In this episode of Manufacturing Hub Podcast, hosts Vladimir Romanov and Dave Griffith sit down with Gavin Dilworth to explore the evolving world of ICS and OT cybersecurity. This is a topic that impacts every sector of manufacturing and critical infrastructure, yet many organizations still struggle with where to start, how to assess risk, and how to balance IT and OT responsibilities.

Gavin brings decades of experience in automation engineering and cybersecurity, having worked across energy, oil and gas, water, and manufacturing. He shares his unique journey from being an operator and control systems engineer to becoming a specialist in OT cybersecurity. The conversation spans a wide range of issues, from asset inventory and managed switches to people, process, and technology frameworks that help organizations take the first step toward maturity.

We discuss why IT and OT teams often clash and what it takes to bridge the gap. Gavin explains the realities of budgets, the challenges of compliance, and why self-reporting frameworks often fail to reflect true maturity. He also highlights the role of legislation in Europe, rising insurance premiums, and how cybersecurity assessments can influence financial and strategic decisions at the executive level.

The episode provides clear insights into best practices such as building a proper asset inventory, structuring security awareness training for OT teams, and applying a risk-based approach to patch management. Gavin also outlines the importance of functional safety, process hazard analysis, and the role of frameworks like ISA/IEC 62443. For engineers, leaders, and decision makers, this conversation makes it clear that cybersecurity is not just a technology problem but a people and process challenge that requires long term discipline and investment.

If you want to understand what real world OT cybersecurity looks like, what mistakes to avoid, and how to set a path toward resilience, this episode is packed with valuable takeaways.

Timestamps
00:00 Introduction and upcoming ICC event
02:20 Gavin’s career journey from operator to cybersecurity expert
06:00 What ICS and OT cybersecurity really mean
09:00 Managed switches, firewalls, and securing industrial devices
11:00 The importance of people, process, and technology in security programs
13:30 Asset inventories and the first practical steps in cybersecurity
17:00 Insurance, legislation, and financial implications of OT risk
23:00 The problem with self reporting and maturity frameworks
27:00 Risk based patching strategies and CVE management
31:00 Physical keys, tokens, and access control challenges
37:00 IT versus OT ownership of cybersecurity
45:00 Certifications, training, and resources for professionals
53:00 Unified Namespace and cybersecurity considerations
58:00 Predictions for the next five years in OT cybersecurity
01:02:00 Career advice for engineers and cybersecurity professionals

References mentioned in this episode
Industrial Network Security, Eric D. Knapp (Third Edition): https://www.isa.org/products/industrial-network-security-third-edition
Security PHA Review: https://www.isa.org/products/security-pha-review-for-consequence-based-cyberse
Managing Cybersecurity in the Process Industries, ISA: https://www.isa.org/products/managing-cybersecurity-in-the-process-indust
Industrial Cybersecurity: Efficiently secure critical infrastructure systems, Steve Mustard: https://www.isa.org/products/industrial-cybersecurity-efficiently-secure-criti
Assessment Plus: https://assessmentplus.co.nz
Ignition 8.3 by Inductive Automation: https://inductiveautomation.com

About the hosts
Vladimir Romanov is an electrical engineer and MBA with over a decade of experience in manufacturing and industrial automation. He has worked with Procter and Gamble, Kraft Heinz, Post Holdings, and now leads Joltek, a consulting and integration firm focused on digital transformation and modern manufacturing systems.

Dave Griffith is an experienced systems integrator, consultant, and advisor in the industrial automation space. He has worked with manufacturers across multiple sectors, helping organizations align technology with business strategy.

About the guest
Gavin Dilworth is the founder of Assessment Plus, based in New Zealand. With a background spanning automation, controls, and cybersecurity, he helps organizations design architectures, implement policies, and build resilience in OT environments. He also mentors professionals looking to enter or advance in the ICS cybersecurity field. Connect with him here: https://www.linkedin.com/in/gavin-dilworth/