See All Nexus 2025 Sessions
Claroty Nexus Logo
Topics:
See all in Cyber Resilience See all in Articles
See all in Videos
See all in Podcasts
OT has a cybersecurity skills gap. Leading organizations, however, are responding by building cross-functional IT/OT security teams, investing in OT-specific training, creating hybrid cybersecurity roles, and leveraging managed OT security services to bridge immediate gaps. They are also prioritizing asset visibility, documentation, and standardized processes to reduce reliance on tribal knowledge.
Operational Technology
Industrial
Operational Resilience
Cyber Resilience

OT Cybersecurity Faces a Skills Gap

Jon Holzbauer
/
May 12, 2026

Organizations across critical infrastructure, manufacturing, and other industrial sectors face a widening operational technology (OT) cybersecurity skills gap. A challenge driven by the rapid convergence of IT and OT environments. While digital transformation has connected industrial systems to enterprise networks and the cloud, the workforce has not kept pace. Traditional IT security teams lack the deep process knowledge required to protect industrial control systems, and OT engineers often lack formal cybersecurity training. This disconnect leaves essential operations vulnerable to increasingly sophisticated cyber threats. 

The consequences are significant: longer incident response times, heightened exposure to ransomware and nation-state attacks, and a greater risk of operational disruption due to misapplied security practices. As regulatory pressure grows and attackers target critical infrastructure, the need for specialized OT cybersecurity expertise has become urgent. Ultimately, closing the OT skills gap requires recognizing that OT cybersecurity is a distinct discipline, not an extension of traditional IT security.

Leading organizations are responding by building cross-functional IT/OT security teams, investing in OT-specific training, creating hybrid cybersecurity roles, and leveraging managed OT security services to bridge immediate gaps. They are also prioritizing asset visibility, documentation, and standardized processes to reduce reliance on tribal knowledge.

Why the OT Security Skills Gap Exists

The operational technology (OT) skills gap has become one of the most pressing and least understood cybersecurity challenges facing modern organizations. As industrial environments become increasingly digitized, companies discover that traditional IT security expertise does not automatically translate into effective OT cybersecurity. The result is a widening talent gap that leaves critical infrastructure and manufacturing operations exposed.

The core issue is simple: OT and IT evolved for fundamentally different purposes, and the people who work in each domain bring different backgrounds, priorities, and mental models.

IT Security Skills Don’t Map Cleanly to OT Environments

IT security professionals are trained to protect data, networks, and applications. They have specific priorities to consider. But OT systems (PLCs, SCADA, DCS, HMIs, sensors, and industrial controllers) operate under a different set of constraints. In OT, the priorities flip:

IT Priorities

OT Priorities

Confidentiality

Safety

Data Integrity

Availability

Rapid Patching

Physical Process Integrity

System Standardization

Predictability and Uptime

Network Segmentation

Legacy System Stability


An IT security expert may know how to harden a server, but that doesn’t mean they understand how a Modbus register works, how a PLC scan cycle behaves, or why patching a controller during production hours could shut down a plant.

OT Engineers Aren’t Cybersecurity Specialists

On the other side of the divide, OT engineers and technicians are deeply knowledgeable about:

  • Industrial control systems

  • Process automation

  • Safety instrumented systems

  • Vendor-specific hardware and protocols

But cybersecurity has not historically been part of their training. Many OT professionals still operate in environments where systems were designed decades ago with no native security controls and where air-gapped networks were assumed to be safe.

IT/OT Convergence has Outpaced Workforce Development

Digital transformation has accelerated the blending of IT and OT through the introduction of:

  • Cloud-connected industrial assets

  • Remote access for vendors and technicians

  • Industrial IoT sensors

  • Predictive maintenance platforms

  • Data-driven optimization tools

  • Building management systems

This convergence creates new attack surfaces faster than organizations can train or hire people to secure them.

Consequences of the OT Cybersecurity Skills Gap

The shortage of hybrid IT/OT cybersecurity talent has real-world implications:

  • Increased vulnerability to ransomware and nation-state attacks: OT environments are now prime targets because downtime has immediate financial and safety consequences.

  • Longer incident response times: When an attack hits an industrial system, IT teams often lack the context to respond safely, and OT teams lack the cybersecurity expertise to contain the threat.

