SecuriThink Field-Tested OT / IT Integration

Executive Summary:

Readily create dollars from Operational Technology (OT) data, using our approach, based on success at 42 facilities across 15 different global business divisions. Turn Industrial Internet of Things (IIoT) integration with Information Technology (IT) networks into a reliable, repeatable process with easier buy-in from stakeholders across many functional areas.

Our field-tested process has a track record of:

  • Accommodating the custom requirements of each project
  • Getting ready buy-in from Operations, IT, Finance and executive leadership
  • Making staffing of integration projects more straight-forward
  • Ensuring project outcomes, timelines, budgets, and schedules
  • Including upfront design of cybersecurity and cyber risk management
  • Allowing ready access to valuable OT data for better business leverage
  • Empowering teams to scale more and larger IIoT projects

Our Track Record & experience

  • 42 global Fortune 500 facilities successfully implemented in 15 different divisions; a 3 ½ year project completed in 2022
  • Had to win hearts and minds of division IT, Finance & senior executives 15 times
  • Had to win hearts and minds of facility managers and IT over 50 times

    Technology Overview

    National Institute of Standards and Technology Internal Report (NISTIR) 8183, Cybersecurity Framework Manufacturing Profile, was the basis of the initiative described above as an alternative to the Purdue model.

    The objective is a cyber resilient architecture which:

    • Gets process data from production devices (PLC, SCADA, etc.) out & sends it to data lake, analysis apps, etc.
    • Gets security alerts out and sends those to the security team
    • Reduces cybersecurity risk without shutting down flow of production
    • Increases production uptime while decreasing maintenance and troubleshooting costs
    • Leverages existing technology which means no added complexity or technical skill requirements and easily scalable as new technologies emerge

    The Business Case

    While the business case varies from project to project and from industry to industry, our experience has been that the three last bullets on the above list repeatedly wins the broad support of all stakeholders across Operations, IT and Finance.

    What’s Different? What’s the Added Value?

    • Phase 1 – Initial Business Case: Our experience in cultivating stakeholder buy-in across Operations, IT, and Finance, makes it easier to get executive sign-off, at least to get a green light for Phase 2, then again at each stage gate as needed
    • Phase 2 – Requirements Gathering and Preliminary Design: We engage stakeholders across all the functions and develop a matrix of crisp roles with clear interfaces; we unwind this often chaotic and tense aspect with deep understanding of all the dimensions
    • Phase 3 – Design: We are strongly positioned to do reality checks on over-design and under-design, to ensure the balance between production uptime, risk-based cybersecurity design, and financial stewardship. The goal is to achieve necessary and sufficient design – no more, no less.
    • Throughout – We engage strategically with leaders in each functional area yet allow them to stay in their area, in what is their primary comfort zone. We can do this because, to the extent each function speaks a slightly different language, we speak all of these languages and we are adept translators.

    Deep Expertise

    Our approach was created by a team of senior consultants deeply committed to this space:

    • 10+ years each of cybersecurity experience
    • 30+ years of combined experience in OT and network engineering
    • 50+ years of combined experience in critical infrastructure industries
    • 50+ years combined experience on Fortune 500 mission critical projects requiring both tech skills and business savvy
    • 30+ years combined experience creating the technology business case for owners, Boards, and CxOs
    • Each is a Certified Information Security Systems Professional (CISSP)
    • Each is a certified Project Management Professional (PMP)
    • The team’s other relevant credentials include: Professional Engineer (PE) license in Mechanical Engineering, Certified Information Security Manager (CISM), Cisco Certified Network Associate (CCNA), and Offensive Security Certified Professional (OSCP)

    Why Securithink

    • Relevant track record – see above
    • Unique value add – see above
    • Deep expertise – see above
    • Pro-active stakeholder engagement – from Operations to IT, Finance, C-suite, and, if needed, the Board of Directors – means low organizational noise and rapid implementation once support is aligned
    • Hard-wired to sweat during planning so we don’t bleed during implementation
    • Hyper-practical, right-size orientation; avoids over-engineering the solution
    • Fortune 100 experience includes smaller operational units so it scales to medium-size businesses
    • Nationally recognized experts, accustomed to working globally

    We invite you to contact us to explore if SecuriThink Field-Tested OT / IT integration is a good fit for your organization.

    Want more?

    What Else We Do

    Step Zero™ Rapid Cybersecurity Cost Estimates

    Step Zero™ Rapid Cybersecurity Cost Estimates

    This unique approach, with a known range of verified accuracy, was first field-tested on 12 Fortune 500 Merger and Acquisition (M&A) deals yet it also supports data-driven investment decisions for cybersecurity compliance.

    read more
    Managing Up and Out™ Security Strategy and Education

    Managing Up and Out™ Security Strategy and Education

    Tap the 30+ years combined experience of our team to align stakeholders from Boards of Directors and C-suite to critical asset owners or front-line team members. Whether it’s a business case, strategy roadmap, or key presentation, we can cross-train, ghostwrite, or deliver on your behalf.

    read more
    CMMC Readiness

    CMMC Readiness

    Cybersecurity Maturity Model Certification (CMMC) is the evolution of cybersecurity contractual requirements from the Department of Defense (DoD) with which SecuriThink practitioners have been involved for over 10 years.

    Our journey satisfying these requirements is the story of “how we know what done looks like” for cybersecurity as we state on our website homepage.

    read more
    SecuriThink Field-Tested Data Classification Solution

    SecuriThink Field-Tested Data Classification Solution

    Get higher returns on your project investment with a field-tested data classification solution based on two Fortune 500 projects involving 12,000 and 50,000 team members, respectively.

    Our Data Classification Solution integrates technology with business transformation methods to manage factors too often left out of a security project. We leverage what’s already going well in your organization, while shifting to higher potential.

    read more
    Cultural Armour™

    Cultural Armour™

    Optimizing your company’s information security
    Takes more than the latest technology
    Or a staff trained to use it.
    It takes a shift in thinking.
    A shift in acting.

    read more
    Field-Tested Proactive Insider Threat Program

    Field-Tested Proactive Insider Threat Program

    Over 90% of most companies’ value now comes from intangible assets. In addition to Intellectual Property (IP), brand reputation, competitive advantage, supplier network, employee retention, and customer loyalty are measurably affected by cyberattacks. Research shows some of the most damaging losses coming from trusted insiders with malicious intent, also called Insider Threat.

    The biggest gains come from proactive attention to Insider Threat, that is, don’t chase after the horse that’s gotten away, keep it from leaving the stable.

    read more
    Supply Chain Cybersecurity

    Supply Chain Cybersecurity

    Threat actors are increasingly exploiting the path of least resistance in the supply chain to attack their real targets. While more large companies have built a reasonable cybersecurity posture, malicious actors still find easy ingress through abundant open doors in smaller suppliers.

    Supply chain attacks have skyrocketed to the point where targeted companies are motivated to manage their own risk by managing the risk hiding in their supply chain.

    read more