Skip to content
Get started

OT Security Training From Practitioners, Not Instructors

We build security mindset, not just security knowledge. Your team learns to think like attackers, question assumptions, and understand the systems they're protecting.

Dale Carnegie Trained Instructors • Curriculum Developers for NRC, Chevron, US Army • Every US Nuclear Plant • Veteran-Owned

Discuss Your Training NeedsView Our Services
us-neuclar-plant
we-trained-team-how-to-thinks

Training That Changes How Your Team Thinks

Most security training teaches people what to know. We teach them how to think.

Your team doesn't need another certification that tests memorization. They need to understand how systems actually work, how attackers actually think, and how to question assumptions before those assumptions become vulnerabilities. They need situational awareness that translates to their daily work.

Our instructors have worked in the environments we teach about. Nuclear plants, refineries, offshore platforms, pipeline operations, manufacturing floors. We've trained everyone from control room operators to NRC inspection teams.

Why Our Training Is Different

We're not a training company that hired some consultants. We're practitioners who learned to teach. Our instructors have deployed security programs across every US-based nuclear plant and hundreds of oil and gas facilities worldwide. Then we got Dale Carnegie certified so we could transfer what we know effectively.

We've developed curriculum for organizations that can't afford to get it wrong: the NRC, Army Material Command, Chevron, Tenable. We wrote and taught the Certified Cyber-Physical Associate (CCPA) program for ICISI. That same rigor goes into every program we build. 

Cyber-Physical-Associate-Consultants
us-nrc-manual

What We Teach

Cyber-Physical Fundamentals IT security people need to understand OT. Operations people need to understand security. We bridge that gap. Industrial control systems, protocols, network architecture, the physical reality of what your team is protecting. Not theory. The actual devices, the actual signals, the actual consequences. 

Security Mindset You're not fighting technology. You're fighting ingenuity. We teach your team to question assumptions, maintain situational awareness, and critically analyze security posture. The mindset that asks "what could go wrong here?" before something goes wrong. 

Attack and Defense Your team needs to understand how attacks actually work. We use tools like Metasploit in controlled environments to demonstrate what's possible. Then we teach defense in depth: layered protections that account for the reality that any single control can fail. 

 These fundamentals are woven into all our training programs. Custom engagements focus on the specific topics your team needs. 

Training Programs

Custom Training Development

Every organization is different. Your tools, your regulatory environment, your team's background, your operational constraints. Off-the-shelf training ignores all of that. 

We develop complete training programs around your specific situation. Not a slide deck someone reads. Full curricula with participant manuals, hands-on exercises, and scenarios that reference your actual environment. We've built custom programs for federal agencies, military commands, energy companies, and technology vendors. We can build one for you. 

Programs range from half-day workshops to multi-week immersive courses. We scale to your needs and work around your operational schedule. 

What Your Team Can Do After:

  • Understand the systems they're protecting, not just the security tools
  • Think like an attacker when evaluating their own environment
  • Question assumptions that create unrecognized risk
  • Apply security principles to real decisions, not just recite requirements
  • Train others using the materials we leave behind

Train-the-Trainer Programs

Bringing in external trainers every time you hire someone isn't sustainable. You need internal capability to maintain knowledge as your team evolves. 

We certify your staff to deliver training on your security tools, policies, and procedures. Certification programs typically run one to two weeks depending on scope. Your trainers get complete instructor packages: facilitator guides, participant manuals, exercises, and assessment materials. When your tools or policies change, we provide update packages so your internal program stays current. 

What Your Trainers Can Do After: 

  • Deliver your security training program independently
  • Adapt materials to new hires and changing requirements
  • Assess capability, not just attendance
  • Update curriculum as tools and policies evolve
  • Onboard new staff without waiting for external support

Tabletop Exercises

Plans reveal their gaps when you test them. Tabletops expose weaknesses in incident response, communication, and decision-making before real incidents do. 

We design exercises around realistic scenarios for your industry. Your team works through incidents that could happen in your facility, making decisions with incomplete information and coordinating across departments. Exercises typically run 2-4 hours depending on complexity. Afterward, you get a detailed debrief and written report identifying gaps and recommendations.

What Your Team Can Do After:

  • Execute your incident response plan under pressure
  • Coordinate across departments when information is incomplete
  • Communicate with regulators, leadership, and external parties
  • Make decisions when the playbook doesn't cover the situation
  • Identify gaps before a real incident exposes them
us-nrc-training-team

Who We've Trained

Nuclear Operators, security staff, and NRC inspection teams across every US nuclear power generation plant. We've trained the people who implement the standards and the people who evaluate compliance. 

Oil and Gas Security and operations teams across hundreds of facilities worldwide. Offshore platforms, refineries, pipeline operations, LNG terminals. Training that accounts for safety culture, remote locations, and operational realities. 

Utilities Electric generation and transmission, water and wastewater systems. NERC CIP compliance training and operational security for staff who keep critical services running. 

Manufacturing Process and discrete manufacturing with safety-critical systems. IEC 62443 training and OT security fundamentals for operations teams. 

Federal and Defense Custom curriculum development for federal agencies and military commands including NRC, Army Material Command, and Architect of the Capitol. 

How We Deliver

On-Site Training happens at your facility, on your systems, in your operational context. Your team learns where they work. 

Virtual Instructor-Led Live remote sessions with hands-on exercises. Interactive training when on-site isn't practical. 

Blended Programs Combine on-site workshops with virtual follow-up. Build skills in person, reinforce over time. 

Flexible Scheduling We work around shift schedules, maintenance windows, and operational demands. Training fits your reality. 

onsite-training
training-attendance

Training Documentation for Compliance

Auditors ask for training records. We provide them. 

Every training engagement includes attendance documentation, competency assessments where appropriate, and completion certificates for participants. For organizations with specific compliance requirements, we format documentation to meet your audit needs. 

Let's Build Your Team's Capability

Tell us about your team, your environment, and where the gaps are. We'll design training that changes how they work.

Start a Conversation