Wireshark is phenomenal—but your job doesn’t end where its built-in protocol list does. I’ve long been intrigued by how Wireshark turns raw bytes into a clean, hierarchical packet view. Understanding that mechanism—fields, lengths, tags, and how a dissector maps bytes to meaning—pays off far beyond packet analysis. It’s the same foundation you need to develop reliable detection logic in SIEM and NIDS: translate protocol semantics into precise match conditions, field extractions, and anomaly rules, instead of relying solely on signatures.

Mitsubishi Electric’s acquisition of Nozomi Networks signals OT security shifting from add-on to built-in. Expect tighter integrations with Mitsubishi automation and PLCs. Competitors will speed up, widening the split between integrated OEM stacks and independent, multi-vendor platforms. Key test: neutrality. Watch for parity beyond Mitsubishi, open APIs and export paths, clear data terms, and partner-first programs. Long term: one console tying cyber defense to operations analytics across APAC.

Mitsubishi Electric’s acquisition of Nozomi Networks signals OT security shifting from add-on to built-in. Expect tighter integrations with Mitsubishi automation and PLCs. Competitors will speed up, widening the split between integrated OEM stacks and independent, multi-vendor platforms. Key test: neutrality. Watch for parity beyond Mitsubishi, open APIs and export paths, clear data terms, and partner-first programs. Long term: one console tying cyber defense to operations analytics across APAC.

Across several years on hiring committees, I’ve reviewed well over five hundred resumes for roles ranging from OT Solution Architect, Product Security Leader, Cybersecurity Subject Matter Expert, and Substation Cyber Lead. Most resumes fail for the same reasons: they read like job descriptions, not evidence of impact. This guide shows exactly what I look for—and how to rewrite your experience to pass both humans and ATS.

If you’re in OT cybersecurity, you’ve likely come across the SANS ICS515 (ICS Visibility, Detection, and Response) and GIAC© GRID certification—a rigorous, highly relevant credential specifically designed for professionals focused on securing industrial control systems (ICS) and critical infrastructure.

Recent train collisions and incidents have raised a new concern: could these complex systems be vulnerable to cyberattacks? This question has driven my research and forms the foundation of this blog.

Recent train collisions and incidents have raised a new concern: could these complex systems be vulnerable to cyberattacks? This question has driven my research and forms the foundation of this blog.

In today’s interconnected world, Operational Technology (OT) cybersecurity has become a critical area of focus. As industries increasingly rely on digital systems to control physical processes, the need to secure these systems has never been more important. OT cybersecurity involves protecting critical infrastructure like power grids, manufacturing plants, and transportation systems from cyber threats. However, hiring skilled professionals in this niche field poses significant challenges. This blog explores why hiring in OT cybersecurity is so difficult, from both employee and employer perspectives.

At 17, Gukesh Dommaraju has become the youngest ever contender to compete for the title of World Chess Champion. Most players see chess as a metaphor for life, where every decision has consequences for the future, while one does not control the choices others make. What is common among Gukesh and other top players is the use of time-tested strategies that yield better decisions. Many of these principles are equally applicable to your life and career.

In the complex, interconnected world of operational technology , cybersecurity is about more than protecting sensitive data. It is about protecting people’s physical safety and making sure our factories keep on ticking, our lights stay on, and our water stays clean. The IEC-62443 standards have been the foundation of security practices in these vital sectors.

In this blog, we explore using using ChatGPT for creating vulnerability assement plans, a crucial part of any cybersecurity strategy.

After completing my CRISC and CISM certifications, I often questioned the necessity of pursuing the IEC-62443 training & certification. Despite leveraging IEC-62443 standards on a near-daily basis in my reloes as a Product Security Leader and Cybersecurity Product Manager at GE, I found myself questioning the additional value this course could offer. However, upon completing the course and obtaining the certification, I can confidently attest to its immense worth.

Quantum computing has potential to decrypt currently secure data, its implications for secure communications, and the threat it poses to existing cryptographic methods like RSA & ECC highlight the urgent need for quantum-resistant cryptographic techniques. The development of Post-Quantum Cryptography (PQC) and Quantum Key Distribution (QKD) are critical steps in preparing for this new era. Organizations must prioritize understanding and adapting to these changes, including upgrading legacy systems and addressing the emerging skill gap in quantum computing.

The argument that GOOSE messages are contained within a Substation doesn’t hold good in the context of present-day threats. Since natively GOOSE doesn’t support basic security such as Authentication & Integrity verification, the protocol is prone to spoofing and manipulation. IEC-62351-6 defines measures to Secure GOOSE communication and in this post I have shown how this could be accomplished.

The consequence of a cyber-attack on an OT system has the potential to be severe enough to cause death and destruction, whereas the consequences of a cyber-attack on an IT system is typically limited to data loss or disruption of services – important, true – but on a vastly different scale.

While both IT and OT cybersecurity are important, the focus and methods used to protect these systems can be different, with OT cybersecurity playing a more critical role in protecting physical assets and human lives.

Business continuity remains a strategic priority, as new worldwide complexities and uncertainties arise. A March 2020 Forrester report notes that provisioning employees with remote access technologies is a key continuity strategy at 88 percent of organizations surveyed, while Gartner recommends to “accelerate the development of a technology infrastructure that can support alternative types of working.”

Business continuity remains a strategic priority, as new worldwide complexities and uncertainties arise. A March 2020 Forrester report notes that provisioning employees with remote access technologies is a key continuity strategy at 88 percent of organizations surveyed, while Gartner recommends to “accelerate the development of a technology infrastructure that can support alternative types of working.”

As industrial systems become increasingly digitized, so does the cyber risk. Once upon a time the industrial systems were isolated, were manual, but not rely on communications network and digital devices. As a result, a new category of industrial risk has been created – industrial cyber risk.

Supratik Pathak Facebook-square Twitter-square Linkedin CONTACT An Introduction to OAuth 2 OAuth 2 is an authorization framework that enables applications — such as Facebook, GitHub, and

Supratik Pathak Facebook-square Twitter-square Linkedin CONTACT Why are Cyber Attacks on OT Systems so much in Focus Operational technology (OT) systems, such as ICS and