As the boundaries between IT and OT environments blur and regulators move to bolster ICS cybersecurity across critical infrastructure sectors, the role of the corporate CISOs (chief information security officers) are increasingly pressured to make the monitoring and securing of OT (operational technology) infrastructure essential to their role. These CISOs have come a long way, from playing specialized support roles to becoming integral to organizational resiliency, leading oftentimes to the creation of the position of industrial CISOs.
Organizations are faced with rising intensity and sophistication of cybersecurity threats and attacks, leading CISOs to take center stage by being called upon to blend security with the specific needs of industrial operations. CISOs are no longer just stop-gap cyber-defense champions as industrial environments present distinct challenges where uptime and operational efficiency are the top priorities. CISOs need to ensure that security processes boost productivity and do not hinder it. By integrating cybersecurity into the operational model, they build a resilient environment in which security functions as an enabler, driving trust and continuity. This necessitates a holistic knowledge of technological and operational processes so that protective mechanisms are aligned with business objectives.
The position of CISOs is being revolutionized, as seen in a study of 1,031 CISOs globally. Previously, they were mostly regarded as guardians of enterprise security, but now 52 percent of them consider themselves facilitators of business initiatives, focusing on strategic innovation and expansion. Half of these CISOs indicate increased risk tolerance, balancing security with business goals. Looking ahead, 63 percent will play a more active part in driving business growth in a digital-first world. The research reflects varied geographic views, highlighting global trends and regional differences in the CISO position.
With the rising adoption of the Internet of Things (IoT) and AI (artificial intelligence) technologies, there is further need for the CISO. While these technologies fuel innovation, they also increase the attack surface, requiring forward-looking approaches to remain ahead of threats. Visionary CISOs leverage AI for predictive threat detection and IoT for real-time data insights, allowing them to detect and neutralize risks before they become major issues. By adopting these technologies, CISOs can create adaptive security frameworks that safeguard critical infrastructure while facilitating growth.
When it comes to managing the evolving regulatory environment, industrial CISOs need to come up with detailed organizational plans according to prevailing standards, e.g., NIST or ISO 27001, while keeping pace with prospective changes in regulations. This demands adaptability and interdepartmental cooperation among legal, operational, and executive departments for compliance without diminishing security or efficiency.
Evidently, the position of the industrial CISO has evolved from being reactive to monitoring to being strategic leadership. By weighing security against operational requirements, capitalizing on emerging technologies, and anticipating regulatory developments, industrial CISOs work toward protecting their organizations and driving them toward a resilient and secure future. Their success in turning cybersecurity into a strategic advantage will define the success of industrial operations in an increasingly networked world.
CISOs take center stage in industrial cybersecurity as threats intensify
Industrial Cyber consulted with industry experts to assess the evolution of the chief information security officer (CISO) role in industrial sectors over the past two to three years. They noted that organizations are increasingly appointing dedicated industrial CISOs as cyber threats more frequently target OT/ICS infrastructure.
Dawn Cappelli, head of the OT-Cyber Emergency Readiness Team at Dragos, told Industrial Cyber that, increasingly, executives and board members are paying attention to cybersecurity in their OT environments as OT cyber threats increase and receive more media attention, and many CISOs are being held accountable. “CISOs often hire or partner with someone who ‘grew up’ in OT to lead the development of an OT cybersecurity program, but ultimately the CISO is usually responsible for the strategy, risk management, and implementation of OT cybersecurity.”
“As cyber threats increasingly target operational technology (OT) and industrial control systems (ICS), the Chief Information Security Officer (CSO) role has expanded beyond traditional IT security,” Dean Parsons, SANS Certified instructor and CEO of ICS Defense Force, told Industrial Cyber. “Mature organizations recognize the need for Industrial CSOs—leaders who bridge cybersecurity with engineering and operations—because in ICS, safety and reliability are paramount. Newly appointed CSOs who overlook ICS/OT-specific challenges or apply IT security controls without adaptation risk operational and safety consequences, jeopardizing both their role and the organization’s stability. “
Parsons highlighted that the role of the CSO in industrial sectors has evolved to focus more on ICS-specific security as threats against OT/ICS environments increase. “Mature organizations are recognizing that ICS/OT security requires a different skillset and approach than traditional IT security, leading to the appointment of dedicated or blended industrial CSOs to manage overall organizational cyber defense. The need for ICS-specific incident response, network visibility, and defensible architectures has driven this shift.”
Over the past two to three years, the CISO’s role in industrial sectors has evolved as OT/ICS cyber threats intensify, driven by regulations like NIS2, TSA directives, and the Cyber Resilience Act (CRA), Roger Hill, founder at the Hillstrong Group Security, told Industrial Cyber. “Rather than appointing dedicated industrial CISOs, most organizations have extended the enterprise CISO’s responsibilities to include OT cybersecurity. Typically, a senior OT security leader now reports to the CISO, ensuring alignment with broader cybersecurity and risk management strategies.”
Hill observed that the most mature organizations integrate IT and OT security, recognizing that protecting industrial environments is critical to business resilience and regulatory compliance.
