ICS/SCADA Security

Better prepared for complex attacks

Securing control systems is a challenge. Off the-shelve software and hardware as well as remote access possibilities in industrial environments increases continuously. The broader threat landscape and increased sophistication of attacks indicate the need to improve ICS security capabilities. But where to begin?

30 September - 2 October 2019

Course objectives

The Deloitte ICS/SCADA Security Training is an intensive, three day program that covers a number of topics to better understand the ICS environment and improve the security of ICS systems. The course follows a storyline that links all the exercises to a fictive company called ACMEA.

During this training we will provide insight into threats, best practices, vulnerabilities and the controls to mitigate them. We will take the participant through the complete ICS security cycle: Know, Prevent, Detect, Respond and Recover.

  • Provide insight in threats, best practices, vulnerabilities and mitigating controls
  • Discover the complete ICS security cycle: Know, Prevent, Detect, Respond and Recover
  • Hands-on experience with SCADA exploitation 

Course outline

Day 1: General Knowledge & ICS framework

  • Security basics
  • ICS basics
  • Developing governance and ICS framework
  • Threat Management
  • Incident Management

Day 2: Workshop and challenges

  • Hands-on SCADA exploitation workshop (CTF)
  • Network segmentation
  • Monitoring
  • Remote access
  • Client talk

Day 3: Solutions and practical approach

  • Patching and Antivirus strategies
  • Portable media
  • Client talk
  • Active and passive security assessments


'The strenghts of the course are experience and content'

Date & location

30 September - 2 October 2019

Target group

  • IT Professionals
  • Penetration testers
  • Managers who wish to increase their knowledge of the SCADA environment and SCADA security assessments


The course will be given in English or Dutch, depending on the participants preferred language. The course material is in English.


The costs are € 1,500 excl. VAT. Catering (lunch) and course materials are included in the price.

Permanent Education

Deloitte Academy is accredited by the NBA PE institution and has the NRTO label. This course qualifies for 18 PE hours. You can also register your PE-hours at the NOB or VRC.

For more information about our accreditation, we refer you to our Permanent Education page.


Until four weeks before the start of the course you may cancel your participation by email free of charge, or you may propose to attend on another date. Should you cancel within four weeks before the start of the course you will have to pay the full course fee.

In the event of insufficient participants we reserve the right to cancel the course at any time or move the date of the event. If so, you will be informed in due time.


Dima van de Wouw

Dima van de Wouw

Junior Manager

As part of the pentest and the SCADA security team at Deloitte Cyber Risk, I perform a wide range of assignments. Mostly assignments are concerned with infrastructure or (Virtual) Desktop Environment ... Meer

Dina Hadžiosmanović-Karaoğlu

Dina Hadžiosmanović-Karaoğlu

Junior Manager

Dina is a junior manager at Deloitte Cyber Risk Services with more than 6 years of experience in system security. Dina specializes in cybersecurity of industrial control systems (ICS), with focus on n... Meer