About Session
Technical Level: Intermediate
OT penetration test feels like a buzzword. Many people talk about it, but only a few know what it should cover. And this is not an accident. The traditional IT penetration test does not translate directly to OT because of the risks it involves, which can be accepted in IT but can be catastrophic in OT. I spent a lot of time researching this question during my 9 years as a penetration tester at Siemens, and as a threat intel and malware researcher at Fortinet.
In this presentation I would like to share my approach on how penetration testing can be translated to OT. My goal was to deliver the same value but decrease the risk it involves. I recommend a set of different security assessments on different layers that allow us to have control over the risks but deliver similar or even better results than a penetration test. Learnings for delegates:
– The reason IT pretests cannot be done in OT.
– Challenges of OT pentests.
– An alternative strategy to get the same value with less risk.
– Tips and Tricks around OT pentest.
