As utilities continue to accelerate their digital transformation efforts, the operational technology (OT) environment is becoming increasingly interconnected and complex. This exposes a central area of vulnerability: the cybersecurity workforce responsible for securing these critical OT systems. Traditional hiring methods, such as relying exclusively on IT or engineering backgrounds, are now insufficient. Utilities need professionals with specialized skills that can operate at the intersection of OT environments and cybersecurity, but finding or developing this talent remains a significant struggle.
Through our recent engagement with the Southeast Region Cybersecurity Collaboration Center (SERC3), a federally funded program and partnership between Auburn University and Oak Ridge National Laboratory, we connected with OT stakeholders from several utilities, ranging from investor-owned utilities (IOUs) to cooperatives. Through this program, we’ve learned that education pathways remain largely siloed, separating IT and power systems training. To mitigate this, utilities are investing significant resources in bridging this gap through on-the-job training, as new hires often lack real-world exposure to OT concepts, a thorough understanding of industrial automation practices, and the essential soft skills required for interdisciplinary collaboration.
Siloed Education Pathways
IT Education Path
OT Education Path
IT Education Path
OT Education Path
IT-Related Degree Programs:
Computer Science, Computer Engineering, Information Technology/Information Systems, Information Security/Cybersecurity, Data Science/Analytics
OT-Related Degree Programs:
Electrical Engineering, Power Systems Engineering, Instrumentation and Control Engineering/Industrial Automation, Mechanical Engineering, Mechatronics/Systems Engineering
Effective Ways to Bridge the Gap
On-the-Job Training
Exposure to OT Concepts
Industrial Automation Comprehension
Soft Skills
On-the-Job Training
Exposure to OT Concepts
Industrial Automation Comprehension
Soft Skills
Why Traditional Hiring Pipelines Are Breaking Down
Utilities have, up until this point, relied on IT graduates or traditional engineers to fill OT cybersecurity roles. However, these backgrounds rarely provide the hybrid skill sets needed. Critical gaps identified include:
Limited Hands-On Experience
New hires often require extensive training on industrial control systems and OT-specific hardware.
Soft Skills Shortages
Problem-solving, critical thinking, and collaboration across departments are as essential as technical skills and often missing.
Credential Misalignment
Generic IT certifications don’t adequately prepare workers for OT cybersecurity roles.
"We can’t hire our way out of this. To expand the availability of talent we need to secure our operational environments, we must revamped internal training and better leverage academic partnerships. Today’s workforce reality that we have OT practitioners who haven’t traditionally had to develop cybersecurity skills and cybersecurity professionals who have limited knowledge or experience of operational environments. We need people who speak both languages: automation and cybersecurity and today we are all competing for the same handful of practitioners who can bring these worlds together."
– J. Goosby, Operational Technology Leader, Southern Company
“We can't hire our way out of this. To secure operational environments, we must build the talent we need. We need people who speak both languages: automation and cybersecurity. And today we are all competing for the same handful of practitioners who can bring these worlds together.”
– J. Goosby, Operational Technology Leader, Southern Company
Although the traditional OT model provided OT responsiveness to operating areas, it is becoming less effective as small, siloed groups with crucial knowledge are nearing retirement and leaving the workforce.
How Should Utilities Build the OT Cybersecurity Workforce?
Utilities must shift from a “hire and hope” model to a strategic, phased approach to workforce development. Insights from our support on the SERC3 and our work at a large generation IOU reveal several key considerations:
1. Start Early
Build local talent pipelines by raising awareness of OT cybersecurity careers in pre-college and early college programs.
2. Prioritize Hands-On Training
Leverage internal or regional testing labs and simulators to train staff on real-world OT scenarios without impacting production OT systems.
3. Implement Structured Development Programs
Design competency-based programs adapted to individual skills, building OT and OT cyber expertise from within. Through targeted learning and hands-on exposure, IT support, field technicians, and owner/operators grow into critical OT roles.
4. Create On-the-Job Learning Tracks
Define clear, competency-aligned upskilling pathways from entry-level roles, such as cybersecurity/SOC analysts, to OT cybersecurity leads.
5. Develop Both Hard and Soft Skills
Integrate critical thinking, communication, and collaboration training alongside technical skills training.
How ScottMadden Can Help
Focusing on attracting and developing the correct type of OT cybersecurity talent will better protect and secure critical infrastructure as threats continue to evolve and get more sophisticated.
For utilities seeking to invest in a competency-driven, sustainable approach to building their OT cybersecurity workforce from the ground up, ScottMadden offers comprehensive support.
We can assist with:
- Competency-Aligned Career Pathways: We help utilities define practical and customized step-by-step growth plans for OT cybersecurity careers within their organizations, from entry-level to senior levels. Learn more about ScottMadden’s OT workforce competency matrix.
- Workforce Strategy and Roadmap Development: We develop structured, strategic roadmaps to guide utility workforce development initiatives, ensuring alignment with their organizational goals and talent needs. Learn more about ScottMadden’s work in workforce development programs in energy.
- Training and Rotational Program Design: We design and help implement customized workforce programs, ranging from on-the-job training to rotational programs, to help utilities grow and retain the correct type of talent.
- Local Partnership Enablement: We help universities, national labs, utilities, and other government agencies establish engagement models to foster cross-industry collaboration to grow talent throughout the region.
NXT GEN® Technical Training Development: We help utilities develop and execute highly practical, hands-on, and technical system training that is modular, scalable, and easily deployable, with a focus on customized site-specific content. Learn more about ScottMadden’s NXT GEN® Training.
