Prioritized Action and Continual Improvement in Your ICS/OT Cybersecurity Program


Michael Holcomb is the Fellow of Cybersecurity and the ICS/OT Cybersecurity Global Lead for Fluor, one of the world’s largest engineering, procurement, and construction companies.

He will be discussing the following topics at 10th Annual Control Systems Cybersecurity Conference in Nashville, TN on the 19th and 20th September:

“EPC considerations, a big part of our practice now with ISA 62443 as the foundation, working with our clients to understand how best to secure their environments and how to also accomplish that from a budgetary perspective.”

  • Owners and operators understanding that they are targeted.
  • The need for understanding ISA 62443 as a common framework for securing their ICS/OT environments (along with a simplified view at the standard).
  • One of the main foundations of ISA 62443 is the need for risk assessments.
  • Risk assessments provide the basis for allowing the client and providers to communicate cybersecurity needs, from the client’s perspective on their own risk tolerance to the provider’s suggestions on identifying and managing risks.
  • Ultimately, a cybersecurity specification can be developed that meets both the client’s risk tolerance and budget at that point in time.
  • Going above and beyond, we also always suggest clients continue to monitor and improve their cybersecurity program over time with a focus on the Top 10 security controls, based on our own experience with client environments as well as feedback from industry leaders and partners.