IT and OT: Cyber Skills Needed in Utilities Sector

One Brain, Two Hemispheres – IT and OT

(~10-minute read.)

Utility companies, like water, power, and petroleum, have historically operated two technical divisions: Information Technology (IT) and Operational Technology (OT). Over time, the divided model has shown itself to be inefficient and cyber-vulnerable if equipment remains outdated, and collaboration stagnates. Since IT and OT contain vastly different equipment with unique and diverse needs, it makes sense to keep them physically separate and managed by people with different skill sets. But these divisions must work together and synchronize like two hemispheres of a single brain. How can this be achieved? 

We interviewed two water & sewer utility districts - one large, one small - to gather their advice for students seeking jobs in cyber-physical.

Defining the Two Hemispheres   

First, an overview of IT and OT: 

IT: Containing the IP network infrastructure, applications, computer workstations, and cloud agents. 

OT: Containing physical components like sensors, pumps, valves, programmable logic controllers (PLCs), and other physical assets with digital and mechanical controls. 

The Corpus Callosum: SCADA and HMI 

Secondly, here’s how they connect: 

In a utilities company, the SCADA and HMI systems connect the IT and OT hemispheres like the corpus callosum in a brain. 

• SCADA: Supervisory Control and Data Acquisition systems gather real-time data from sensors (like PLCs) to aggregate and produce meaningful information from them.
• HMI: Human Machine Interface systems provide ways for humans to interact with machines. For example, a touch screen, a control panel, or a software application running on a computer, whether mobile, desktop, or cloud-based. The HMI might exist solely in the OT hemisphere, but is often accessible from the IT side – for example, on a virtual machine.

The Attack Surface

Connecting the physical control systems with the main IP network presents an attack surface that must be carefully protected. Fortifying these systems has been the subject of much research and governmental attention, as it directly affects public safety. 

Employees who specialize in either IT or OT must have a strong comprehension of how the other side works. Understanding both sides is a major key to operating them securely. For instance, knowing how to control chemicals through an HMI interface is crucially important, but understanding how the HMI software runs on a virtual machine – and knowing how to secure that virtual machine – is also critical. Furthermore, physical and technical fail-safes must be configured to prevent disaster in case of human error, whether accidental or deliberate. IT and OT must work together to design and deploy those fail-safes.

A Tale of Two Utilities 

[1] Silver Lake Water & Sewer District (SLWSD) 

A small water utility serving parts of Mill Creek and unincorporated Snohomish County. Though small, SLWDS offers lessons on protecting infrastructure. We interviewed James Busch, who oversees cybersecurity efforts, including audits and compliance with federal Risk and Resilience Assessments from the Environmental Protection Agency (EPA). 

Advice for future defenders:  

• IT and OT collaboration is essential. Cyber students: Be prepared to bridge the communication gap and advocate for security during planning - not just after deployment.
• Diplomacy is required when planning updates to legacy systems. Learn how to navigate resistance to change. Often, legacy systems have been working for years, and disruption is unwelcome - even if the goal is enhanced security.
• Know how to configure and monitor SIEM tools (Security Information and Event Management) and interpret alerts in mixed IT/OT environments.

[2] Alderwood Water and Wastewater District (AWWD) 

AWWD is Washington’s largest special-purpose utility, serving parts of Snohomish County since 1931. With 160 employees and a cost-conscious, ratepayer-funded model, the utility manages both water distribution and treatment—while maintaining a strong cybersecurity posture despite budget constraints.

Advice for Students:

Understand the IT/OT Divide—And How to Bridge It
At AWWD, IT and OT teams operate on physically separated networks, reducing risk. But collaboration is key. IT Manager Dianna Storm and SCADA Electrical Manager Kevin Sykes work in sync across business systems and infrastructure. Students should be prepared to speak both “languages” of IT and OT.

