SecOT+ and the Cybersecurity Shield for Tomorrow’s Infrastructure
As the boundary between digital and physical infrastructure continues to blur, the security stakes in the world of operational technology (OT) are climbing at a dizzying pace. In a strategic response to this shift, CompTIA, long revered for its vendor-neutral IT certifications, has announced the development of a ground-breaking credential: SecOT+.
This new certification, still in the early stages of development, is set to target a skills gap that could soon become a gaping vulnerability if left unchecked. Designed to arm professionals across OT and IT with a shared cybersecurity toolkit, SecOT+ is poised to play a critical role in protecting the nerve centres of modern civilisation – from manufacturing lines to energy grids.
A Security Wake-Up Call for Industrial Infrastructure
Let’s face it: modern infrastructure is under siege. Factories, water systems, oil pipelines and power stations are no longer just mechanical marvels – they’re connected, automated, and increasingly exposed to cyberthreats. From ransomware locking up industrial control systems to state-sponsored attacks aiming to cripple utilities, the threat landscape has changed dramatically.
“With technology continuing to expand across physical environments, it presents both opportunities and challenges,” said Katie Hoenicke, senior vice president of product development at CompTIA. “As the industry-recognised leader in building and validating security skills, CompTIA is eager to bring this rigour and dedication to the OT space.”
She’s right. The digitisation of operational environments offers vast potential for efficiency and innovation, but it also introduces attack surfaces that traditional security frameworks simply aren’t equipped to handle.
What SecOT+ Aims to Deliver
SecOT+ won’t just be another line on a CV. According to CompTIA, the certification will blend IT and OT cybersecurity principles into a unified, real-world credential. Candidates will be trained to:
- Conduct risk assessments tailored to industrial systems
- Implement secure configurations and hardening techniques
- Navigate regulatory and compliance frameworks relevant to OT
- Safeguard supply chains and manage third-party risks
- Integrate security practices into legacy environments still common in industrial settings
James Stanger, CompTIA’s chief technology evangelist, underscored the urgency: “Governments, industry leaders and cybersecurity techs are struggling to address the human and economic impact of critical infrastructure attacks. It’s time to streamline these efforts by creating a scalable, cutting-edge and cost-effective program. That’s the best way to counter the emergence of AI-powered cyberattacks on our global infrastructure.”
Why the Need Now?
This isn’t just a matter of proactive education. It’s a race against escalating threats. CompTIA’s own analysis of Lightcast job data shows that over 180,000 OT job postings were made by US employers in 2024 alone. And that’s before you count the millions already employed across energy, utilities, and manufacturing.
So where’s the gap? While many of these professionals are experts in their respective domains, few have been formally trained in cybersecurity practices tailored to OT systems. Conversely, cybersecurity specialists on the IT side often lack insight into how industrial systems operate, leaving a blind spot that bad actors are increasingly happy to exploit.
IT Meets OT
Historically, IT and OT operated in parallel universes. One managed data, the other kept machinery humming. But now, with automation, IoT sensors, and cloud-based SCADA systems, these worlds have collided.
CompTIA sees the SecOT+ certification as the bridge: a shared vocabulary and skill set that empowers professionals on both sides to collaborate effectively. It’s a smart move – and one that could have knock-on benefits across critical infrastructure resilience.
Training will follow CompTIA’s ISO-accredited development framework, with an emphasis on practical, scenario-based learning. It’s not just theory; it’s hands-on, roll-up-your-sleeves education designed for the realities of factory floors and control rooms.
Global Relevance in a Shifting Security Landscape
Cybersecurity has gone global, and so have its challenges. From the SolarWinds attack to the Colonial Pipeline breach, the writing’s on the wall: critical systems are juicy targets. As AI-enhanced malware and autonomous attack bots gain ground, defensive strategies need to evolve just as quickly.
SecOT+ is designed not just for the US or North American markets, but with international relevance in mind. Given the cross-border nature of manufacturing and energy supply chains, it’s essential that security professionals speak a common language. This certification could become that lingua franca.
Moreover, as governments worldwide ramp up their infrastructure cyber-defence mandates, a standardised certification could help companies demonstrate compliance and readiness – not just to regulators, but to stakeholders, investors, and insurance providers.
Wider Industry Implications
Beyond just the individuals who earn it, SecOT+ could set a new benchmark for OT cybersecurity competency. Organisations might soon use it as a hiring prerequisite, while others may integrate it into internal upskilling programmes.
This could be particularly beneficial for:
- Energy producers modernising outdated control systems
- Smart factories integrating robotics and IoT
- Water and waste utilities facing increasing cyber scrutiny
- Transport hubs adopting real-time data operations
It’s not just about defence, either. Companies that demonstrate cybersecurity maturity often enjoy better access to contracts, especially in government or critical services sectors.
Still Leading the Charge
While some certifications lose relevance over time, CompTIA has consistently evolved. From A+ to Security+ and now SecOT+, its credentials are recognised globally across academia, industry, and the public sector. More importantly, they’re designed with both employers and learners in mind.
The announcement of SecOT+ follows CompTIA’s tradition of responding to emerging challenges before they balloon into crises. Its leadership in neutral, vendor-agnostic certifications makes it particularly suited to address fragmented industrial ecosystems.
“It’s not just about putting a badge on someone’s resume,” Stanger noted. “It’s about ensuring that when a cyber incident hits, the right people have the right skills to respond effectively.”
Building a Safer Industrial Future
Cybersecurity has become the cornerstone of resilient infrastructure, and initiatives like SecOT+ are laying the foundation for a safer industrial future. While the digital transformation of critical sectors won’t slow down, this certification offers a way to secure it – responsibly, pragmatically, and globally.
As more facilities embrace smart systems, the human element must evolve too. It’s clear that the next frontier in cybersecurity won’t be fought solely in server rooms, but in factories, plants and substations worldwide. With SecOT+, CompTIA is preparing today’s workforce for that reality.
