How does Incident Response in ICS/OT/SCADA work? In this episode of Simply ICS Cyber, Don and Tom welcome Kai Thomsen, Director of Global Incident Response Services at Dragos.

Join us as we answer the questions below and provide more insight into how IR works in OCS, OT, and SCADA:

- Is DFIR the same on the OT side as the IT side?
- What are some of the challenges the OT DFIR team faces?
- In an organization, who is responsible for OT incident response?
- What are table tops, how should you conduct them?
- What are some table top exercises?
- How do you get into OT DFIR?

Discover the Dragos 2025 YIR Report: https://www.dragos.com/ot-cybersecurity-year-in-review

Connect with Kai on LinkedIn: https://www.linkedin.com/in/kai-thomsen-a635b21b7

Check out the Incident Response Table top resources below:

- CISA Tabletop Exercise Packages (CTEPs)
- CISA ICS Training
- Dean Parson’s ICS Incident Response Tabletops
- Lenny Zeltser Cheat Sheets and Presentations
- NERC’s Grid Security Exercise (GridEx)
- MITRE Cyber Exercise Playbook
- Black Hills Information Security (BHIS) Backdoors and Breaches ICS/OT Deck
- Center for Internet Security, Tabletop Exercises – Six Scenarios to Help Prepare Your Cybersecurity Team
- Red Canary: Are You Using Tabletop Simulations to Improve Your Information Security Program?
- Dragos: Preparing for Industrial Cyber Response Tookit
- Dragos: Preparing for Incident Handling and Response in ICS
- Dragos Tabletop Exercise
- ICS4ICS Incident Command System for Industrial Control Systems
- European Network for Cyber Security (ENCS) Red Team – Blue Team Training

Join us every other Wednesday for Season 1 of the Simply ICS Cyber podcast, with your hosts, Don C. Weber and Tom VanNorman.

Connect with your hosts on LinkedIn:
- Don linkedin.com/in/cutaway
- Tom linkedin.com/in/thomasvannorman

=========================
Simply Cyber empowers people who want a rewarding cybersecurity career
=========================
All the ways to connect with Simply Cyber
https://SimplyCyber.io/Socials