Security Awareness Built for OT People
Generic IT security awareness training is built for office workers. It talks about phishing emails, cloud storage, and password managers. A module about cloud storage phishing is irrelevant to an operator watching a pressure gauge. It does not address the realities of a control room, a maintenance engineer connecting a laptop to a PLC, or a vendor arriving on site with their own device.
NEXUS designs security awareness training programmes that speak to the actual context of your workforce — using scenarios drawn from real ICS incidents, language that resonates with engineering teams, and practical habits that fit into operational workflows rather than disrupting them.
What We Consistently Find Missing
These modules address the gaps we encounter most frequently — not a standard curriculum, but a diagnostic built from what is actually absent in OT workforces:
- OT Threat Landscape — Most operators have no working model of who attacks industrial environments or what they are after. Real case studies, explained without jargon.
- Safe Media Handling — USB devices and contractor laptops are the most common physical entry point into OT networks. The habits to manage this are rarely in place.
- Vendor & Remote Access — Third-party access is almost universally under-governed. Operators rarely know what to permit, what to watch, or what to escalate.
- Social Engineering for OT — Phone calls, site visits, and impersonation are the human vectors most OT security training ignores entirely.
- Incident Recognition & Reporting — Operators see anomalies and do not report them — because no one has told them what matters or who to tell.
- Management & Leadership Module — Decision-makers carry specific responsibilities during an incident that are rarely rehearsed.
Delivery Formats
- On-site classroom sessions — half-day or full-day
- Control room and shift-based delivery (multiple sessions)
- Bespoke e-learning content for your LMS
- Annual refresher programmes
- Post-incident targeted training