– OT NETWORKS · LEVEL 1 · STUDY LEARNING

Operational technology for security integrators BETA

For the security integrator who keeps ending up adjacent to OT and finally wants to understand it. Purdue, IEC 62443, the common ICS protocols, the iDMZ pattern, passive monitoring, and the discipline you need to work on a plant without crashing PLCs. Vendor-neutral. Free.

Start the course → All courses

What you will learn

This course is for the security integrator (and the IT generalist) who has been brought onto a project that touches OT and wants the underlying mental model before stepping onto the plant floor. AIC instead of CIA. Why active scans can crash a PLC. What an iDMZ actually does. What questions a competent OT engineer expects you to be able to answer.

The final lesson is a readiness checklist for security integrators going into OT environments. Not "you must do all of this" but "these are the questions you have to be able to answer".

Course outline

PART 01

What Is OT

Defining OT and the family of systems (ICS, SCADA, DCS, PLC, RTU, HMI, SIS). Why OT priorities invert IT (AIC instead of CIA). What this means for security decisions on the plant floor.

3 lessons
PART 02

Purdue Model and IEC 62443

The six-level Purdue Reference Model plus the iDMZ at Level 3.5. IEC 62443 zones, conduits, and Security Levels 1-4. The seven foundational requirements. Where strict Purdue gets messy with IIoT, cloud, and remote vendor support. Includes a checkpoint.

3 lessons + checkpoint
PART 03

ICS Protocols

Modbus, EtherNet/IP, Siemens S7, DNP3, and why most have no authentication or encryption. Why active scans crash PLCs. Passive discovery from SPAN ports. OPC UA as the modern protocol that finally added security.

4 lessons
PART 04

The IT/OT Boundary

The iDMZ pattern. "OT pushes, IT pulls" and the January 2026 CISA/NCSC-UK outbound-only guidance. Vendor remote access through brokered jump hosts. NTP across the boundary. Engineering workstation hardening. Includes a checkpoint.

4 lessons + checkpoint
PART 05

Monitoring and Safety

Passive OT monitoring (Claroty, Nozomi, Dragos, Cisco Cyber Vision). Safety Instrumented Systems and why they get their own network. The 2017 Triton/Trisis incident. Where physical security and OT converge.

3 lessons
PART 06

Operational Discipline

OT change control and turnaround windows. The regulatory landscape (NERC CIP, IEC 62443, TSA Pipeline Directives, NIS2, CISA/NCSC-UK guidance). Incident response priority order. The consolidated OT readiness checklist. Final assessment closes the course.

3 lessons + final assessment

Who this is for

  • Security integrators on projects that cross from physical security into building automation, process control, or critical infrastructure.
  • IT generalists being onboarded onto plant environments and needing the OT vocabulary fast.
  • Physical security practitioners on critical infrastructure where the line between physical security and OT is operational, not theoretical.
  • Anyone who has been told to "stay out of the OT side" without anyone explaining why.

Course details

  • Level, Level 1 (beginner)
  • Length, ~90 minutes
  • Lessons, 20 across 6 parts
  • Knowledge checks, 8 total (2 per checkpoint, 4 in the final)
  • CLI animations, 8 OT-aware scripts (PLC fingerprinting via nmap, Modbus TCP in the clear, boundary ACL demonstration, ntpq across the OT stack, passive tshark discovery, S7 engineering session, jump host audit log, SIS separation verification)
  • Cost, Free
  • Author, Hans Study
  • Status, BETA

Ready to start?

The course opens at lesson 01 and steps through all 20 lessons in order. Use the prev / next buttons or arrow keys to move between lessons. Score is tracked on the bottom bar and a completion certificate appears at the end.

Open the course →