Securing Things Newsletter
Posts
Phase A & Step 2 - Getting started in IT & OT Cybersecurity

Phase A & Step 2 - Getting started in IT & OT Cybersecurity

[Securing Things by M. Yousuf Faisal]

M. Yousuf Faisal
May 27, 2024

Disclaimer: All views presented here, in this newsletter, are my own.

Author or the newsletter are not liable for any actions taken by any individual or any organization / business / entity. The information provided is for education and awareness purposes only and is not specific to any business and or situation.

M. Yousuf Faisal

1. Phase A - Initiate, Validate, Prepare & Plan
- Step 2 – Learn IT & OT/ICS basics - acronyms, devi …
2. Cybersecurity & AI Reads & News
3. My Recent Most Viewed Posts:
5. My Asks

Hi Securing Things Community,

In this newsletter edition, we’ll continue to expand on the previous topic of “Getting started in IT & OT Cybersecurity”, covering “Phase A and Step 2”. In addition, I’ll be sharing few interesting cybersecurity updates and links, my recent most viewed social media posts from May 2024 and updates on Securing Things Academy.

Special Message:

Before we begin, do me a favor and make sure you hit the “Subscribe” button to let me know that you care and keep me motivated to publish more. Thanks! Note: remember to validate your email address to ensure that you don’t miss any future newsletter editions.

1. Phase A - Initiate, Validate, Prepare & Plan

In case you’ve missed my 3 phase & 12 steps blueprint in previous posts, here are the links and blueprint:

—> Getting started in IT & OT Cybersecurity

—> Phase A & Step 1 - for Getting started in IT & OT Cybersecurity

Getting started in IT & OT Cybersecurity - Blueprint by M. Yousuf Faisal

Phase A, as the name implies is all about initiating, validating, preparing and plan - doing the preliminary work check before you take a leap of faith on getting started in cybersecurity.

In this newsletter, lets’ outline some bullet points for Phase A and step 2.

Step 2 – Learn IT & OT/ICS basics - acronyms, device types, famous attacks, key differences between IT & OT, and more.

👉– For a recent graduate or learner and an experienced professional from a non-IT/Security/Automation field - spend some time, a day/week or so, by getting familiar with some key industry terms/acronyms, definitions, get to know few famous IT & OT cyber attacks and difference between IT and OT.

👉– For An automation professional, you should already have a good understanding and idea around all major OT device types, basic IT devices used within OT environment. But if you are completely new to cybersecurity, follow the above as well.

👉– If you are an existing IT security professional - you should already have a good understanding and idea around all major IT cybersecurity acronyms, definitions, concepts, device types and attacks. So you might want to focus on the differences in cybersecurity approach in OT in contrast to IT.

👉– For all personas types - the information that needs to be learned / gained remains the same.

👉– From an industry perspective - one must keep up with industry updates as new terms, acronyms, concepts and emerging technologies are introduced. Be ready to commit to lifelong learning.

👉– Do some research - Google / Ask your fav AI agent - ChatGPT or other (but not limited to):

List of key acronyms / terms / definitions used in IT security and
List of key acronyms / terms / definitions used in or OT / ICS security
Basic concepts IT (C.I.A) and OT (A.I.C) cybersecurity
List of IT and OT devices or asset types
Difference between IT and OT cybersecurity.
IT and OT/ICS cyber threat predictions for 2024 & beyond.
Several key industry reports on State of IT security and OT security (few security vendors/consulting orgs releases some great advice).

Note: In my upcoming STA's cyber mentorship offering - I'll cover all these across the layers of automation stack covering IT and OT side of the business.

👉– There are huge list of government and private sector guidance available - use it and build STBOK (securing things body of knowledge); yes an acronym I introduced in my last post for Step 1 of the blueprint.

👉– Remember, not to stress yourself out, this is not a decision point, rather having a better understanding in later part of crafting your journey to know which side - IT or OT - you’d like to be part of and hence what industry/entities, trainings/certs, and roles to target.

Few example reference links curated by M. Yousuf Faisal

Once this is done, move to next steps. You shouldn’t be spending too much time on this, but at the same time you shouldn’t be skipping this step. As eventually you’ll have to explore and understand these.

📢 More on these steps in detail in future posts/videos. 📢

What other important steps you’d recommend? comment below.

