As cyber threats targeting industrial control systems (ICS) grow more advanced, the SANS Institute is rolling out a first-of-its-kind course to train professionals in safely assessing vulnerabilities in operational technology (OT) environments. ICS613: ICS/OT Penetration Testing & Assessments will debut in beta August 25–29 in Sandy, Utah, as an in-person-only offering. The beta run of the course will deliver critical hands-on training for cybersecurity professionals working in industrial environments.
Authored by Don C. Weber, Jason Dely, and Tyler Webb, ICS613 equips students with the mindset, methodologies, and tools to perform security assessments in environments where uptime, safety, and reliability are non-negotiable. It goes beyond adapting IT penetration testing techniques by offering a purpose-built approach grounded in the realities of operational technology. Participants will gain hands-on experience using a dedicated student kit featuring ICS hardware and software that simulates real industrial sector environments.
Designed for cybersecurity professionals working in OT, ICS613 trains participants to plan and execute high-impact, low-risk penetration tests tailored to the unique constraints of industrial environments. The course emphasizes real-world scenarios, including identifying ‘Crown Jewel’ assets, aligning test methods with the ICS Cyber Kill Chain, and safely applying both passive and active techniques.
ICS613: ICS/OT Penetration Testing & Assessments introduces engineering, operations, and security professionals to the mindset, methodologies, and techniques to safely and appropriately conduct penetration tests and security assessments, identify practical mitigations, and communicate results to stakeholders and leadership to improve the operational resilience of ICS environments. Participants will learn to collaborate with stakeholders, define security objectives, evaluate tools for safety, and deliver actionable reports, enabling them to assess resilience across ICS networks in any sector.
“OT penetration testing isn’t just possible—it’s necessary,” Webb, co-author of ICS613 at SANS Institute, said in a media statement. “This course gives practitioners the tools and knowledge to do it safely and effectively, supporting both mission success and operational resilience.”
Attendees span a wide range of roles, from red team operators and incident responders to system assessors and security engineers, united by a need to confidently evaluate industrial systems without disrupting them. ICS613 is especially valuable for organizations aiming to build in-house OT assessment capabilities or reduce reliance on third parties.
“There’s a huge difference between knowing how to find vulnerabilities and knowing how to do it without breaking something critical,” said Weber, certified instructor and co-author of ICS613 at SANS Institute. “ICS613 was built to close that gap.”
“This course equips students with the knowledge and skills to assess these environments with the utmost care and respect for the unique impacts and consequences they entail,” Dely said. “It also emphasizes the identification, understanding, and assessment of weaknesses that directly affect the safety, reliability, and resilience of ICS physical systems and operations. Furthermore, the course provides guidance on selecting and employing appropriate tools and methodologies for ICS penetration tests and security assessments.”
ICS613 addresses the unique drivers and constraints of ICS environments and provides direct hands-on training to develop penetration testing and assessment capabilities specific to ICS devices, applications, architectures, communications, and process environments. By the end of this course, students will be equipped to perform real-world penetration tests and conduct security assessments of fully operational environments.
Earlier this month, the SANS Institute announced a major expansion of its Cyber Academies, aiming to triple the number of fully funded scholarships by 2026 in response to escalating threats to U.S. infrastructure. This initiative will provide immersive, instructor-led training to 500 individuals annually, equipping them with GIAC certifications and personalized support from student advisers and career services specialists to launch successful careers in cybersecurity.
