SEC536: Adversarial AI - Penetration Testing AI Systems


Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsNetwork segmentation is a core requirement of a defensible ICS architecture, yet many OT networks remain flat or rely on segmentation approaches that are difficult to deploy and sustain. This session focuses on SANS Critical Control 2 (Defensible Architecture) and Critical Control 3 (ICS Network Visibility and Monitoring), presenting a practical crawl, walk, run approach to segmentation in industrial environments. Attendees will learn how segmentation can evolve from no segmentation, to macrosegmentation using zones and conduits, and finally to OT-appropriate microsegmentation. Each stage of the journey highlights the technical and operational components required, including network visibility, asset context, and policy enforcement points. Rather than relying on endpoint authentication or 802.1X, the presentation demonstrates how context-aware segmentation uses network visibility and device attributes, such as type, role, location, and communication patterns to classify PLCs, HMIs, and other unmanaged devices, enabling enforceable microsegmentation policies without impacting operations.


Jose Avila-Gomez is a Network Architect and Technical Solutions Architect specializing in industrial and OT networking.
Read more about Jose Avila Gomez





