As OT environments become increasingly connected, traditional vulnerability management approaches fall far short of addressing the unique challenges faced by manufacturers. The session will introduce a pragmatic framework that will help your vulnerability management team understand the fundamental differences between IT security practices and OT realities. Through the foundational lens of the "Now, Next, Never" model, the session will explore how you can build your program from the ground up, contextualizing risk for your business and evolving beyond standard CVSS to a customized risk scoring.

You will learn practical strategies for prioritizing vulnerabilities based on operational constraints, network architectures, and business impacts and easily build consensus between security and operations teams.