Operational Technology has become the new frontline of cyber risk, yet most Security Operations Centres are still built around IT‑centric assumptions, tools, and workflows. As industrial environments modernise—introducing IIoT devices, converged networks, and cloud‑connected control systems—the SOC must evolve with them.

But what does “modernising OT in the SOC” actually look like in practice?
This talk explores the practical, cultural, and architectural shifts required to bring OT visibility, detection, and response into a modern SOC without disrupting the safety‑critical environments it protects. We’ll break down the unique challenges of OT telemetry, asset discovery, protocol analysis, and incident response, and contrast them with traditional IT approaches that often fall short. Expect real‑world examples, lessons learned from the field, and a candid look at what works—and what absolutely doesn’t—when trying to operationalise OT security.

Attendees will walk away with a clear understanding of:
- How to build OT‑aware detection and response workflows that respect operational constraints
- Why traditional SIEM/SOAR approaches struggle with OT data—and how to adapt them
- The role of passive monitoring, network segmentation, and ICS‑specific threat intelligence
- How to align engineers, operators, and SOC analysts around shared outcomes
- Practical steps for maturing OT security without requiring a full rip‑and‑replace

Whether you're an OT engineer, SOC analyst, or security leader, this session will give you a grounded, realistic roadmap for bringing OT into the SOC in a way that’s safe, scalable, and future‑ready.