How I Help

Practical OT/ICS cybersecurity engagements designed for operational environments. Each service is structured around clear outcomes and deliverables.

OT Security Discovery & Risk Baseline

A clear, prioritised view of OT cyber risk and practical next steps.

What's Included

  • Stakeholder workshops to understand operational context
  • Context mapping of OT environment and dependencies
  • High-level threat scenarios relevant to your sector
  • Control gap analysis (generalised approach)
  • Prioritised recommendations based on risk and feasibility

Typical Outputs

  • Risk baseline summary document
  • Prioritised improvement backlog
  • 30/60/90-day action plan

Who It's For

  • Organisations beginning their OT security journey
  • Teams needing to understand current risk posture
  • Leaders building business cases for security investment

OT Monitoring & SOC Integration

Monitoring that supports operational decisions and efficient triage.

What's Included

  • Telemetry strategy aligned to operational questions
  • Use-case definition for OT-specific scenarios
  • Triage and escalation design (generalised approach)
  • Tuning approach to reduce noise
  • Documentation and knowledge transfer

Typical Outputs

  • Monitoring design pack
  • Use-case catalogue
  • Triage guidance documentation
  • Dashboard and detection requirements

Who It's For

  • Teams integrating OT with existing SOC capabilities
  • Organisations struggling with alert fatigue
  • Security teams needing OT-specific monitoring expertise

Threat Modelling for OT/ICS Systems

Credible scenarios tied to mitigations and assurance.

What's Included

  • Facilitated threat modelling sessions
  • Abuse case development for OT environments
  • Control mapping to identified threats
  • Vendor and engineering action list
  • Integration with existing risk frameworks

Typical Outputs

  • Threat model summary document
  • Mitigations roadmap
  • Assurance mapping for compliance

Who It's For

  • Organisations designing new OT systems
  • Teams needing to justify security controls
  • Projects requiring security assurance evidence

Detection Engineering & Telemetry

Better signal-to-noise and faster response.

What's Included

  • Data onboarding strategy and planning
  • Detection logic development (tool-agnostic)
  • Tuning and threshold optimisation
  • Reporting and metrics framework
  • Splunk experience available where relevant

Typical Outputs

  • Detection catalogue
  • Tuning notes and thresholds
  • Runbooks for common scenarios

Who It's For

  • SOC teams extending coverage to OT
  • Organisations improving detection capabilities
  • Teams standardising their detection approach

OT Incident Readiness

Response that works under real operational constraints.

What's Included

  • Playbook development aligned to operations
  • Roles and communication templates
  • Tabletop exercises and scenario development
  • Integration with existing operational processes
  • Lessons learned and improvement planning

Typical Outputs

  • Incident playbooks
  • Exercise pack and materials
  • Improvement plan

Who It's For

  • Organisations developing OT incident response
  • Teams preparing for regulatory requirements
  • Operations wanting to test cyber readiness

Availability for advisory work will be advertised when appropriate. For speaking engagements or other enquiries, please get in touch.