Publication Date

October 2023


A trained workforce is needed to protect operational technology (OT) and industrial control systems (ICS) within national critical infrastructure and critical industries. However, what knowledge, skills, and credentials are employers looking for in OT cybersecurity professionals? To best train the next generation of OT cybersecurity professionals, an understanding of current OT cybersecurity position requirements is needed. Thus, this work analyzes 100 OT cybersecurity positions to provide insights on key prerequisite requirements such as prior professional experience, education, industry certifications, security clearances, programming expertise, soft verbal and written communication skills, knowledge of OT frameworks, standards, and network communication protocols, and position travel. We found that OT cybersecurity roles are typically non-entry level, as experience was the most common requirement, and was required on 95% of analyzed positions. Possession of a bachelor’s degree or higher was required for 82% of positions, while industry certifications such as the Certified Information Systems Security Professional (CISSP) or the Global Information Assurance Certification (GIAC) Global Industrial Cyber Security Professional (GICSP) were listed on 64% of positions. Knowledge of OT or IT frameworks and standards and strong communication skills were listed on 48% of positions, while programming expertise, possession of the United States security clearance, and knowledge of OT or IT networking protocols were required for 18%, 24%, and 27% of positions, respectively. A work travel requirement was listed on 29% of positions. Individuals seeking to enter the OT cybersecurity field, and educational programs focusing on training OT cybersecurity professionals should prioritize obtaining experience, education, and certification, possessing strong communication skills, and knowledge of relevant OT and IT industry standards and frameworks.