An effective industrial cybersecurity risk workshop should bring together the people who understand how the plant runs, how it is controlled, and what is at risk if something fails. In a regulated, brownfield environment, that means a mix of OT, IT, quality, safety, and business decision makers, not just the security team.
Core participants (usually required)
These roles are typically non-negotiable for a useful outcome:
- Operations leadership (plant manager, production manager, value stream leaders)
They understand production priorities, acceptable downtime windows, and the real impact of loss of availability, quality, or throughput.
- OT / controls engineering (controls engineers, automation engineers, process engineers)
They know PLCs, SCADA, DCS, HMIs, historians, CNCs, test stands, and how they are networked. They can identify realistic failure modes and constraints on changes due to validation and vendor support.
- IT / industrial IT (network engineers, infrastructure, security architects)
They bring knowledge of firewalls, segmentation, identity, backups, and remote access. They also understand corporate security policies that must coexist with plant realities.
- Cybersecurity / information security (CISO delegate, OT security lead, security engineers)
They provide threat models, regulatory expectations, and alignment with frameworks such as IEC 62443. They help translate workshop results into a structured risk register and remediation roadmap.
- Maintenance leadership (maintenance manager, reliability engineers)
They own patch windows, firmware updates, spare parts, and vendor service contracts. They understand what can actually be taken down, when, and with what risk to long-life assets.
Regulated environment & quality participants
In regulated or aerospace-grade environments, additional roles are often essential to avoid downstream compliance and validation issues:
- Quality / QA leadership
Understands product quality risks, data integrity expectations, electronic records, and how cybersecurity events could affect batch records, genealogy, or inspection data.
- Regulatory / compliance representatives (as applicable)
Helps interpret sector-specific requirements and how cybersecurity controls intersect with validation, documentation, and audit expectations. They can flag when changes will trigger requalification or additional documentation.
- Safety / EHS representatives
Ensures that scenarios involving loss of control, safety systems, or utilities (e.g., gas, steam, inerting) are assessed for potential safety consequences, not only data loss.
Business and risk owners
Risk decisions should be made or endorsed by people who own the business impact:
- Site leadership (plant director, operations director)
Provides risk appetite guidance, approves prioritization of mitigations, and can commit to budget and downtime for remediation.
- Business continuity / enterprise risk management (if present)
Connects plant-level risks to enterprise risk registers, insurance considerations, and cross-site dependencies (e.g., single-source assets).
Specialist and optional participants
Depending on scope, complexity, and maturity, some of these roles may join all or part of the workshop:
- Key system owners for MES, ERP, QMS, PLM, historians, and LIMS
Particularly important where these systems bridge IT and OT and where unavailability directly affects release, batch disposition, or traceability.
- Process owners for critical value streams or high-risk units
They understand practical workarounds, manual modes, and the real effect of system loss on safety, quality, and delivery.
- Vendor / integrator representatives for critical OT assets
Useful where systems are proprietary, poorly documented, or vendor-managed (e.g., OEM skid systems, legacy DCS). Their participation must be controlled to avoid disclosing sensitive internal risk assessments without appropriate agreements.
- Automation / digital transformation program leads
Helps align risk findings with ongoing digital projects so that new integrations do not compound existing vulnerabilities.
How to keep the workshop manageable
Large plants can easily overfill a workshop. To keep it effective:
- Define scope clearly (e.g., single line, utility system, or site-wide network zone) and invite subject matter experts relevant to that scope.
- Use a core group (ops lead, OT, IT/security, maintenance, quality) and bring others in for specific sessions or scenarios.
- Nominate a single decision owner per site or per system who can resolve disagreements on risk ratings and priorities.
- Capture gaps where the right participant is missing, and follow up later rather than guessing about critical systems or obligations.
Brownfield and long-lifecycle realities
In brownfield plants with mixed vendors and long-life equipment, it is important that participants include people who understand:
- Legacy protocols, unsupported operating systems, and vendor-imposed constraints on patching and hardening.
- Validation and requalification impacts of changing control logic, OS versions, or network topologies.
- Integration points between old and new systems where security boundaries are unclear (e.g., custom middleware between MES and PLCs).
This is also why full “rip and replace” approaches are rarely realistic topics for a risk workshop in regulated environments. Participants should be prepared to discuss incremental, compensating controls and phased improvements, rather than assuming wholesale system replacement.
Minimum viable group if resources are constrained
If you must limit attendance, a practical minimum for an initial workshop is:
- One operations or site leader who can speak to business impact.
- One OT / controls engineer familiar with the in-scope assets.
- One IT / security representative with authority to interpret security policies.
- One maintenance or reliability lead who manages outages and vendor access.
- One quality or compliance representative if the plant is regulated.
This group can identify major risks, then schedule follow-up sessions with more specialized stakeholders as needed.
