
In this four hour workshop, use Wireshark for passive-only asset discovery on a simulated OT network, then score and document a complete 5-asset risk register using a consequence-weighted, NIST CSF 2.0-aligned methodology. Leave with a real deliverable you can act on immediately
Course Length: 4 Hours
Includes a Certificate of Completion
Next scheduled date: July 31st, 2026 @ 12:00 PM ET
Description
Most people working in or around OT security know something is wrong. They’ve seen the flat networks, the vendor VPNs that terminate directly in the control zone, the historian that sits on both the IT and OT networks with nothing in between. The harder part is turning that instinct into something a leadership team can act on.
This workshop is where the instinct becomes a document.
In four hours, you will use a real tool (Wireshark) to discover assets on a simulated OT network without generating a single active scan packet – the only safe approach in a live industrial environment. Then you will score what you found against a consequence-weighted risk model, document the compensating controls already in place, and calculate the residual risk for each asset. The result is a completed 5-asset OT risk register that you can bring back to your organization and use immediately.
The risk register is not a practice exercise. It is built on the same methodology used in the 16-hour Foundational OT Cybersecurity course and follows NIST CSF 2.0 Identify function structure. If you decide to go further, your workshop deliverable travels with you into the course.
Who Should Take This Workshop
This workshop is for people who work in or around industrial environments and want to start doing something concrete about OT security, not just understand why it matters.
IT security professional entering OT: You know how to run a Wireshark capture. You’ve never done it in an OT context before. This workshop closes the gap between what you already know and what OT risk scoring requires.
OT / control systems engineer: You know these assets better than anyone. What you may not have is a structured way to score their risk and communicate it to leadership. The risk register gives you that language.
Operations or plant manager: You’ve sensed the exposure but haven’t been able to put a number on it. This workshop produces exactly that, a ranked list with scores your security team can act on.
Security consultant or vCISO supporting industrial clients: You need a methodology you can hand to a client that is credible, defensible, and doesn’t require a six-month engagement to produce. The risk register is that starting deliverable.
What You’ll Learn
- Use passive network monitoring techniques to identify OT assets on a simulated control network without generating active traffic
- Classify discovered assets by Purdue Model level and document device type, function, and network exposure
- Apply a consequence-weighted risk scoring model to 5 OT assets, producing a ranked risk register with compensating control analysis
- Articulate the connection between asset visibility gaps and OT security investment priorities in plain business language
-
System Requirements
- The workshop uses a pre-built virtual machine (WS-Start) distributed as an OVA file. You must import and verify the VM before the workshop begins. Setup takes approximately 15-20 minutes and should be completed at least 24 hours in advance.
-
Minimum Hardware
- Processor: 64-bit dual-core, 2.0 GHz or faster. Intel or AMD. Apple Silicon: see note below.
- RAM: 8 GB total system RAM minimum. 16 GB recommended. The VM is allocated 4 GB.
- Disk space: 20 GB free for the VM image after import. Additional 5 GB for the OVA download file.
- Display: 1280 x 768 minimum resolution. 1920 x 1080 recommended for Wireshark readability.
- Network: Internet access required for OVA download only. Not required during the workshop.
-
Supported Host Operating Systems
- Windows: Windows 10 (64-bit) or Windows 11. VirtualBox 7.0+ or VMware Workstation 17+
- macOS: macOS 12 Monterey or later (Intel Mac). VirtualBox 7.0+ or VMware Fusion 13+ Linux: Ubuntu 20.04 LTS or later (64-bit). VirtualBox 7.0+
-
Apple Silicon (M1 / M2 / M3) Note
- The workshop VM is an x86-64 OVA and will not run in VirtualBox on Apple Silicon Macs. If you are on Apple Silicon, contact the instructor at least 48 hours before the workshop to receive alternative setup instructions (UTM-based ARM environment). Apple Silicon support is an active development item - an ARM-native OVA is planned for a future release.
-
Required Software (free)
- VirtualBox 7.0+: virtualbox.org Free. Recommended for most attendees.
- VMware Workstation 17+: vmware.com Free for personal use. Required if you prefer VMware.
- No software needs to be installed inside the VM.
Syllabus
- Module 1: OT Asset Discovery
- Lab 1: Passive Asset Discovery
- Module 2: OT Risk Scoring
- Lab 2: Asset OT Risk Register
FAQ
TCP/IP fundamentals: You can read a basic network diagram, understand IP addresses and subnets, and know what a port number is. You do not need to know OT protocols – those are taught in the lecture blocks. Hard requirement.
Basic OS literacy: You can open a terminal, navigate a file system, and run a command-line instruction. The VM is Ubuntu Linux – comfort with a Linux desktop is helpful but Windows users adapt quickly. Hard requirement.
VM setup complete before day of workshop: The WS-Start VM must be imported, started, and verified (ws-check.sh all PASS) before the session. Setup takes 15-20 minutes. Do not leave it for the morning of the workshop. Hard requirement.
What You Do Not Need
- Prior OT or ICS security knowledge
- Experience with Wireshark
- PLC, SCADA, or DCS hands-on experience
- Any software installed on your own machine
About the Instructor
Ashley Wolfe
Bio
Ashley Wolfe is an operational technology (OT) cybersecurity professional specializing in industrial control systems (ICS) security and critical infrastructure defense. She is the Owner and Chief Technology Officer of Wolfe Evolution, where she leads the development and delivery of OT cybersecurity assessments, consulting services, and hands-on training programs.
Ashley brings practical, real-world experience designing, assessing, and securing industrial environments. Her work focuses on helping students understand how OT systems are built, how they communicate, and how they are targeted by modern threat actors—bridging the gap between traditional IT security concepts and operational realities.
As an instructor, Ashley emphasizes foundational understanding, critical thinking, and realistic attack and defense scenarios. Her courses are designed to prepare students not just to recognize vulnerabilities, but to understand how exploitation occurs in ICS
environments and how effective defensive decisions are made without disrupting operations.
Register for Upcoming
How to Turn OT Risk into a Plan
Live Training Ashley Wolfe
- Certificate of completion
- 6 months class recording access via Discord
For tuition assistance with this course please send an email to: [email protected]
Related products
-
Patterson CakeLive4 Hrs
Workshop: Rapid Endpoint Investigations
View Course -
Daniel LowrieLive2 Hrs
Workshop: Intro to Virtualization
View Course This product has multiple variants. The options may be chosen on the product page -
Eric KuehnLive16 Hrs
Red Team Fundamentals for Active Directory
View Course This product has multiple variants. The options may be chosen on the product page -
Bill McCauleyLive4 Hrs
Foundational Application Security Training
View Course

