Training & Exercises

OT Security Training From Practitioners, Not Instructors

We build security mindset, not just security knowledge. Your team learns to think like attackers, question assumptions, and understand the systems they’re protecting.

Dale Carnegie Trained Instructors Curriculum Developers for NRC, Chevron, US Army Every US Nuclear Plant Veteran-Owned
How We Think About Training

Training That Changes How Your Team Thinks

Most security training teaches people what to know. We teach them how to think.

Your team doesn’t need another certification that tests memorization. They need to understand how systems actually work, how attackers actually think, and how to question assumptions before those assumptions become vulnerabilities. They need situational awareness that translates to their daily work.

Our instructors have worked in the environments we teach about. Nuclear plants, refineries, offshore platforms, pipeline operations, manufacturing floors. We’ve trained everyone from control room operators to NRC inspection teams.

Training that changes how your team thinks
Training an NRC team
Why We’re Different

Practitioners Who Learned to Teach

We’re not a training company that hired some consultants. We’re practitioners who learned to teach. Our instructors have deployed security programs across every US-based nuclear plant and hundreds of oil and gas facilities worldwide. Then we got Dale Carnegie certified so we could transfer what we know effectively.

We’ve developed curriculum for organizations that can’t afford to get it wrong: the NRC, Army Material Command, Chevron, Tenable. We wrote and taught the Certified Cyber-Physical Associate (CCPA) program for ICISI. That same rigor goes into every program we build.

What We Teach

Fundamentals Woven Into Every Program

Cyber-Physical Fundamentals

IT security people need to understand OT. Operations people need to understand security. We bridge that gap: industrial control systems, protocols, network architecture, and the physical reality of what your team protects. Not theory, the actual devices, signals, and consequences.

Security Mindset

You’re not fighting technology, you’re fighting ingenuity. We teach your team to question assumptions, maintain situational awareness, and critically analyze security posture, the mindset that asks “what could go wrong here?” before something does.

Attack and Defense

Your team needs to understand how attacks actually work. We use tools like Metasploit in controlled environments to demonstrate what’s possible, then teach defense in depth: layered protections that account for the reality that any single control can fail.

Training Programs

Built Around Your Team and Environment

Custom Training Development

Off-the-shelf training ignores your tools, regulatory environment, and operational constraints. We develop complete programs around your situation: full curricula with participant manuals, hands-on exercises, and scenarios that reference your actual environment. Programs range from half-day workshops to multi-week immersive courses.

What Your Team Can Do After

  • Understand the systems they’re protecting, not just the security tools
  • Think like an attacker when evaluating their own environment
  • Question assumptions that create unrecognized risk
  • Apply security principles to real decisions
  • Train others using the materials we leave behind

Train-the-Trainer Programs

Bringing in external trainers every time you hire isn’t sustainable. We certify your staff to deliver training on your tools, policies, and procedures. Certification typically runs one to two weeks; your trainers get complete instructor packages, and we provide update packages when your tools or policies change.

What Your Trainers Can Do After

  • Deliver your security training program independently
  • Adapt materials to new hires and changing requirements
  • Assess capability, not just attendance
  • Update curriculum as tools and policies evolve
  • Onboard new staff without waiting for external support

Tabletop Exercises

Plans reveal their gaps when you test them. We design exercises around realistic scenarios for your industry; your team works through incidents that could happen in your facility, making decisions with incomplete information. Exercises typically run 2–4 hours, followed by a detailed debrief and written report.

What Your Team Can Do After

  • Execute your incident response plan under pressure
  • Coordinate across departments when information is incomplete
  • Communicate with regulators, leadership, and external parties
  • Make decisions when the playbook doesn’t cover the situation
  • Identify gaps before a real incident exposes them
Who We’ve Trained

Operators, Security Staff, and Inspectors

Nuclear

Operators, security staff, and NRC inspection teams across every US nuclear power generation plant, the people who implement the standards and the people who evaluate compliance.

Oil and Gas

Security and operations teams across hundreds of facilities worldwide. Training that accounts for safety culture, remote locations, and operational realities.

Utilities

Electric generation and transmission, water and wastewater systems. NERC CIP compliance training and operational security for staff who keep critical services running.

Manufacturing

Process and discrete manufacturing with safety-critical systems. IEC 62443 training and OT security fundamentals for operations teams.

Federal and Defense

Custom curriculum development for federal agencies and military commands including NRC, Army Material Command, and Architect of the Capitol.

How We Deliver

Training That Fits Your Reality

On-Site

Training happens at your facility, on your systems, in your operational context. Your team learns where they work.

Virtual Instructor-Led

Live remote sessions with hands-on exercises. Interactive training when on-site isn’t practical.

Blended Programs

Combine on-site workshops with virtual follow-up. Build skills in person, reinforce over time.

Flexible Scheduling

We work around shift schedules, maintenance windows, and operational demands.

Compliance Documentation

Auditors ask for training records, we provide them: attendance documentation, competency assessments, and completion certificates, formatted to meet your audit needs.

Let’s Build Your Team’s Capability

Tell us about your team, your environment, and where the gaps are. We’ll design training that changes how they work.

Start a Conversation