Guillaume Celosia, an OT CISO at Confidentiel and an industrial cybersecurity SME, told Industrial Cyber that over the past few years, the role of the CISO in industrial sectors has undergone a profound transformation.
“As cyber threats increasingly target operational technology and industrial control systems, organizations have recognized the need for specialized leadership in cybersecurity,” according to Celosia. “Many are now appointing dedicated industrial CISOs to bridge the gap between IT and OT security and ensure that industrial environments receive the focused protection they require. This shift reflects the growing realization that traditional IT security strategies are not enough for securing industrial infrastructure.”
Finding harmony between cybersecurity and operational demands
The executives address how industrial CISOs balance the need to implement stringent security measures with the operational demands and uptime requirements of industrial systems. They also highlight the strategies used to collaborate with other organizational departments, such as IT and operations.
Cappelli said that it is essential that IT and OT work together to develop and implement an OT cybersecurity strategy. “CISOs understand how to develop and implement a security strategy, how to assess and manage risk, and must constantly be vigilant to the changing threat environment. But very few CISOs understand OT. It’s amazing what IT and OT can do working together, but historically they usually have not, and in many organizations the teams even have an adversarial relationship.”
She added that CISOs need to use their leadership skills to bring the two teams together, use a framework – like the SANS 5 Critical Controls for ICS – to get both teams to work together to create a strategic roadmap and then implement it. IT and OT both need to ‘own’ the strategy and, therefore, have a vested interest in implementing it.
Parsons detailed that effective industrial CSOs prioritize safety and align security with operations, ensuring ICS-specific measures support, not disrupt, engineering. “Key strategies include recognizing IT/OT differences, fostering IT-engineering collaboration, and implementing the Five ICS Cybersecurity Critical Controls.”
He added that a successful industrial CSO blends IT and ICS/OT expertise, engineering awareness, and strong leadership to manage risk. They are expected to lead specialized tactical teams trained in ICS security to ensure proactive defense through the repeatable defense model known as the Active Cyber Defense Cycle.
Hill identifies that CISOs must align security with uptime, safety, and operational resilience while securing global executive buy-in to drive major initiatives. “Success hinges on senior leadership alignment, ensuring cybersecurity supports business objectives rather than being seen as an IT mandate. Security must be framed within the core pillars of industrial success at the operations level—product availability, quality, human safety, environmental safety, and cyber-physical information integrity.”
He pointed out that controls must align with one or more of these pillars, ensuring they enhance, not hinder, operations. “Embedding security into engineering, governance, and risk frameworks, along with cross-functional collaboration and crisis simulations, builds trust and makes security a business enabler, not an obstacle.”
“Balancing security with operational demands is definitely a challenge. Industrial CISOs must implement robust security measures while maintaining uptime and ensuring that security controls do not disrupt production processes,” Celosia detailed. “They achieve this by adopting a risk-based approach, prioritizing the protection of critical assets and leveraging threat modeling to identify vulnerabilities with minimal operational impact.”
He added that establishing strong relationships with IT and operational teams is key to creating security strategies that align with business objectives. Regular communication, joint incident response drills, and integrated security frameworks facilitate the partnership between departments.
Enabling industrial CISOs to stay ahead of the curve
The executives focus on the essential skills and attributes required for a successful industrial CISO in today’s environment. They examine the critical role of continuous education and professional development in sustaining their effectiveness amidst the rapidly evolving industrial cybersecurity landscape.
“I believe the number one skill needed by industrial CISOs is team building. It is essential that the CISO can bring IT and OT together, develop a strategy, and get both teams to work together to implement it,” Cappelli said. “CISOs need to build relationships with plant managers and plant engineers, tour some plants, and build an understanding of how OT is different than IT, and why different approaches are needed in OT.”
She added that it is also important that the CISO networks with other industrial CISOs and security teams so they are aware of what other organizations are doing, and attend OT-specific security conferences or webinars to stay up to date on OT-specific threats, solutions, and technologies.
Parsons noted that continuous education is critical in traditional IT security. “As well as industrial cybersecurity where the consequences of undetected threats can cause safety consequences that include loss of life. Proactive organizations are more likely to invest in ICS-specific risk management training for leadership and hands-on engineering training programs for their tactical teams to ensure they quickly ramp up and stay up to speed,” he added.
Hill identified that a successful industrial CISO isn’t just a cybersecurity expert—they’re a strategic leader who understands industrial automation, control systems, and cyber-physical risks while also speaking the language of business, operations, and the boardroom. “The role demands the ability to translate security into business value, align stakeholders across IT and OT, and drive risk-based decision-making without disrupting production.”
He added that with threats, regulations (NIS2, CRA, TSA directives), and technologies evolving fast, continuous education is mandatory—not just certifications, but staying embedded in industry networks, learning from peers, and anticipating what’s next. “The best CISOs don’t just react; they drive security as an enabler of operational resilience.”
“A successful industrial CISO must have technical expertise, leadership skills, as well as business acumen,” according to Celosia. “Deep knowledge of both IT and OT environments is essential, along with an understanding of industrial constraints and regulatory requirements beyond cybersecurity ones. Soft skills such as communication, negotiation and crisis management are equally critical.”
