Limes Academy

The training ICS.201 OT Security Fundamentals is the perfect introduction to the topic of OT security. The course creates common understanding of OT security and provides guidance on how to work with it. Real incidents, practical knowledge from OT projects as well as case studies and findings from OT security assessments are used to teach participants how to understand and question the current security status of their OT environment.

The training ICS.205 Applied OT Security is the perfect choice for every participant preparing for a role or function with OT security responsibility. The training conveys essential OT security know-how, gives an introduction to common standards and explains practical actions for the secure operation of industrial systems. Existing skills in the areas of maintenance, industrial automation, as well as instrumentation and control technology are enhanced with the ability to include the security perspective in networked industrial systems.

The OT Security Management-training provides those responsible for operations, project and production managers and decision-makers in general with the knowledge they need to implement security in industrial operations. Participants learn all necessary skills to recognize dangers early on, to increase the security level and to lastingly avoid security vulnerabilities. The focus is on organizational topics and process management, in addition technical influencing factors are also discussed, which prepare the participants better for future security decisions.

The Assessing OT-Training provides participants with the basics to be able to professionally conduct security tests in industrial plants. Which tools should be used for which application? Which test cases are intrusive and therefore less suitable for OT? What information is relevant in the context of an OT security audit? In this course, participants benefit in particular from the Limes experts’ many years of experience in conducting security assessments in an industrial environment.

The OT Security Updater training course serves as a refresher and update course for the participants to inform them about organizational and technical innovations and progress in the field of security.

As part of the Secure Coding Web training, security concepts on the Web will be discussed, including Transport Layer Security (TLS) and Cross-origin Resource Sharing (CORS). How Session Management can be securely implemented will be explained. Then the anatomy of the most common web attacks such as Cross-site Scripting, Cross-site Request Forgery and SQL Injections is discussed together with how to avoid them. In addition, more complex web attacks such as XML External Entities, Broken Authentication, and Security Misconfiguration are explained. It concludes with an explanation of how code reviews can lead to improved code quality and how a secure development life cycle can be implemented in your organization. For a better understanding practical exercises are built into the topics.

If you don’t want to leave the security and the quality of your products to chance, you have to choose a proactive approach. Only by integrating security into the development processes and by having an organization that knows how to deal with the topic professionally can high-quality products that meet the needs of the market be created. The Secure Product Development with IEC-62443-4-1 training teaches the participants how security can be integrated into software development with the help of the IEC-62443-4-1 standard section Security in order to make their products lastingly secure.

The Security Testing Foundation training teaches the basic concepts of security testing. A structured procedure is presented along with how security tests for an application can be organized. Subsequently, cross-site scripting and SQL injection attacks will be discussed with a focus on web applications and their anatomy will be explained and practiced using real-world examples. During the training, well-known hacking tools will be used again and again to give the participants a tangible picture of reality. Finally, tools are presented with which automated security scans can be carried out and how their results are to be dealt with.

The IT Security Awareness training serves as a basis for every employee in the company to impart a basic understanding for security or to refresh pre-existing security knowledge. Training content can be individually tailored to the company (e.g. Incidents from the industry, standards and regulations that apply to the industry, hacking demos from the industry, internal company content such as own policies, links to own wikis and documents, listing internal company persons as security contacts, etc.).

In Zero Downtime, the cyber security simulation game, you become the defender of your corporate assets. Several teams compete against each other and learn playfully to simulate reality. The simulation game is based on a serious thought: The participants learn about current IT threat scenarios and adequate security concepts as countermeasures at the forefront. Through the direct involvement of each individual, the learning content is firmly and sustainably anchored; at the same time teamwork is essential. In the end, the company that has best mastered the challenges is declared the winner. The simulation game is moderated by a Limes Security expert and the results are summarized briefly after each round. The participants play in groups at a table with a game board in combination with a tablet. No special previous knowledge is required to participate, and the simulation game is also suitable for beginners.

The Cyber Security Awareness Training is designed as a basis for every employee in the IT/OT area to gain a basic understanding of security or to refresh already existing security knowledge. In contrast to purely theoretical training courses, concrete examples and rules of conduct are considered here specifically for the respective area of activity of the participants and existing prejudices in cyber security are tested for their truth content.