XICS: Xcademia ICS and OT Security Practitioner

ICS and OT Security Practitioner Certification 

The IT security professional who is asked to extend their responsibilities into an OT environment faces a specific challenge. Their skills are genuinely relevant. Their assumptions, tools, and instincts may cause harm in a context where the standard IT response, isolate the compromised system, can shut down a production line, cut power to a hospital, or trigger a safety system response with physical consequences. 

XICS is Xcademia's ICS and OT Security practitioner certification. Six instructor-led days. Practitioner-assessed. Built for the security professional making the transition from IT to OT security, and for the operations professional developing security knowledge for the systems they run. 

The XICS programme does not assume you will have decades of ICS engineering experience before you attend. It assumes you have IT security foundations and need to build the OT-specific knowledge, tools, and risk mindset that protecting industrial control systems requires. 

The Credential Landscape for OT Security 

GICSP (GIAC Global Industrial Cyber Security Professional) 

The GICSP is the most widely recognised OT security credential globally. Developed jointly by SANS and GE, it covers ICS fundamentals, ICS protocols, security controls, risk management, and incident response for ICS environments. The examination is 82 open-book questions over two hours. GICSP holders work across critical infrastructure protection, ICS consulting, and OT security operations roles globally. 

The gap: GICSP costs approximately $1,999 USD for the examination, with SANS ICS courses (ICS410, ICS515) priced at $5,000 to $8,000 USD for the training. The assessment is open-book MCQ. For professionals who need applied practitioner assessment in OT security scenarios, the examination format is a limitation. 

IEC 62443 certifications (TUV SUD / Exida) 

Several certification bodies offer IEC 62443-aligned credentials for system integrators and product suppliers. These are valuable for professionals in the vendor ecosystem. They address the standard from a design and procurement perspective rather than from an operational security practice perspective. 

GICSP is the most recognised OT security credential. XICS provides the practitioner assessment layer: applied OT risk assessment, OT incident response, and ICS network security implementation under real assessment conditions. For the serious OT security professional, both are worth pursuing. Competitor pricing correct at time of publication. 

What XICS Covers Across Six Days 

Days 1-2: OT Foundations and Protocol Analysis 

• Industrial control system architecture: PLCs, RTUs, HMIs, historians, SCADA systems, DCS environments; understanding what each component does and how they interconnect 

• Purdue Model and IEC 62443 zone/conduit model: The network segmentation frameworks that define how OT environments should be architecturally protected 

• Industrial protocols: Modbus, DNP3, EtherNet/IP, IEC 61850, Profibus reading and analysing these protocols in packet captures, identifying anomalous commands 

• OT asset discovery: Passive and active discovery techniques, building and maintaining an OT asset inventory using Claroty/Nozomi conceptual approach 

• Lab: Passive network analysis of an OT environment capture. Identify all devices, map the Purdue level for each, and identify three anomalies in the captured traffic 

Days 3-4: OT Threat Intelligence and Risk Management 

• OT-specific threat actors: VOLT TYPHOON, SANDWORM, XENOTIME; their TTPs in OT environments, MITRE ATT&CK for ICS mapping 

• ICS-specific malware: INDUSTROYER/CRASHOVERRIDE, TRISIS/TRITON, PIPEDREAM/INCONTROLLER understanding what these did and what they revealed about attacker capability 

• IEC 62443 risk assessment methodology: Applying the standard to a realistic industrial environment, zone and conduit analysis, security level determination 

• OT-specific vulnerability management: Why standard VM approaches fail in OT and how to adapt them, compensating controls for unpatachable systems 

• Lab: Complete an IEC 62443 risk assessment for a realistic industrial scenario. Identify zones, define conduits, assess security levels, and produce a risk treatment plan 

Days 5-6: OT Incident Response and Capstone 

• OT incident response: How IR differs in OT environments, the physical consequence decision tree, coordination with operations teams, evidence preservation in ICS environments 

• OT security monitoring: Deploying and configuring OT-specific IDS/monitoring, writing detection rules for industrial protocol anomalies 

• Network segmentation implementation: DMZ design for IT/OT connectivity, data diode applications, unidirectional gateway technology 

• Regulatory requirements: NIS2 for OES, NERC CIP concepts, UK NIS Regulations for operators of essential services 

• Capstone: A realistic OT security engagement, candidates are given an asset inventory, network topology, and an active incident involving anomalous PLC commands on an energy sector OT network. They must: conduct a risk assessment on the affected systems, determine the appropriate incident response actions, produce a network segmentation recommendation, and present their findings to a simulated operations and security leadership team. Assessed by a senior Xcademia ICS/OT security practitioner. Verifiable at xcademia.com/verify. 

The XICS capstone places candidates in the scenario most OT security professionals dread: an active incident in an industrial environment where the wrong response could be more damaging than the attack itself. The practitioner who can navigate that decision space under assessment conditions is the one who can be trusted with it in practice. 

GICSP VS XICS COMPARISON