1-Day Instructor-Led Programme
The XICS Certification Programme is the practitioner standard for cybersecurity professionals who secure, assess, and respond to incidents in industrial control systems, operational technology, and critical national infrastructure environments. Assessed on Day 6 through a supervised OT security assessment and incident response exercise — no multiple choice, no exam.
Duration
1 Day
Price
$4,995
Industrial control systems run power grids, water treatment facilities, oil pipelines, manufacturing plants, and transportation networks. A cyber attack on an ICS is not just a data breach — it is a potential safety incident with physical consequences. The IT security professional who approaches OT environments without understanding their unique constraints is dangerous. XICS is built for professionals who need to protect environments where availability and safety are more important than confidentiality.
Across six instructor-led days, participants build capability across the complete OT security lifecycle: ICS architecture and the Purdue model, OT-specific protocols (Modbus, DNP3, IEC 61850, S7), threat landscape for critical national infrastructure, OT security assessment methodology, network segmentation and monitoring for industrial environments, OT-specific incident response, and regulatory frameworks including the UK NIS Regulations and EU NIS2 Annex I essential sector requirements. Every session respects the operational constraint that in OT environments, testing and patching carry physical risk.
On Day 6, participants conduct a simulated OT security assessment and incident response exercise against a modelled industrial environment. A senior practitioner with OT background observes methodology, safety consciousness, and report quality. XICS certificate and Practitioner Assessment Report issued together. Aligned with IEC 62443, NIST SP 800-82 Rev.3, NCSC OT Security guidance, NERC CIP, NIS2 Annex I, UK NIS Regulations, and MITRE ATT&CK for ICS.
Hands-on Modbus/DNP3 protocol analysis with Wireshark, ICS-specific vulnerability assessment tools (Claroty, Dragos awareness), network segmentation design exercises, and OT incident response simulation on Day 6.
Mentor-led sessions examining real ICS incidents (Ukraine 2015/2016, Colonial Pipeline, Triton/Trisis), OT threat actor profiles, and the critical differences between IT and OT security assessment methodology.
Assess OT and ICS environments for security weaknesses using methodology that respects operational constraints, design OT network segmentation, and respond to industrial cyber incidents without causing physical harm or operational disruption.
Apply IEC 62443 zone and conduit model to design OT network segmentation that balances security with operational continuity requirements
Analyse OT-specific protocols including Modbus, DNP3, S7, and IEC 61850 using passive network analysis tools to identify security weaknesses
Conduct OT security assessments using passive methodology that respects the safety and availability constraints of operational environments
Respond to ICS cyber incidents using safety-first methodology that maintains operational continuity and preserves forensic evidence
Map ICS threat actor techniques to MITRE ATT&CK for ICS and apply the intelligence to OT detection and response playbooks
Develop OT security programme roadmaps aligned to IEC 62443 and meet UK NIS Regulations and EU NIS2 essential sector obligations
Minimum 12 months in a cybersecurity, IT infrastructure, or engineering role — OT experience is helpful but not required
Working knowledge of TCP/IP networking and network security concepts
Basic understanding of industrial operations or infrastructure environments is advantageous but not mandatory
Organized by professional domains with comprehensive coverage
Master these in-demand skills through hands-on practice
A clear view of the roles this programme supports, what typically comes next, and where learners progress over time
Choose the learning format that works best for you and your team
Instructor-Led Training
Join live instructor-led sessions from anywhere. Interactive, engaging, and flexible.
Price per person
Group enrolments and early planning options available.
All prices are exclusive of VAT where applicable. Group enrolments and custom packages available on request.
Not everyone learns best in a group. If you want focused guidance, faster clarity, and confidence you can use on the job, our 1-to-1 Fast-Track Training gives you private, mentor-led support tailored to your experience and goals.
"Many learners choose 1-to-1 when they want understanding, not memorisation."
Credential
On successful completion of Xcademia ICS & OT Security Practitioner, learners receive an Xcademia Certificate of Completion. This standalone certificate is issued directly by Xcademia and recognised by employers across the UK defence and security sector.
Everything you need to know about the certification exams
You will receive an Xcademia certificate of completion based on participation and successful completion of labs and scenario simulations.
Everything you need to know about this course
SANS ICS515 costs approximately $8,780 for training plus $999 for the GICSP exam. XICS is 6 instructor-led days ending in a supervised OT assessment and IR exercise on Day 6. The Practitioner Assessment Report documents what was assessed and how — including safety methodology adherence. Less than half the GICSP total cost. XICS also explicitly covers UK NIS Regulations and EU NIS2 Annex I obligations that GICSP does not address.
Take the next step in your professional development