Certified Lead SCADA Security Manager

Overview

This four-day instructor-led course enables professionals to develop the expertise required to plan, design, and implement an effective security programme to protect SCADA and industrial control systems. As critical infrastructure and operational technology environments become increasingly connected, the risks to supervisory control and data acquisition systems continue to grow. A structured and holistic approach to SCADA security is essential.

Participants will gain a deep understanding of common industrial control system threats, vulnerabilities, and risk management techniques. The course focuses on the knowledge and skills required to advise on and manage risks related to SCADA environments, combining technical, operational, and management controls. A comprehensive methodology for implementing a SCADA security programme is presented, equipping learners to lead security initiatives within high-profile and high-impact environments. On completion, participants will be prepared to sit the PECB Certified Lead SCADA Security Manager examination.

Prerequisites

Participants should have:

• A fundamental understanding of SCADA security concepts
• Basic knowledge of industrial control systems and networking
• Familiarity with information security principles is recommended

Target audience

This course is designed for:

• Security professionals seeking to acquire SCADA security management skills
• IT professionals looking to enhance their technical knowledge in operational technology environments
• IT and risk managers seeking a deeper understanding of industrial control systems and SCADA systems
• SCADA system developers
• SCADA engineers and operators
• SCADA IT professionals

Objectives

By the end of this course, learners will be able to:

• Explain the purpose, architecture, and risks associated with SCADA systems, distributed control systems, and programmable logic controllers
• Identify threats and vulnerabilities affecting industrial control system environments
• Develop and support a proactive SCADA security programme, including policy development and vulnerability management
• Design network architectures incorporating defence-in-depth security controls for SCADA environments
• Describe the relationship between management, operational, and technical controls within a SCADA security programme
• Design resilient and high-availability SCADA systems
• Plan and manage a programme of effective security testing activities

Outline

Fundamental principles and concepts of SCADA and SCADA security

• Overview of SCADA systems and industrial control systems
• Components of distributed control systems and programmable logic controllers
• Operational technology versus information technology environments
• Key security principles applicable to SCADA systems
• Regulatory and compliance considerations in critical infrastructure
• Security challenges unique to SCADA environments

Industrial control systems characteristics, threats, and vulnerabilities

• Architecture and communication protocols in ICS environments
• Common threat actors and attack vectors targeting SCADA systems
• Vulnerability types within operational technology networks
• Risk scenarios affecting critical infrastructure
• Consequences of cyber incidents in industrial environments
• Case studies of SCADA and ICS security breaches

Designing and developing an ICS security programme based on recognised guidance

• Overview of NIST SP 800-82 guidance for ICS security
• Establishing governance and security policies for SCADA
• Risk assessment methodologies for operational technology
• Asset identification and classification
• Security awareness and training in ICS environments
• Integration of security into system lifecycle management

Network security architecture for SCADA systems

• Segmentation and zoning strategies
• Defence-in-depth architecture principles
• Secure remote access and communication controls
• Firewalls, intrusion detection, and monitoring in ICS networks
• Secure configuration and hardening of SCADA components
• Managing third-party and vendor access

Implementation of security controls for SCADA systems

• Technical security controls for industrial networks
• Access control and identity management in SCADA environments
• Patch and vulnerability management strategies
• Incident response planning for ICS
• Backup, recovery, and business continuity considerations
• Integration of physical and cyber security controls

Developing resilient and robust systems

• High availability design principles
• Redundancy and fault tolerance in SCADA systems
• Secure system design and secure coding practices
• Monitoring and logging strategies
• Evaluating system performance and resilience
• Continuous improvement of SCADA security posture

Security testing of SCADA systems

• Security testing methodologies for industrial environments
• Vulnerability assessments and penetration testing considerations
• Testing limitations in operational technology systems
• Managing testing activities without disrupting operations
• Reporting and remediation planning
• Aligning testing results with risk management processes

Exams and assessments

Participants will sit the PECB Certified Lead SCADA Security Manager examination, which meets the requirements of the PECB Examination and Certification Programme.

• Certification and examination fees are included in the course price
• Participants receive over 450 pages of training material, including practical examples
• An attestation of course completion worth 31 continuing professional development credits is issued to attendees
• In case of exam failure, one retake is available within 12 months at no additional cost

Hands-on learning

This instructor-led course includes:

• Scenario-based exercises focused on risk identification and mitigation
• Group workshops to design secure SCADA network architectures
• Case study analysis of real-world industrial incidents
• Exam-style practice questions to reinforce knowledge