2026-04-10 –, Track 2
Most OT security failures don’t happen because the technology was wrong, they happen because the security programme didn’t fit how manufacturing actually operates.
This session focuses on the operational and organisational reality of embedding OT security in live production environments, drawing on experience leading a £97m global OT security programme across 77 manufacturing sites. Rather than centring on attack mechanics, the talk explores what it truly takes to introduce security into environments where uptime, safety, and throughput are non-negotiable.
Attendees will learn how OT security initiatives succeed or fail based on governance alignment, decision-making authority, and cultural adoption on the shop floor. The presentation examines common friction points: engineering resistance, unclear ownership between IT and operations, security controls that disrupt maintenance, and change processes that collapse under incident pressure.
Through real-world examples, the session shows how organisations can shift OT security from a bolt-on technical function into an embedded operational capability. It explores how to design security programmes that engineers trust, operators understand, and leadership supports, without slowing production or increasing risk.
The talk also addresses how resilience is built over time through repeatable processes, training, and scenario-based planning, rather than one-off tool deployments. It concludes with a forward-looking view of how emerging threats, regulatory pressure, and supply chain complexity make operational resilience a board-level responsibility.
Attendees will leave with:
A clear understanding of why OT security programmes succeed or fail operationally
Practical approaches to aligning security with engineering and production priorities
Change-management strategies that work in industrial environments
Insight into building resilience through people, process, and governance — not just tools
Actionable ideas for embedding security into day-to-day operations without disrupting uptime
The session will include interactive discussion and open Q&A, allowing participants to share challenges, compare approaches, and leave with practical, real-world insights they can apply immediately.
John Allen is a senior OT and industrial cybersecurity leader with over two decades of experience securing complex manufacturing and critical infrastructure environments.
He previously served as Global Vice President of OT Security at GSK, where he led a £97m global OT security programme spanning 77 manufacturing and research sites worldwide. In this role, John was responsible for embedding OT security across live production environments, balancing cyber risk reduction with safety, uptime, regulatory compliance, and operational efficiency.
John’s career has been shaped by working directly with engineers, operators, and plant leadership to turn security strategy into operational reality. His experience spans global governance design, large-scale OT security transformation, incident response in production environments, and the cultural change required to make security sustainable on the factory floor.
Today, John advises manufacturers and critical infrastructure organisations through Harpoon Consulting, where he sits as Co-Founder of the organisation, helping them design and embed practical, operations-first OT security programmes that actually work in the real world. He is known for his ability to translate security risk into operational and business impact, and for challenging approaches that look good on paper but fail in production.
John is a regular speaker at specialist security events, where his sessions consistently receive strong feedback for being honest, practical, and grounded in real-world end-user experience rather than theory or vendor-driven narratives.