  • Operational disruptions: Misapplied IT security practices (like aggressive scanning or untested patching) can unintentionally shut down production.

  • Regulatory and compliance pressure: Industries like energy, manufacturing, and water management are facing new cybersecurity mandates that require specialized OT knowledge.

5 Things Leading Organizations are Doing to Close the Gap

Forward-thinking companies are taking a multi-pronged approach to build the workforce they need.

Creating Cross-Functional IT/OT Security Teams

Instead of forcing IT to “own” OT security or expecting OT engineers to become cybersecurity experts overnight, organizations are building blended teams that share responsibility and knowledge.

Investing in OT-Specific Cybersecurity Training

Training programs now exist for:

  • ICS/SCADA security

  • Industrial network architecture

  • Secure remote access

  • Incident response in OT environments

  • Vendor-specific controller security

This training helps IT professionals understand the physical process implications of their decisions and helps OT professionals build cybersecurity literacy.

Hiring for Hybrid Roles

New job titles are emerging:

  • OT Security Engineer

  • ICS Cybersecurity Analyst

  • Industrial Network Architect

  • OT SOC Analyst

These roles require a mix of engineering, cybersecurity, and industrial operations knowledge.

Leveraging Managed OT Security Services

Because the talent pool is limited, many organizations are turning to specialized OT cybersecurity providers for:

  • 24/7 monitoring

  • Threat detection

  • Asset inventory

  • Vulnerability management

  • Incident response

This approach buys time while internal teams develop.

Standardizing, Documenting OT Environments

A surprising amount of OT knowledge lives in the heads of long-tenured engineers. Documentation helps reduce reliance on tribal knowledge and makes it easier for new cybersecurity staff. Areas to focus include:

  • Network diagrams

  • Controller configurations

  • Vendor access pathways

  • Patching schedules

  • Asset inventories

Wrapping Up

As modern enterprises adopt AI and other advanced technologies, the OT cybersecurity skills gap is going to become more apparent. It's imperative that critical infrastructure organizations that are OT-asset heavy follow the lead of peers who are successfully bridging this gap. Invest in training, create hybrid IT/OT security roles that fit your environment, and create mechanisms to ensure that cross-functional teams secure critical OT processes.

Operational Technology
Industrial
Operational Resilience
Cyber Resilience
Jon Holzbauer
Operations Technology Systems Manager

Jon Holzbauer is Operations Technology Systems Manager at Silgan Containers.

Stay in the know Get the Nexus Connect Newsletter
Share
LinkedIn Twitter Facebook Email
Featured Articles
Considerations for Medical Device Vulnerability Remediation Technical Debt in OT Environments: How It's Different and Why it Matters The Purdue Model's Risky Blindspot
Featured Videos
Browse by Topics
Cyber Resilience Cybersecurity Insurance Federal Food & Beverage Healthcare Industrial Internet of Things Nexus Conference Operational Resilience Operational Technology Ransomware Risk Management Technical Debt Vulnerability Management Zero Trust
You might also like… Read more
ASL Roma 1 CISO Stefano Scaramuzzino and Deloitte’s Fabio Battelli explain the next evolution of cybersecurity and risk governance at Italy’s largest public health authority: canonical risk. The hospital's HOPE framework is the decision layer for this concept, a governed, explainable, and auditable synthesis of technical signals, operational context, and explicit priority logic that inform remediation and mitigation actions.
Healthcare
Cyber Resilience
Operational Resilience
Risk Management

At ASL Roma 1, Canonical Risk Informs Governance, Remediation Actions

Stefano Scaramuzzino
Fabio Battelli
nexus_goodwin-strategy.jpg
Cyber Resilience
Risk Management
Operational Technology
Operational Resilience

Administration Takes Aggressive Cyber Posture with New Strategy, Cybercrime Executive Order

Cristin Flynn Goodwin
Data centers have been targeted for kinetic attacks during the ongoing Iran war, and given their strategic prioritization during the conflict, they could be targeted for cyberattacks as well. Nexus contributor James LaBonty explains the risk and potential vulnerabilities, including building management systems and other cyber-physical systems.
Cyber Resilience
Operational Technology
Risk Management
Vulnerability Management
Operational Resilience
Industrial

