An exciting week at S4 wrapped up several weeks ago, and I’m finally getting around to writing about my experience at the event and, in general, the OT cybersecurity market.

This wasn’t my first S4; I attended it several years ago when it was hosted in Miami Beach. This year, the event was hosted in Tampa, FL. Just for starters, I liked Miami more. The Miami atmosphere is simply amazing, and Tampa just can’t match the same energy.

I caught a few of the talks at S4, and the main stage had some great insights—including the big Nvidia announcement—all of which I’ll write about a bit more below.

My key observations from S4 really came from the hallway conversations and some private events around the conference. This is one of the few events where hallway conversations are possible, and the discussions can be epic in nature. A lot of knowledge is exchanged, and relationships are forged in those interactions. The layout of the event keeps you moving around, which is great because you’re always seeing new faces as you move along throughout the various sessions and sponsor areas.

Brass Tacks

OT cybersecurity is evolving—and fast. As I write this, Dragos has just released its annual report on OT cybersecurity, highlighting a sharp increase in OT cyberattacks. Attackers are finding gaps and capitalizing on them to launch significant cyberattacks. While innovation in OT cybersecurity is on the rise, the adoption rate of new technology remains significantly slower on the customer side.

Many of the conversations I had with some big-name players underscored the challenge of adaptation across various industries. Manufacturing seems to be the fastest-moving industry when it comes to securing OT technology, while other industries trail behind—either due to regulations, lack of expertise, or the cost and complexity of upgrades. All of these factors highlight the ongoing challenges.

Furthermore, the difficulty in funding innovators in this space was evident throughout S4. Dale did a good job trying to put together a start-up exhibition area; some of those companies certainly fit the start-up bill, while others didn’t fit that mold at all. This isn’t an S4 problem but rather an industry problem: funding for OT-focused companies can be tough because OT is seen as a smaller market without the high multipliers that draw investors to software companies. As such, investors aren’t flocking to these firms the way you might see at other events where VCs and PE firms scour for the next “Wiz.”

The Good News

Even though funding is a challenge and sales cycles are long, the industry is moving in the right direction, and a bit of encouragement from big companies could help fuel growth. The gap between IT and OT is shrinking: players like Palo Alto Networks, TXOne, and Fortinet are all entering the OT market, introducing products that bridge that gap. Their presence is great for the entire OT cybersecurity industry; they bring large marketing teams and messaging that help open the door for customers to ask more questions, ultimately leading to better OT cybersecurity.

Nvidia shared some news on their new GPU at the event and that led to a real buzz at the event, it made the Nvidia team really popular and led to many great conversations.

One particularly interesting aspect of S4 is the integration of OEM companies like Siemens, SEL, and others with cybersecurity solutions. Rarely do you see this at cybersecurity events, where the OEM manufacturers are in the same space as everyone else, displaying their approaches to Security by Design and ecosystem support.

ICS Village also shines at S4, with multiple CTFs and fun activities that attract attendees looking to test their skills and see tools in action. Bryson Bort and Tom do an amazing job creating a vibrant community that teaches, develops, breaks things, moves fast, and helps every OT practitioner be better. A small shout-out to the team at Scythe for all they do.

The Bad News

The OT industry is slow, it’s expensive, and it’s challenging to make changes. The downtime struggle is real. Any downtime in Energy, Oil and Gas, Healthcare, or Manufacturing can cost a business millions of dollars. This creates long sales cycles for adopting new technology, along with plenty of hoops to jump through and OEM dependencies. It’s not because people aren’t dedicated or willing—it’s just the nature of the beast, and cracking it is tough if not near impossible.

My Key Takeaways

OT is everywhere—not just where you’d typically expect—and this was evident in the diverse industries represented at S4 this year. I met people from Healthcare, Data Centers, Semiconductors, Energy, Oil and Gas, Manufacturing, and Telecom. Dale Peterson did an amazing job with the content, so here are my top takeaways:

1. The integration of OT and IT is coming, and we need to be ready for it.

2. Hardware supply chain challenges and zero trust within that supply chain are critical to defend against nation-state backdoors in hardware. This challenge will be the battle of the next 3–5 years.

3. OT cybersecurity has many visibility and detection tools but very few preventive tools in its arsenal. Assuming OT isn’t internet-facing because it’s on closed networks leads to a false sense of confidence. My line to everyone was, “If it’s plugged in, someone can see it.”

4. Dale Peterson and his entire team are friendly, helpful, kind, and put on an amazing show. Thank you!

Please consider joining me next year at S4 in Miami Beach. I promise it’s the event you won’t want to miss!

Share