Home

Training Solutions

We create specialized training content for operational technology focused cybersecurity tailored to your organization’s needs including your architecture, control systems, and local skill sets. Whether you're looking to host the content on your own learning management system or prefer us to manage it for you, we offer flexible solutions that empower the team you have today. Our expertly designed materials cover crucial industry topics, from operational technology to advanced cybersecurity, providing practical and engaging training to help your workforce excel.

It Must Be Interesting

We have all sat through hours of boring slide decks. Our courseware is designed to be both practical and engaging, leveraging advanced tools including AI, detailed graphics, and immersive cloud-based lab environments. We focus on providing hands-on experiences that mirror real-world challenges, ensuring your team can directly apply what they’ve learned. With interactive content and cutting-edge technology, we make sure learners stay engaged and gain valuable skills they can immediately use to enhance your control system cybersecurity.

Lifetime of Learning & Teaching

We have extensive experience writing and delivering lessons for technical control system environments. We bring a deep understanding of aspects from the adjunct faculty perspective to corporate training and accredited environments. Whether developing content for large organizations or highly regulated industries, our lessons are tailored to meet your diverse learning needs. Each course is meticulously crafted to ensure relevance, engagement, and depth, empowering learners to tackle complex challenges with confidence and competence.

In our latest longterm project, we created 144 hours of OT Cybersecurity content for an accredited program.

Frequently Asked Questions

What is SubSafe Security?

SubSafe Security is a control system or operational technology focused business that offers customized training content services for your learning management system or ours.

Privately owned consulting firm located in Ohio
Our team is global and is comprised of the authors and teachers that are also OT cybersecurity consultants
We serve our community by creating the best possible educating available

As an ex-submnariner, safety and security process impress me. I chose our name because of the Submarine Safety program. It is a rigorous quality assurance initiative established by the U.S. Navy to ensure the safety and integrity of submarine systems, focusing on preventing flooding and ensuring the ability to recover from an emergency. It was instituted in response to the loss of USS Thresher in 1963 and involves strict adherence to design, construction, and maintenance standards. As a submariner, this was one of the first programs that I knew of that was designed to prevent horrible accident and consequently, I thought of it often when working on refineries and chemical plants.

For more information...

Consider this article on cognitive bias and risk analysis challenges:

https://subsafesecurity.com/cybersecurity-news/f/understanding-the-disparity-in-risk-assessment-rationalizing

What is Operational Technology and why is it important?

Operational technology (OT) encompasses the systems that monitor and control physical devices and processes in industries such as manufacturing, utilities, and transportation. It is crucial for ensuring that these systems, which are fundamental to daily operations and safety, remain safe from cyber threats that could disrupt operations and cause physical harm.

For more information...

Consider this article about what is operational technology:

https://subsafesecurity.com/cybersecurity-news/f/not-everyone-knows-what-ot-is-and-how-it-compares-to-it

Consider this article about the hidden risk in control systems:

https://subsafesecurity.com/cybersecurity-news/f/overlooked-cybersecurity-risks-in-operational-technology

Consider this article device refresh rate challenges in operational technology:

https://subsafesecurity.com/cybersecurity-news/f/replacing-outdated-it-systems-but-what-about-ot

What is a OT Cybersecurity Assessment?

We teach your team how to perform vulnerability assessments using passive (non-intrusive) network assessment methods to gather information about a network. This means that it does not require any interaction with the hosts on the network, and it will not generate any alerts or notifications. In terms of impact on control system networks, passive network assessment is generally considered to be safe.

For more information...

Consider this article about operational technology vulnerability assessments:

https://subsafesecurity.com/cybersecurity-news/f/control-system-vulnerability-assessments

Do you teach how to create an appropriate assessment report so management can make decisions?

We teach how to collect the data, perform the risk assessment, create and present the report which normally contains the following:

Executive Overview: A brief summary of the key points, findings, and recommendations of the report, aimed at providing a quick understanding to top management.
Introduction: Sets the context by explaining the background, the objectives, and the importance of the cybersecurity assessment.
Scope: Defines the boundaries of the assessment including the systems, processes, and geographic locations covered.
Methodology: Describes the techniques, tools, and processes used to carry out the cybersecurity assessment including risk ranking.
Findings: Presents the data collected, issues identified, and the analysis of the cybersecurity posture.
Risk Assessment: Evaluates the potential risks for the vulnerabilities identified, and their potential impact.
Regulations & Standards: Highlights the relevant regulatory and standard frameworks and compliance.
Recommendations: Provides actionable advice to address the identified issues and to improve the cybersecurity posture.
Conclusion: Summarizes the key takeaways from the assessment and emphasizes the importance of implementing the recommendations.
References: Lists the documents, standards, and other materials consulted during the assessment.
Appendices: Contains supplementary material such as detailed data, technical information, and other relevant documentation that supports the main text of the report.