Protecting Physical, Digital Security of Data Centers During Conflict

Jim LaBonty
nexus_rogers-edge-alert.jpg
Cyber Resilience
Federal
Risk Management
Vulnerability Management

CISA Alert on EOL Edge Devices Should Also Spark Enhanced CPS Defenses

ADM. Michael S. Rogers, USN (Ret.)
nexus_stifel-offensive-sec.jpg
Risk Management
Operational Resilience
Cyber Resilience
Federal
Healthcare
Industrial

Imminent National Cyber Strategy May Lean on Offense at the Expense of Defense

Megan Stifel
OT cybersecurity expert Dan Ricci writes about what OT asset management and visibility can reveal about an industrial environments, including the surfacing of risk signals, exposure of hidden dependencies, and insight about the efficacy virtual network segmentation policies and practices.
Industrial
Operational Resilience
Operational Technology
Cyber Resilience
Risk Management

From OT Asset Management to Insight: Turning Visibility Into Something That Matters

Dan Ricci
Cyber-physical systems cybersecurity is a maturing practice, which means protection of these critical systems must become more programmatic. Stefano Scaramuzzino CISO of ASL Roma-1 and Fabio Battelli of Deloittte explain the first steps on this journey using ASL Roma-1's HOPE program as the model.
Cyber Resilience
Healthcare
Operational Resilience
Risk Management

Moving from Visibility to Governance of CPS

Fabio Battelli
Stefano Scaramuzzino
Cybersecurity experts identify five trends that leaders responsible for cyber-physical systems protection programs and OT security must strategize around.
Cyber Resilience
Industrial
Operational Technology
Operational Resilience
Vulnerability Management
Risk Management

5 Trends Driving OT Security in 2026: From State-Sponsored Attacks to AI-Powered Threats

George V. Hulme
The Department of Defense has issued comprehensive guidance requiring all organizational units to implement zero-trust security principles across operational technology (OT) systems, marking a fundamental shift in how the military secures critical infrastructure from power grids to manufacturing control systems.
Zero Trust
Operational Technology
Cyber Resilience
Federal

Pentagon Mandates Zero Trust Security Framework for Operational Technology Environments

George V. Hulme
IT cybersecurity teams inheriting operational technology security and cyber-physical systems protection programs often come into these situations with competing incentives. This dynamic creates gaps in protecting OT and CPS that must be assessed and addressed.
Risk Management
Operational Resilience
Industrial
Operational Technology
Cyber Resilience

Competing Incentives Create IT/OT Security Gaps

Jon Holzbauer
Connected process control technologies force asset owners to change their perceptions of risk, cyber resilience, and operational resilience.
Operational Technology
Operational Resilience
Cyber Resilience
Risk Management

Nexus Reflections and Predictions: Steven Sim

Steven Sim
ASL Roma 1, a public health provider in Rome, has distinguished itself in the global healthcare landscape over the past two years by implementing advanced cybersecurity strategies, moving toward a hyper convergent security model, the so-called HyperSOC, in response to the growing cyber attacks in the global healthcare sector.
Healthcare
Risk Management
Cyber Resilience

Nexus Reflections and Predictions: Stefano Scaramuzzino

Stefano Scaramuzzino
Latest on Nexus Podcast
See all episodes
The Nexus podcast features conversations with security leaders, researchers, and experts sharing their expertise on cyber-physical systems security.
rob-king.jpg
Industrial
Operational Technology
Vulnerability Management

Nexus Podcast: Rob King on OT Asset Exposures, Mitigations
nexus_samir.jpg
Industrial
Cyber Resilience
Operational Resilience
Operational Technology
Risk Management

Nexus Podcast: MITRE on Caldera for OT Adversary Emulation
Tiffany Wilson, the founder of Wilson Inclusive Solutions (WINS), a disability accessibility consulting firm, joins the Nexus Podcast to discuss the proliferation of consumer technology into healthcare infrastructure. This technology—smart speakers that help manage medications or cameras that monitor vulnerable individuals—often handles patient data and safety, and operates in a regulatory void.
Healthcare
Risk Management
Internet of Things

Nexus Podcast: Tiffany Wilson on the Security Crisis of Consumer Tech in Healthcare