Three answers.

1. Women

Women represent 51% of the population and 57% of the college graduates in the US. They comprise less than 10% of the OT Security workforce. 

Solving the problem could be as simple as adding women to the OT Security workforce until they reach close to their population percentage. Encouraging and recruiting them into the field, and treating them fairly once they are in, is key. (Of course the OT Security community should be welcoming to all and any addition will help with the shortage in the workforce. Women are singled out in this answer due to the numerical impact.)

2. Stop Searching For Unicorns

The OT Security unicorn has domain specific engineering, automation, IT and IT security skills and experience. OT Security unicorns do exist. I’ve seen a few. They are rare, and not the answer to the OT security workforce problem. Instead find people with one of those skills, an ability to learn, good communication skills so they can supplement the knowledge areas they lack, and a desire to be in OT Security.

3. Hire OT Security Professionals

Asset owners’ OT Security programs fail when they try to force engineers and others in Operations to work on OT Security 10 or 20 percent of their time. Partially because they already have more than 100% allocated to existing job functions.

Asset owners’ OT Security programs fail when they force an engineer and others in Operations to work primarily on OT Security when they don’t want to. Engineers are fully capable of being OT Security pro’s, if they want to. However, most would prefer to do the job they trained for and enjoy.

OT Security is a profession.

One last thought, this is not an OT v IT or OT is different than IT issue. There are many specializations under the big umbrella that is called IT. As Patrick Miller says, “it’s all T”. You need a workforce trained on the appropriate technology.

Subscribe to my Friday ICS Security News & Notes email.