Can you teach our team how to check our process safety functions for cybersecurity risks?

Safety functions are designed to put a system or process in a safe state if something goes wrong. There are safety functions associated with mechanical safety regions like the area around moving equipment like a robot and safety functions associated with process control. In the process area, specialized teams perform a Process Hazards Analysis (PHA) to identify the safety functions necessary to protect a process. Assessments for safety functions are essential because cyber threats can manipulate or disrupt these safety mechanisms, leading to potential safety hazards, environmental damage, or even catastrophic failures. We can teach several methods to assess safety functions for cybersecurity vulnerabilities, but we prefer the Security PHA Review method which reviews PHA reports for attack vectors and makes recommendations.

For more information...

Consider this article about a Security PHA Review:

https://subsafesecurity.com/cybersecurity-news/f/security-pha-review

Do you teach my team how to protect our control systems from cyber threats?

We teach defense-in-depth strategies discussed in the IEC 62443 standard, and many other documents, to protect your physical assets from cyber threats. Defense-in-depth encompass strategies like segmentation, access control, whitelisting, patch management, physical security, system hardening, monitoring and detection, incident response, and recovery.

Our team of experts works closely with you to assess your security needs and develop a customized training plan that fits your unique requirements that your team can manage.

In what industries are you the most experienced?

The areas below represent that specific industries where we are well qualified control system and cybersecurity experience.

Manufacturing: This includes automotive, chemical, industrial, consumer goods, pharmaceutical, food and beverage, metal, and paper.
Oil and Gas: Midstream including transportation, storage, and initial processing of crude oil and natural gas, typically through pipelines, tanker ships, and storage facilities. Downstream including refining of crude oil into usable products like gasoline, diesel, and other petrochemicals.
Additional Critical Infrastructure: This includes commercial facilities, critical manufacturing, government facilities, transportation control systems, and water/wastewater.

Privacy Policy

Your privacy is important to us and we take it seriously. This policy outlines how we would collect data and protect it even though we do not collect data.

Information Collection and Use

We do not except when you fill out a form or sign up for our newsletter on our site. The collected information includes your email address only for the newsletter and maybe your name, email address, and message details if you submit a contact form (there are some optional fields and we protect that information also).

Your information is ONLY used by us to respond to your requests. Your information will NEVER be shared or sold!

Information Protection

Your personal information is contained behind secured networks and is only accessible by a limited number of clearly identified people that are required to keep the information confidential.

Information Sharing

Subsafe Security does not sell, trade, or otherwise transfer to outside parties your personally information.

Cookies

Our website uses cookies to enhance your experience by remembering your preferences for future visits and compiling aggregate data about site traffic and interaction only. The cookies are shared with Google Analytics and GoDaddy.

Google Analytics uses cookies to track user behavior and aggregate data about website traffic. The information collected can include:

User Details: Such as the type of browser and operating system used, screen resolution, language preferences, and the device type.
Session Information: Duration of the visit, pages visited, and interactions on each page (like clicks and scroll behavior).
Referrer Information: How the user arrived at the site, such as direct entry, through a link on another website, or via a search engine.
IP Address: Used to determine the geographic location of the visitor. However, Google anonymizes the IP address within the area of member states of the European Union and other parties to the Agreement on the European Economic Area.

GoDaddy may collect data through cookies to manage and improve its hosting services and for security purposes. This can include:

System Information: Technical details about the device accessing the website, including operating system, device type, and browser type.
Log Files: Data automatically collected by servers, such as IP addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data.
User Interaction: How users interact with the website, which can help in improving site navigation and structure.

Both Google Analytics and GoDaddy use this data for improving service delivery, enhancing user experiences, marketing, and optimizing their own services and technologies.

Consent

By using our site, you consent to our website's privacy policy.

Changes to our Privacy Policy

If we decide to change our privacy policy, we will post those changes on this page. This policy was last modified on 4/19/2024.

OT Cybersecurity Training Consulting

Training Solutions

It Must Be Interesting

Lifetime of Learning & Teaching

Frequently Asked Questions

Contact SubSafe Security

Privacy Policy