Aperture Podcast: Tom VanNorman on the OT Cybersecurity Skills Gap
By Michael Mimoso | Jan. 13, 2022
Many words have been written about the cybersecurity skills gap and how there’s 100% employment for professionals who understand network security, policy development, enforcement, and more.
Most of those very public conversations have focused on IT security, but operational technology also suffers from the same malady. One glaring example of proof comes from a recent SANS Institute survey where 56% of companies cited a lack of cybersecurity expertise and resources as the primary reason why critical infrastructure operators and asset owners cannot implement security plans.
In the episode of the Aperture podcast, ICS cybersecurity veteran, Tom VanNorman, joins to discuss the OT cybersecurity skills gap. VanNorman is the co-founder of ICS Village, a non-profit organization that provides users education and training to improve the defense of industrial devices and control systems. ICS Village is a fixture at leading industry conferences, including RSA Conference and DEF CON, providing users with valuable cybersecurity information and a unique hands-on experience with industrial equipment and security scenarios relative to their day-to-day responsibilities.
ICS Village is also part of a consortium announced in December—along with SANS, Siemens Energy, and a number of other commercial and academic entities—that established the Cybersecurity & Industrial Infrastructure Security Apprenticeship Program (CIISAp). The program intends to improve cybersecurity education for OT engineers, operators, and students interested in pursuing a career in cybersecurity. Industrial companies such as Siemens—who got the program off the ground and recruited participants, such as ICS Village—and others are expected to provide additional training through real-world job rotations, where they’ll be learning alongside cybersecurity practitioners in the trenches.
“[Siemens] didn’t want it to just be a Siemens thing where people come in, get trained by, and work for Siemens. They viewed it as a bigger problem to solve. They reached out to all of us with the idea of creating an apprenticeship program,” VanNorman said. “ICS Village jumped right aboard. That’s exactly what we are about – training and awareness for the community.”
Once apprentices complete the classroom training provided by the participating academic institutions and are at a certain skill level, they will serve as apprentices with the commercial participants, such as Siemens.
“It’s one thing to train a person,” Van Norman said. “But until they’ve had that hands-on knowledge and experience, you can go through all the school you want [it’s not the same]. That’s why we feel this apprenticeship program is extremely critical in producing the next workforce.”
In this episode, you’ll learn:
- Specifics about the apprenticeship program
- Why the need is so urgent today for skilled cybersecurity professionals in OT
- How government regulation is driving the demand for OT cybersecurity plans and workers
- Details about ICS Village’s plans for the upcoming RSA Conference in June.