Building an effective OT SOC requires more than replicating IT security operations; it demands purpose-built processes, bilingual analysts and a clear understanding of how OT constraints shape every decision. Ivan Sestak of the Toronto Transit Commission shares lessons from an ongoing OT SOC program navigating legacy infrastructure, cloud migration and industrial operations.

In this session, he will also share insights on:

• Why IT and OT SOC functions must remain distinct, and how to structure people, process, technology, facilities and data to protect industrial environments without compromising operational continuity;
• How to build bilingual SOC analysts who understand both cybersecurity and the operational context of the shop floor;
• How to design OT-specific incident response playbooks, adapt policy frameworks to industrial constraints and use passive asset discovery to establish the baselines needed for effective threat detection.