SecOT+ (Coming Nov 2026)

SecOT+ (V1) exam objectives summary 

OT Systems and Safety Foundations 

• Apply safety techniques to the job environment: Implement lockout/tagout, JSA, PPE, hazard identification, and safety meetings. 
• Explain unique elements in OT environments: Differentiate IT/OT convergence, device roles (PLCs, HMIs, SCADA systems), and critical infrastructure sectors. 
• Describe control theory concepts: Demonstrate understanding of control logic, set points, I/Os, timers, process variables, and control languages. 
• Explain OT communication mediums and protocols: Distinguish among serial, Ethernet, and wireless OT protocols (Modbus, DNP3, BACnet, Profinet, etc.). 
• Contrast infrastructure considerations for OT: Compare legacy, embedded, and modern infrastructure, including virtualization, cloud, and edge technologies. 

OT Risk Management 

• Explain the importance of governance, risk, and compliance: Connect security and operational objectives, business continuity, and compliance drivers. 
• Describe elements of cybersecurity program management: Address risk registries, maturity assessments, roadmaps, RACI, SLAs, training, and documentation. 
• Outline risk assessment concepts: Cover frameworks, methods, risk variables, scoping, controls, and treatment options. 
• Explain risk monitoring and disposition: Include processes for audits, reporting, escalation, and disposition strategies. 
• Summarize the importance of the change management process: Review identification, testing, communication, and approval of changes. 

OT Threat Intelligence 

• Summarize the foundations of threat intelligence: Identify intelligence types and OT-specific frameworks (Diamond Model, MITRE ATT&CK, Cyber Kill Chain). 
• Explain the relevance of historical cyber events impacting OT environments: Assess impacts of incidents such as Stuxnet, Industroyer, and other major OT attacks. 
• Describe key components of OT threat landscapes: Describe threat actors, attack vectors, vulnerabilities, and techniques specific to OT. 
• Analyze OT threat intelligence for cyberdefense: Leverage OT threat feeds, platforms, IoCs, TTPs, and information sharing channels. 

OT Cybersecurity Architecture, Design, and Engineering 

• Explain secure OT architectural principles: Apply least privilege, compartmentalization, resilience, auditability, interoperability, and defense in depth. 
• Summarize physical security concepts: Evaluate access control systems, surveillance, physical barriers, and inspections. 
• Determine applicable hardware security controls and settings: Select secure boot, TPM, firmware updates, port management, backups, and tamper protection. 
• Apply host and application security practices: Use endpoint protection, host access controls, OS benchmarks, code signing, and patching. 
• Recommend network security controls and designs: Propose firewall rules, segmentation, encryption, IDS/IPS, wireless management, and secure access. 
• Establish appropriate identification, authentication, and authorization controls: Implement account management, MFA, PKI, directory services, and secure remote access. 

OT Security Operations 

• Summarize the purpose of asset management tasks: Maintain asset and software inventories, discovery processes, and configuration management. 
• Analyze data in support of security operations: Review logs, threat-hunting artifacts, SIEM, SOAR, and security management data. 
• Describe the role of vulnerability remediation: Prioritize, coordinate, test, and implement vulnerability fixes and patches in OT. 
• Apply techniques to facilitate vulnerability management: Identify, validate, triage, and verify vulnerabilities using multiple data sources. 
• Explain the importance of portable device security in OT environments: Address removable media, mobile, and external device security, authorization, and validation. 

OT Incident Management 

• Describe incident management frameworks: Reference the PICERL model and ICS4ICS for OT incident response. 
• Summarize overarching incident management considerations: Integrate cybersecurity and physical response, escalation, notification, and mutual aid. 
• Perform activities to prepare for incidents: Develop and update incident response plans, playbooks, and conduct exercises. 
• Explain incident response and handling: Employ triage, data collection, chain of custody, and root cause analysis. 
• Analyze common data sets collected during incident response: Examine system/network baselines, logs, and deviations. 
• Compare and contrast containment, eradication, and recovery processes: Execute isolation, malware removal, system restoration, validation, and mandatory reporting. 

Preview the full SecOT+ exam objectives (draft version) here!