2. Cybersecurity & AI Reads & News

Following is a list of few interesting reads and news:

EU Cybersecurity Regulatory Landscape document - by Eurosmart, provides a succinct summary of each regulation, highlighting key provisions and implications for cybersecurity, market surveillance and market accesslated services, data protection/GDPR, European Data Act, Digital Markets Act (DMA), Digital Services Act (DSA), Digital Identity (eIDAS2) and The European Chips Act (Digital Industrial Policy).
Cybersecurity Reciprocity Playbook document - by DoD is designed to provide clear, credible information on key Department priorities for employing cybersecurity reciprocity in DoD systems, consistent with DoD Instruction (DoDI) 8510.01, “Risk Management Framework for DoD Systems”. Reciprocity as defined by NIST is; "Mutual agreement among participating organizations to accept each other’s security assessments in order to reuse information system resources and/or to accept each other’s assessed security posture in order to share information."
Enhancing and safeguarding Malaysia’s cybersecurity landscape - Malaysia Cybersecurity Bill 2024. Approved by the Malaysian Parliament on 27 March 2024, the Bill aims to improve and protect the cybersecurity environment in Malaysia, and introduces regulatory framework requirements for the designated entities within the 11 National Critical Information Infrastructure (NCII) sectors to comply with, in the Code of Practice, specific standards, measures, and processes, when handling cybersecurity incidents. Moreover, NCII sector leads are empowered to designate any entity which owns or operates any NCII as a designated NCII entity, and prepare Codes of Practice.
Exploring why IEC 62443 and Zero Trust can be a great match by SIEMENS. This white paper describes how protection against cyber attacks in the OT can be increased through the combination of the IEC 62443 standard series and the Zero Trust principle, despite increasing digitalization, end-to-end networking and increasing amounts of data.

3. My Recent Most Viewed Posts:

In case you’ve missed - here are my recently most viewed social posts.

Securing Things Academy Promo released or download below.

	Securing Things Academy (STA) Promo by MYF v4.pdf970.02 KB • PDF File

and previous newsletter posts:

Getting started in IT & OT Cybersecurity - a blueprint / framework to 2x / 5x / 10x your cybersecurity career.
Phase A & Step 1 - for Getting started in IT & OT Cybersecurity
Chronicles of Cybersecurity Consulting - 1st in series

👉 Do share, comment and add your experience and insights - as this may help someone bring some clarity and make right choices in their career decisions and or progression. Our world needs more cybersecurity professionals.

👉 I hope to make a difference & help at-least 100/> people in 2024 (ideally 1K/>) (am not making a bold claim of million or something) to give back to the community.

Whenever you are ready - I can help you / your organizations’ or customers’ secure digital transformation journey through IT & OT Cybersecurity Advisory / Consulting services, training, specific security solutions. Reach out at info[at]securingthings[dot].com.

5. My Asks

Do provide your valuable input to help me decide on few things on Securing Things Academy (STA) promo link/pdf download above:

Are the courses / topics ideas mentioned resonates with you?
which one you’d prefer? (or if you an expert, do they align with market needs)?
Course / certification name suggestions or cert name suggestion, per above list.
Or rather prefer Mini courses on similar topics?
Do register, validate your email, and request login link to submit poll to be able to enter a chance to win a course giveaway.

I invite #SecuringThings community to share their feedback, and wish list for the year on:

any industry specific pain points & potential resolutions of keen interest?
what did you like about this and or previous editions?
what could be improved?
what you’d like to see in future editions?

Your feedback and input is invaluable to me as we work together to strengthen our cybersecurity defenses and create a safer digital future. Thank you for your trust and continued support.

Thanks for reading - until next edition!

It’s a Great Day to Start Securing Things for a Smart & Safer Society.

Take care and Best Regards,

M. Yousuf Faisal.

Follow: #securingthings on linkedin | @securingthings on X/Twitter & Youtube.

The Newsletter Platform Built for Growth

When starting a newsletter, there are plenty of choices. But there’s only one publishing tool built to help you grow your publications as quickly and sustainably as possible.

Beehiiv was founded by some of the earliest employees of the Morning Brew, and they know what it takes to grow a newsletter from zero to millions.

The all-in-one publishing suite comes with built-in growth tools, customization, and best-in-class analytics that actually move the needle - all in an easy-to-use interface.

Not to mention—responsive audience polls, a custom referral program, SEO-optimized webpage’s, and so much more.

If you’ve considered starting a newsletter, there’s no better place to get started and no better time than now.

Try beehiiv absolutely free with no credit card required.

Reply

or to participate.