YOUR LEGACY DCS IS NOT THE PROBLEM. THE UPGRADE PITCH IS.

A proven, standards-compliant framework for securing legacy OT systems - without replacing them. Real projects, and a 90-day roadmap for engineers and plant managers who need results, not vendor lock-in.

13 Modules | 50+ Lessons | 20+ Years OT Experience | 65 CVEs Documented

You Are Being Told One Thing. The Standards Say Another.

Your OEM says the same thing every time a cybersecurity audit comes around.

This system is end-of-life. You must upgrade to stay compliant.

You are paying millions for hardware replacements that introduce new attack surfaces, cloud dependencies, and licensing arrangements you cannot exit.

There is no way to secure an unpatched DCS.

ISO 27001 and IEC 62443 explicitly recognise risk avoidance through isolation as a fully valid and auditable risk treatment method. A system that cannot be reached cannot be breached.

Your network segmentation is not sufficient.

A reference-site assessment of Siemens SCALANCE switches found 65 documented CVEs — 8 rated CRITICAL at CVSS 9.8 or 10.0. Several have no vendor fix planned.

Compliance requires the latest firmware.

Compliance requires a documented, risk-managed control environment. Physical segmentation, data diodes, and passive monitoring satisfy that requirement without new software dependencies.

This Course Is Designed For

C-Level Executives & Board Members

At energy companies who need a clear, standards-referenced position they can present to regulators, auditors, and insurers without relying solely on vendor recommendations.

Plant Managers & Operations Directors

Responsible for business continuity and being asked to approve large capital expenditure on OEM upgrades without an independent technical justification.

Anyone Facing OEM Upgrade Pressure

Being pressured by Siemens, ABB, GE, or Honeywell to spend on hardware or software upgrades as the only route to cybersecurity compliance.

OT/ICS Engineers & C&I Technicians

At power plants, substations, and generation facilities who maintain DCS, SCADA, or PLC systems and need a practical cybersecurity framework they can implement themselves.

Compliance & Risk Officers

Working against IEC 62443, ISO 27001, NESA UAE, or NIS2 frameworks who need to map OT-specific controls to existing governance structures.

Cybersecurity Professionals

Transitioning into OT/ICS who understand IT security principles and need to understand how Zero Trust translates — and where it does not — into the industrial environment.

WHAT THIS COURSE CHANGES

After completing this course, you will examine any OEM recommendation through verified standards and proven architecture — and make an independent, defensible decision.

VIRTUALISE

Move legacy DCS logic to isolated virtual environments. Remove the physical attack surface without losing process knowledge or control fidelity.

ISOLATE

Deploy data diodes and physical zone separation. A system that cannot be reached cannot be breached. Full ISO 27001 and IEC 62443 compliance through risk avoidance.

MONITOR

Passive continuous monitoring through NOC and data-diode architecture. Full visibility without creating new ingress points or disrupting live processes.

13 Modules. 50+ Lessons. Practical & Complete OT Security Programme.

Module 01 — OT Zero Trust Fundamentals

Why Zero Trust from IT does not apply unchanged to OT, and how to adapt it where availability outranks confidentiality.

Module 02 — The OT Threat Landscape

Real CVE data from Siemens SPPA-T3000, SCALANCE switches, and S7 PLCs. Live DDoS demonstration against a Siemens S7.

Module 03 — Governance & Standards Mapping

IEC 62443, ISO 27001, NESA UAE, and NIS2 — how to map OT controls and produce audit-ready documentation.

Module 04 — Asset Inventory for OT Networks

Passive discovery methods for legacy environments. Building a complete hardware and software register without disrupting live processes.

Module 05 — Risk & Threat Modelling

Consequence-based prioritisation and treatment selection — including when isolation is the correct treatment.

Module 6: Segmentation, Isolation, and Microsegmentation

Data diode deployment, physical zone separation, and the case for removing attack surface rather than managing it.

Module 07 — Identity & Remote Access

Secure remote access for semi-isolated OT. MFA and privileged access management without cloud dependency.

Module 08 — Secure Communications

Protocol security for DNP3, Modbus, and IEC 61850. Managing legacy protocols that cannot be encrypted.

Module 09 — Monitoring & Detection

Passive network monitoring architecture. NOC integration. Anomaly detection without active scanning.

Module 10 — Incident Response for OT

OT-specific response playbooks. Isolation without process trip. Evidence collection and board communication protocols.

Module 11 — Recovery & Business Continuity

Recovery sequence design. DCS configuration backup and restoration. Continuity planning independent of OEM availability.

Module 12: 90-Day Plant Roadmap — From Assessment to Action

A structured 30/60/90-day programme from attack surface verification to pilot monitoring deployment.

Module 13 — Defending Your Position to Management & Regulators

How to present a non-upgrade compliance strategy to boards, auditors, and regulators. Responding to OEM counter-arguments with documented evidence.

About the Instructor

Petr Roupec — CEO, Bohemia Market CZ s.r.o.

With more than 20 years of hands-on experience in industrial automation and power plant control systems, Petr has conducted vulnerability assessments and designed security architectures for operating generation facilities across Europe and Southern Africa.

His documented assessment of Siemens SPPA-T3000 DCS platforms, SCALANCE network infrastructure, and S7 PLC environments produced one of the most detailed OT vulnerability reports available outside a vendor security advisory — 65 CVEs on SCALANCE switches, 8 rated CRITICAL at CVSS 9.8–10.0.

Standard Enrolment

€397

Everything you need to build and defend your OT security programme

Full access to all 13 modules and 50 lessons
Downloadable templates: asset register, risk matrix, network segmentation diagrams, 90-day roadmap planner
Standards mapping reference: IEC 62443, ISO 27001, NESA UAE cross-reference tables
Incident response playbook templates (OT-specific)
Lifetime access including all future updates
Certificate of completion

Enrol — Standard

Premium Programme

€997

Standard course plus direct access to the instructor

Everything in Standard
One private 60-minute consulting session with Petr Roupec — apply frameworks directly to your site or prepare a board presentation
Priority email support for 30 days
Certificate of completion

Enrol — Premium

Our DCS is already marked end-of-life by the OEM. Is it too late?

Our auditor expects IEC 62443 compliance. Does this course address that?

We have a mixed environment — legacy and recently upgraded systems.

Our OEM says data diodes will break their remote support agreement.

I come from an IT security background. Will this be too technical on the OT side?

Is this course relevant outside of power generation?

The Decision Is Not Technical. It Is One of Accountability.

You do not need to replace your DCS to be compliant. You need to understand your risk and prove you have treated it. This course gives you the technical framework, the standards references, and the practical tools to answer that question to your board, your regulator, and your OEM.

Start the Course — €397 Standard or €99.4 five installments

Premium Programme — €997