Work

Selected outcomes from OT/ICS cybersecurity work in critical infrastructure. Examples are described at a high level and anonymised for operational security.

Joe Del Prado on a railway platform with signalling equipment

Hands-on experience in operational rail environments.

OT Monitoring Enablement in a Transport Environment

Context

Complex OT estate spanning telecoms, signalling, and infrastructure systems with multiple stakeholders and operational constraints.

Challenge

Improve visibility and triage quality across OT systems without increasing noise or overwhelming operational teams with irrelevant alerts.

Approach

Defined monitoring questions aligned to operational impact. Developed use-cases specific to OT scenarios. Iterated telemetry and dashboards with stakeholders to ensure practical value.

Outcome

Improved clarity for triage teams. Created a sustainable approach to tuning and ownership that operations could maintain.

What I Learned

Trust and usability matter as much as tooling. Monitoring that operations don't use provides no security value.

Cyber Incident Response Readiness Programme

Context

Major UK transport environment requiring cyber incident response capabilities aligned to operational incident management.

Challenge

Develop and test incident response procedures that would work under real operational pressure, integrating cyber response with existing safety and operational processes.

Approach

Designed and orchestrated the environment's first cyber incident response tabletop exercise. Developed playbooks aligned to operational roles. Engaged stakeholders across operations, engineering, and security.

Outcome

Validated response procedures through realistic scenario testing. Identified improvements and built confidence across teams.

What I Learned

Exercises reveal gaps that documentation alone cannot. The process of preparing is as valuable as the exercise itself.

NIS Regulatory Remediation Programme

Context

Critical national infrastructure operator requiring compliance with NIS Regulations and alignment to the NCSC Cyber Assessment Framework.

Challenge

Coordinate multiple work packages across system discovery, risk assessment, contract assurance, and operational readiness to achieve CAF maturity improvements.

Approach

Led programme coordination across seven work packages. Engaged stakeholders across the organisation. Delivered regular maturity updates and managed cross-functional dependencies.

Outcome

Achieved targeted CAF maturity improvements. Established sustainable governance for ongoing compliance.

What I Learned

Regulatory compliance is an enabler, not just a checkbox. The work done for compliance builds genuine security capability.

IDS Deployment Across Rolling Stock

Context

Transport operator seeking to extend security visibility to rolling stock systems across a large fleet.

Challenge

Deploy intrusion detection capabilities across mobile assets with constrained environments, limited connectivity, and strict operational requirements.

Approach

Provided subject matter expertise for deployment strategy. Worked with vendors and engineering teams to align security requirements with operational constraints.

Outcome

Successful deployment across the fleet. Established patterns for future OT security deployments in constrained environments.

What I Learned

OT security deployments require deep collaboration with engineering. Security must adapt to operational reality.

All case studies are described at a high level and anonymised to protect operational security and confidentiality. Examples focus on approach and outcomes rather than internal details.