Workshop

Beyond Layer 2: VXLAN Overlays
for Critical Infrastructure

March 12th, 2026  |  9am – 5pm
Hilton Houston Post Oak by The Galleria

Overview
Agenda
Tickets

Please note: the workshop ticket does not include access to the CS4CA USA Summit. Similarly, the conference ticket does not grant access to the workshop. If you have any questions, please reach out to us.

What Will You Learn?

As IT and OT networks continue to converge, some industrial environments are adopting routed underlays, including private LTE and 5G, to transport multi-service OT and IT traffic across shared infrastructure.

This workshop explores how VXLAN can be used in these scenarios to carry required Layer 2 communication over Layer 3 networks, and how VXLAN-based segmentation can be aligned with ISA/IEC 62443 zones and conduits as part of a broader converged IT/OT network architecture.

This workshop is designed for practitioners responsible for designing, operating, and/or securing OT networks.

Who Should Attend

  • OT / Industrial Network Engineers
  • ICS & OT Cybersecurity Engineers
  • Critical Infrastructure Architects
  • IT Network Engineers supporting industrial or hybrid IT/OT environments
  • System Integrators in oil & gas, energy, utilities, manufacturing, or transportation

All lab exercises can be run locally on participant laptops using x86-64 architectures. ARM-based systems may be used but are not supported.

What You Should Bring

  • A laptop
  • Recommended Specs:
    – CPU: 4-8+ cores
    – RAM: 16-32GB+
    – Storage: 50-100GB

To get the most value from the workshop, participants should have familiarity with core IT/OT networking concepts.

Prerequisite Knowledge

Baseline (Required):

Cisco CCNA-level networking knowledge (certification not required), including:
  • Ethernet and TCP/IP fundamentals
  • VLANs and trunking (802.1Q)
  • IP addressing and subnetting
  • Basic routing concepts (static routing, OSPF familiarity helpful)
  • Understanding of Layer 2 vs Layer 3 boundaries

Helpful (But Not Required):

  • Exposure to industrial Ethernet (PROFINET, EtherNet/IP, Modbus TCP)
  • Familiarity with Cisco IOS / IOS-XE CLI
Basic understanding of:
  • Firewalls and segmentation concepts
  • OT network architectures (Purdue Model, zones & conduits)

⚠️ This is not an entry-level networking course.
Attendees should already be comfortable reading network diagrams and following packet flows.

Meet the Trainer

Andy Piatek

Digital Solutions Director at Novus Technical Services
Chair of the ISA Smart Manufacturing & IIoT Industrial Connectivity Technical Committee 

Andy Piatek is a senior OT and industrial cybersecurity practitioner with 20+ years of experience designing, securing, and modernizing industrial networks across energy, utilities, and critical infrastructure.

As Digital Solutions Director at Novus Technical Services and Chair of the ISA Smart Manufacturing & IIoT Industrial Connectivity Technical Committee, Andy brings deep expertise in industrial networking, segmentation, and secure OT/IT convergence. He holds 36+ professional certifications across Cisco, Juniper, Nokia, HP, AWS, Microsoft, ISC², and CompTIA, including multiple expert-level networking credentials, giving him a vendor-agnostic view of overlay architectures such as VXLAN and EVPN.

His approach goes beyond theory to show how technologies like VXLAN can be applied, phased, or adapted to meet the realities of critical infrastructure.

Key Learning Objectives

Explain why traditional Layer 2 network designs struggle to scale in modern OT environments, especially in converged IT/OT architectures and routed underlays.
Describe how VXLAN works as an overlay technology and how it enables Layer 2 communication over scalable Layer 3 networks. 
Demonstrate how VXLAN-based segmentation can be aligned with ISA/IEC 62443 zones and conduits, providing logical separation without extending Layer 2 fault domains. 

Preliminary Agenda
(Subject to Changes)

Hilton Houston Post Oak by The Galleria
9am – 5pm (CST)
09:00 – 09:20Welcome & Workshop Orientation

  • Instructor introduction & participant context
  • Workshop objectives and expected outcomes
  • OT constraints, assumptions, and scope
  • Lab environment overview (ContainerLab)

.
09:20 – 10:30Why Layer 2 Fails in Modern OT

  • Traditional OT Layer 2 design patterns and failure modes
  • Scale, fault domains, and broadcast constraints
  • Converged IT/OT realities (routed cores, shared infrastructure)
  • Business and operational drivers for routed underlays
  • Bridge to VXLAN: what problem are we actually solving?

.
10:30 – 10:45Morning Break
10:45 – 12:00VXLAN for OT Engineers

  • VXLAN architecture: overlay vs underlay
  • VTEPs, VNIs, encapsulation, control plane options
  • EVPN overview (what matters, what doesn’t—for OT)
  • VXLAN in industrial use cases (manufacturing, energy, mining)
  • Key takeaway: VXLAN is an enabler, not a security control

.
12:00 – 13:00Lunch
13:00 – 14:00Mapping VXLAN to ISA/IEC 62443

  • Zones and conduits refresher (OT context only)
  • Translating zones to VXLAN segments (VNIs)
  • Logical segmentation without extending L2 fault domains
  • Design review: Before vs After architecture comparison
  • Discussion: where VXLAN fits—and where it doesn’t

.
14:00 – 14:15Afternoon Break
14:15 – 15:45Hands-On Lab: VXLAN in an OT Scenario

  • Lab topology walkthrough (PLC ↔ SCADA over L3)
  • VTEP configuration and VXLAN bring-up
  • Validating Layer 2 OT traffic over Layer underlay
  • Packet capture: underlay vs overlay encapsulation inspection
  • Troubleshooting common VXLAN design and config errors

.
15:45 – 16:30Validation, Tradeoffs, and Operational Reality

  • Interpreting packet captures and encapsulation behavior
  • Latency, resiliency, and operational considerations
  • Hardware support limitations in industrial environments
  • VXLAN vs alternatives (MPLSoGRE, VRFs, traditional L2)
  • Decision framework: when VXLAN makes sense in OT
16:30 – 17:00Closing Remarks & Q&A

  • Key lessons learned
  • Practical next steps for real-world OT adoption
  • Open Q&A and discussion
  • References, tools, and further study

Don’t miss the opportunity to strengthen your OT security posture!
Register today to join the discussion and secure your place at this workshop.

Register Now

Summit Agenda

View the Program

More Workshops

View All Workshops