He added that given the rapid evolution of cyber threats, continuous education and professional development are non-negotiable. “Certifications such as CISSP, CISM, and GICSP enhance credibility and keep security leaders at the forefront of industry trends. Furthermore, active participation in industry groups (such as ISACs) allows industrial CISOs to stay informed about the latest threat intelligence and defensive strategies.”
Strategies for industrial CISOs in the era of IoT and AI
The executives move on to how emerging technologies like the Internet of Things (IoT) and artificial intelligence (AI) have influenced the responsibilities of industrial CISOs. They emphasize the strategies employed to integrate these new technologies while maintaining strong security measures.
Parsons evaluates that emerging technologies such as IoT, AI, and cloud have expanded the attack surface and increased security challenges in ICS environments. Industrial CSOs must not rush to deploy the latest technology trend.
“For control systems, new technologies must be assessed in the context of engineering goals, ensuring they do not introduce new vulnerabilities,” according to Parsons. “Industrial CSOs should quickly build strong relationships with engineering teams to stay informed on how control system vendors are introducing new services and technologies. By doing so, they can stay ahead of potential risks and effectively manage new tech trends without compromising safety.”
Hill recognized that the rise of IoT and AI has expanded the industrial CISO’s role, creating new attack surfaces, supply chain risks, and insecure endpoints while also driving automation, predictive analytics, and efficiency gains. “The challenge isn’t just securing these technologies—it’s striking the right balance between risk and business value. The best CISOs don’t block innovation but ensure that risk is well understood and managed before deployment. This means embedding zero trust architectures, segmentation, and continuous monitoring into adoption roadmaps, working closely with engineering and operations, and ensuring clear risk accountability so security enables, rather than hinders, operational advancements,” he added.
“Emerging technologies such as IoT and AI are reshaping industrial cybersecurity. While these innovations enhance operations efficiency and automation, they also extend the attack surface,” Celosia said. “Industrial CISOs must then take a proactive approach to securely integrate these technologies. This involves conducting thorough risk assessments and implementing zero-trust architectures prior to implementing AI-enhanced cybersecurity tools such as AI-powered threat detection solutions.”
He added that developing cybersecurity policies that align with technological advancements ensures that security is embedded in digital transformation initiatives rather than treated afterward.
Crafting plan for industrial CISOs in evolving regulatory environment
The executives address how the evolving regulatory landscape has impacted the roles and responsibilities of industrial CISOs. They explore strategies to cultivate a culture of cybersecurity awareness and proactive risk management within their organizations.
Cappelli observed that if a CISO has an industrial cybersecurity strategy, has leadership support, and implementation is in progress, the expanding regulatory landscape requires that the CISO examine the new regulations for missing components, timelines that must be adjusted, and additional resources required. “New regulations can provide the CISO with the justification they need to get more resources from leadership than originally allocated.”
“Industrial CISOs should provide cybersecurity communications in their industrial environments that are applicable to that environment,” according to Cappelli. “Topics should include current cyber threats in OT / real cyber attacks that have impacted OT; risks of USB drives in OT; potential impacts of service providers using USBs, connecting their laptops directly into the OT network, or creating unapproved remote access mechanisms; how cyber threats get into your plants via remote access, and what to do in case of a potential cyber threat. A culture of shared responsibility and encouraging employees to communicate concerns about risks they observe is a force multiplier that reduces risk substantially.”
Parsons detailed that expanding regulations, such as NERC-CIP, NIST CSF 2.0, and the NIS2 Directive, have made compliance a key responsibility for industrial CSOs. “Newly appointed Industrial CSOs can leverage their regulatory compliance requirements to build their roadmap.”
He added that the new industrial CSO must align with an ICS organization’s safety culture, promoting ICS-specific training, realistic engineering-led tabletop exercises, and security-engineering collaboration to manage control system business risk—because in ICS/OT organizations, ICS/OT is the business.
Hill recognized that the regulatory squeeze is real – NIS2, CRA, TSA directives, SEC cyber rules – and industrial CISOs are now front and center in proving resilience, not just checking compliance boxes. “This isn’t about more paperwork; it’s about accountability. Boards want measurable risk reduction, not just security spend, and that means tight integration of cybersecurity into operational risk management.”
He also mentioned that the best CISOs don’t push security from the top down—they embed it where decisions are made, aligning with engineering, safety, and production teams. Culture shift happens in the trenches—through real-world training, operational buy-in, and making security a business function, not a corporate mandate.
Celosia established that the expanding regulatory landscape has further influenced the role of industrial CISOs by making compliance one of the top priorities. “Regulations such as NIS2 and industry-specific guidelines require robust security measures to be implemented and continuous monitoring. To foster a culture of cybersecurity awareness, industrial CISOs should implement training programs, run regular phishing simulations, and promote cross-functional security collaboration. Encouraging proactive risk management at all levels of the organization instills a security-first mindset that helps to reduce vulnerabilities and enhance resilience.”
He concluded that tabletop exercises and red team engagements also provide practical experience in handling cyber incidents while contributing to improve the organization’s overall security posture.
link