/PLC logic change that passed normal workflow but was not safe in the real operating context
• Interlocks or permissives existed, but did not cover the actual condition
• Temporary vendor/maintenance access became permanent and later created risk
• Operator or engineer selected the wrong asset or action in an HMI/SCADA system

For people who work around PLCs, SCADA, DCS, substations, water/wastewater, manufacturing, utilities, or industrial controls:

Have you seen this happen in the real world?

I’m especially interested in:

1. What happened?
2. What control was supposed to prevent it?
3. Why did that control fail or not apply?
4. Was it caught in real time, after the fact, or not at all?
5. Would any kind of real-time “second check” have helped, or would that be rejected because of uptime/availability risk?

Not looking for company names or sensitive details. Sanitized stories are fine.

I’m also interested in hearing “this is already solved by interlocks/procedures” or “this would never be allowed in a mature environment” if that’s your experience.