Bring Cross-Disciplinary Skills
Employers like AWWD value candidates with experience in electrical, engineering, instrumentation, or networking. Two years of education or hands-on experience in any of these areas is the minimum to be considered. Once hired, expect a two-year ramp-up before becoming fully effective in the role.

Don’t Expect Quick Internships—Think Long-Term
Due to the steep learning curve, short-term internships aren’t a fit. But lateral movement between IT and OT roles is encouraged. Students who can grow into hybrid roles will be especially valuable.

Study Where Utilities Look for Talent
Community colleges like Bellingham Technical, Green River, North Seattle, and Whatcom are key pipelines for utilities. Their programs align with the technical demands of real-world utility operations.

Cybersecurity in Practice 

Both districts emphasized the growing need for layered security across their systems: 

• Strict network separation between business and SCADA systems is enforced at AWWD.
• Penetration testing and firmware scanning are routine at Silver Lake.
• Remote access is tightly restricted, requiring physical action on-site to enable temporary access.
• Multi-Factor Authentication (MFA) is mandatory at both utilities.

Even with these measures, both organizations admit the sector faces a cyber talent gap. Entry-level roles require a wide skillset spanning from electrical and mechanical to software and IP networking. Job candidates may be more skilled on one side or the other (like a “left-brained” or a “right-brained” thinker), but must continually work on a broad spectrum of talents. 

Advice for Students of Cyber in Utilities 

For students aiming to break into the water utility or broader infrastructure sector, here’s what matters. No student will know 100% of these, but aim high: 

Technical Knowledge 

• SCADA systems
• PLC programming and ladder logic (e.g., Allen-Bradley controllers)
• HMI interface development
• Industrial networking, virtualization, Active Directory

Cybersecurity Fundamentals 

• Cyber risk assessments (e.g., EPA-mandated Resilience Assessments)
• Secure network architecture
• OT-specific tools and scanning
• Patch management and system hardening

Real-World Experience 

• Internships (when available)
• Capstone projects simulating SCADA/HMI environments
• Participation in cybersecurity competitions or testbed labs

“There’s a real opportunity for students with cybersecurity training and OT exposure to join consulting firms that serve utilities. SCADA programmers are in high demand, and most small utilities outsource those roles.”  - James Busch.

Standing Out: Beyond the Resume 

Both Alderwood and Silver Lake emphasized a troubling pattern: generic resumes and poor interview preparation. Students often apply without researching the employer and tailoring their applications accordingly. 

Tips from the field: 

• Customize every resume and cover letter.
• Learn about the specific utility’s mission, business structure, and systems.
• Highlight transferable skills (like troubleshooting or scripting) even if you lack direct OT experience.

What Colleges Can Do to Help

Water utilities can rarely offer formal internships or apprenticeships due to lean staffing and long learning curves. However, they are keenly interested in micro-credentials that upskill current employees. 

Both districts offered clear recommendations for community and technical colleges: 

• Integrate cybersecurity into automation and instrumentation programs.
• Teach cross-disciplinary skills—virtualization, Active Directory, SCADA basics, PLC logic, HMI design.
• Offer micro-credentialing programs on nights and weekends for busy workers.
• Offer resume/interview coaching tied to the infrastructure job market.
• Build job shadowing partnerships with utilities.
• Add utilities experts to your advisory board.
• Promote research into real job postings on utility HR pages or platforms like GovernmentJobs.com.

Faculty members like Tony Cobalt, who publishes open-source instrumentation curriculum, were cited as examples of how thoughtful educational design can support industry needs. Tony taught at Bellingham Technical College years ago, but his curriculum has built a legacy and spread to other colleges. 

A Career with Purpose 

Water utilities offer something few sectors can match: the chance to secure life-sustaining systems and safeguard public health. 

As utilities across the state modernize with SCADA upgrades and energy resilience projects, there’s never been a better time to enter the field. 

“This is where digital meets physical. And we need people who understand both.”  - Kevin Sykes