Resilient. Secure. Compliant. NERC CIP and ICS/OT Security. We keep you ahead of your adversaries - and your auditors.

OT-CIP Vulnerability Management

technology-3464633_1920.jpg

Bridging Compliance & Security

Managing vulnerabilities in operational technology (OT) environments is complex, especially under the scrutiny of NERC CIP. This one-day intensive course equips cybersecurity practitioners with the knowledge and tools needed to create and maintain a risk-based, defensible, and auditable vulnerability management program tailored for CIP-regulated environments. Whether you're responsible for patching decisions, audit preparation, or program design, this course offers practical guidance rooted in real-world ICS/OT challenges and CIP compliance expectations.

 
 

What You'll Learn

This course blends foundational concepts with applied exercises to help you connect the dots between cyber risk, compliance obligations, and operational realities. Topics include:


Morning Session: Conceptual Foundations

  • OT Vulnerability Context: Understand how OT differs from IT, and why vulnerability management must adapt accordingly (case studies: Triton, Colonial Pipeline).

  • CIP Requirements Deep Dive: Align vulnerability management practices with CIP-007 R2 and CIP-010 R1, including documentation expectations and audit readiness.

  • Asset Prioritization & Risk Triage: Build a prioritization matrix based on asset criticality, availability requirements, and business dependencies.

  • Patch Schedules & Emergency Response: Define workflows for routine, accelerated, and zero-day patching scenarios—including vendor coordination and exception processes.


Afternoon Session: Applied Workshop

  • Compensating Controls Framework: Learn to justify and implement alternatives such as network segmentation, whitelisting, and monitoring zones.

  • Capstone Exercise: Design a vulnerability and patch management plan using templates and tools provided by Ampyx Cyber.

  • Tooling & Threat Intel Resources: Get an overview of ICS-specific platforms (Nozomi, Claroty, Forescout, Dragos) and walk through curated ICS advisory dashboards.


Key Takeaways

  • CIP-aligned vulnerability management plan template

  • Patch evaluation matrix and compensating control framework

  • Critical asset prioritization worksheet

  • Access to curated ICS vulnerability dashboards

  • Certificate of Completion + 8 CPEs


Who Should Attend

This course is ideal for:

  • OT cybersecurity practitioners tasked with patching, exception handling, or audit prep

  • NERC CIP compliance professionals who need to operationalize CIP-007 R2 and CIP-010 R1

  • Security architects and engineers managing ICS asset inventories and risk models

  • Regulated asset owners/operators in electric, oil & gas, pipeline, or industrial sectors


What to Bring

Participants are encouraged (but not required) to bring:

  • A sample OT/ICS asset inventory or sanitized architecture diagram

  • Vendor patching documentation (if available)

  • Vulnerability reporting formats or workflows used internally

  • No software installation required. Work or personal laptops/tablets welcome for note-taking and exercises.


Class Format & Details

  • Delivery: In-person - Location TBD

  • Duration: 1 full day (8:30 AM – 5:00 PM)

  • Format: Instructor-led, with guided labs and facilitated discussion

  • Meals: Breakfast and lunch provided

  • Cost: Contact us for pricing and group registration options

Build a Smarter, Safer Patch Strategy

Whether you're defending critical systems or preparing for your next audit, this course helps you shift from checkbox compliance to purposeful cybersecurity.

 
 

About Your Instructor

Dan Ricci is a Navy veteran with 27 years of technical leadership and cybersecurity expertise, specializing in information technology (IT) and industrial control systems (ICS)/Supervisory Control and Data Acquisition (SCADA) systems and infrastructure for Chemical, Manufacturing, and Facility Related Control Systems (FRCS). 

During his 21 years in the U.S. Navy, Dan managed and executed network data analysis, incident response, operational planning, personal security, vulnerability management, risk assessments, and project management for DoD Acquisition Category (ACAT) I & II programs. He played a pivotal role in devising innovative solutions for both Fortune 100 companies and military clients. This included developing vulnerability management programs for Manufacturing Execution Systems (MES) and crafting security solutions for Building Automation Systems and Medium Power Distribution Systems. 

Dan possesses extensive expertise in the analysis, exploitation, and defense of IEEE 802.11 (a, b, g, n, ab) wireless networks deployed in IT and ICS network environments. Additionally, he oversaw the operations of two 24/7 incident handling and intrusion detection sensor teams during cyber defense operations for the U.S. Navy, both afloat and ashore. 

Furthermore, he is the founder of the ICS Advisory Project, an open-source initiative committed to enhancing CISA ICS Advisories data by integrating it with other data sources. This effort aids in prioritizing and safeguarding critical infrastructure against ICS vulnerabilities.