SEC536: Adversarial AI - Penetration Testing AI Systems


Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsBased on my experience supporting and later leading an OT cybersecurity program, this talk explores the evolution from a NIST Cybersecurity Framework–aligned strategy to a more operations-driven approach built on the SANS Five Critical Controls for OT Cybersecurity. This session will discuss why high-level frameworks can fall short in regulated industrial environments and how the Five Critical Controls can be applied as an adaptive methodology rather than a prescriptive checklist. Attendees will learn how to justify this approach to regulators, identify practical activities within each control, develop executive-level KPIs and KRIs, and build stakeholder alignment across engineering, operations, and compliance. The session is designed to help organizations confidently get started with the Five Critical Controls while establishing credible, flexible benchmarks for regulated environments.


Christopher Cotter is currently the Director of OT Cybersecurity at Avangrid with more than 13 years of experience in the utilities industry, including over three years in OT security leadership roles protecting critical infrastructure.
Read more about Christopher Cotter





