Workshop
When Prevention Fails: Building Real OT Disaster Recovery That Works
March 12th, 2026 | 9am – 5pm
Please note: the workshop ticket does not include access to the CS4CA USA Summit. Similarly, the conference ticket does not grant access to the workshop. If you have any questions, please reach out to us.
What Will You Learn?
Most organizations invest heavily in prevention, detection, and response. Yet their OT disaster recovery capabilities remain dangerously underdeveloped. OT environments bring unique recovery challenges that go far beyond traditional IT playbooks, from strict downtime limits to complex vendor dependencies and unclear roles between cybersecurity and operations teams.
This interactive workshop demystifies the NIST CSF and IEC 62443 recovery requirements, exposes common gaps in real-world programs, and gives participants hands-on exercises to build effective OT recovery strategies.
Through tabletop drills and scenario-based collaboration, attendees will learn how to define responsibilities, coordinate across teams, manage external vendors, and confidently execute “the off button and back on” when everything else has failed.
This workshop is designed for professionals involved in securing, operating, or recovering OT and industrial environments.
Who Should Attend
-
OT security practitioners and ICS cybersecurity engineers
-
OT/ICS asset owners and system engineers
-
Plant, operations, and reliability engineers with recovery responsibilities
-
Incident response and resilience teams supporting OT environments
-
IT security professionals working closely with OT teams
-
Risk, compliance, and governance professionals responsible for NIST CSF or IEC 62443 alignment
-
Managers and technical leads responsible for OT resilience, disaster recovery, or business continuity planning
All exercises are tabletop-based and use provided templates and scenarios.
What You Should Bring
-
A laptop
-
Participants are encouraged (but not required) to bring sanitized or high-level examples of their own DR plans, policies, or architectures for reference during discussions
To get the most value from the workshop, participants should have familiarity with core OT security concepts.
Prerequisite Knowledge
-
A basic understanding of OT/ICS environments and how they differ from traditional IT
-
Familiarity with industrial operations, control systems, or plant workflows
-
General awareness of cybersecurity concepts such as incident response, backups, and risk management
Meet the Trainers
John Ballentine
ICS Cybersecurity Program Lead
Port Authority of New York and New Jersey
John Ballentine has worked in OT cybersecurity in the industrial sector for more than 20 years, specialising in auditable compliance with NIST CSF and IEC 62443 on behalf of North American and European organizations that operate critical assets in both public and private sectors.
James Brake
Director, OT Cybersecurity Services
LCRA
With 37+ years’ experience in the utility industry, James Brake currently leads Lower Colorado River Authority’s OT Cybersecurity Services team in support and oversight of the Wholesale Power Services division including electric power generation.
Key Learning Objectives
Develop a practical, approvable OT DR plan
Participants will learn how to build a fit-for-purpose OT DR plan using recognized standards, adapt them to real operational environments, and produce a plan that accounts for roles, dependencies, and senior-management commitments.
Assess and improve organizational and vendor readiness for OT recovery
Participants will gain the ability to evaluate their current DR maturity, understand risk acceptance decisions, and effectively work with vendors and external parties to validate, align, and enforce DR responsibilities and contractual expectations.
Design, validate, and integrate OT recovery activities
Participants will learn how to design and run OT-appropriate recovery drills, make informed backup and training decisions, and integrate incident response and disaster recovery to ensure effective, end-to-end recovery capability.
Preliminary Agenda
(Subject to Changes)
| Hilton Houston Post Oak by The Galleria 9am – 5pm (CST) |
|
 |
09:00 – 09:20Introductions
. |
 |
09:20 – 10:00Trainers’ Experience & Real-World Lessons Trainers share their own experiences building OT disaster recovery plans. . |
 |
10:30 – 10:45Morning Break |
 |
10:45 – 11:30Standards, Models & Building the Plan
. |
 |
11:30 – 12:00Group Discussions: Current State & Experience Participants break into groups and discuss:
. |
 |
12:00 – 13:00Lunch |
 |
13:00 – 14:00Vendors & External Dependencies
. |
|
14:00 – 14:15Afternoon Break |
|
14:15 – 16:00Hands-On Exercises 1. Writing a DR Plan for a Power Plant
2. Designing a Recovery Drill
. |
|
16:00 – 16:30Integration + Q&A
|
|
16:30 – 17:00Closing
|
Don’t miss the opportunity to strengthen your OT security posture!
Register today to join the discussion and secure your place at this workshop.
