Tribal employees become certified in operational technology cybersecurity News by Tatum Mitchell - February 5, 2025February 5, 2025 From left to right, Derek Kroger, executive director of Tribal Community Development; Gregory Gooden, SCADA network engineer, who completed the OT Cybersecurity Specialist program; and Bruce Cole, director of Public Works. (Courtesy photo) Two employees from the Seminole Tribe of Florida’s Public Works Department recently became certified in operational technology (OT) cybersecurity aimed at protecting physical infrastructure operations and control systems. Gregory Gooden, a supervisory control and data acquisition (SCADA) network engineer, and Luis Sanchez, a system administrator, completed the OT cybersecurity specialist program. According to a release from Automation Strategy & Performance (ASP), Florida is in the top five states for cyberattacks and fewer than 1% of critical infrastructure workforce have verified OT cyber skills. ASP is the certifying entity for the program that is recognized in the industry to verify the skills of those being certified, like Gooden and Sanchez. The University of South Florida partners with ASP to facilitate people completing the program. Melissa Boutwell, president and founder of ASP, said there’s a difference between informational technology (IT) cybersecurity and OT cybersecurity. “IT deals with informational technology. [OT] deals with operational technology. People that we are certifying run the machines that run the state of Florida. So, in the case of the Seminole Tribe, the tribe will have water assets. It will have power assets. It will have other community assets that its members need to depend on,” Boutwell said. “We’re focused on the operational control systems that make sure that there are no cyber physical threats to whether or not you have power water, that you have safe air when you’re in buildings and things like that. It’s very much focused on the natural resources and critical things that our communities depend on to thrive.” There are fewer OT cybersecurity programs that focus on employees in the field compared to IT cybersecurity. Gooden’s role in Public Works includes leading a team to ensure operators can remotely monitor and control plant processes. He said he decided to do the certification program because cybersecurity, access and availability are vital in his position. “It was a no brainer for me, for my team, to jump on. It’s something that, for one, I have [researched], and I’m actually doing my doctorate in this space,” Gooden said. With 1% of infrastructure workforce having OT cybersecurity training, according to an ASP release, Gooden said the program is “well worth it.” “[The industry] is significantly understaffed in terms of somebody understanding OT necessities or idiosyncrasies of the space and how to implement or wrap cybersecurity over it while maintaining the capabilities that we need, because you can’t take what you do in IT and drop it in our space,” Gooden said. The program, Gooden said, is one of the few that he has seen that can give someone a comprehensive understanding of what is required in the OT cybersecurity space. “The course really spoke to me because that was their goal … to understand what the technology is and how it’s been massaged into a solid product. That is something that, as I said, I found lacking, because … you can’t go anywhere and get that sort of [instruction],” Gooden said. “Because there’s no one place where you can go and sit and say they’re going to teach me how to … implement network security, implement risk management in one setting.” Boutwell said this program benefits organizations and companies because usually OT cybersecurity is not distinguished as a separate job. “The people that are performing the work of OT cybersecurity have immense responsibility today. They are very busy doing everything they can to make sure that our power runs properly, that our traffic systems are working,” Boutwell said. “But there has not been an opportunity up until this time period to say, ‘Hey, these are different skills. These are special skills. This actually requires separate time and maybe a little bit of extra time to do it.’ So, it has given employers an opportunity to identify who in their organization is responsible for OT cybersecurity, and that is not something that has ever been done at a statewide level or at a tribal level.” Mark Koulianos, assistant vice president for University Community Partnerships at the University of South Florida, runs a “lifelong learning” program for continuing education past college. The university partnered with ASP to run the certification program Gooden completed. Koulianos said since the number of people educated in the OT cybersecurity space is low, it’s important to increase training and the amount of people with that skill set. “Less than 1% had been trained in this methodology, yet they were responsible for the security, from a cybersecurity perspective, for this type of thing,” Koulianos said. “They work full time. They don’t have time to go back full time. They need a flexible program. They need someone teaching them not all the theory behind it, but like, this is what you do in this scenario if this happens, and here’s the things that you need to be careful about. It’s more hands on, and it gets to the marketplace quicker. This is like a year program, which is long, but it’s when you consider that we only have 1% of all the people that manage this stuff in Florida haven’t been trained. We had to figure out a way to get it out there as a way to protect the critical infrastructure for these things.” Share on Facebook Share Share on TwitterTweet Share on Pinterest Share Share on LinkedIn Share Share on Digg Share