OT Monitoring and SOC builds on foundational OT and network architecture knowledge by providing best practices for deploying detection and monitoring sensors, extracting meaningful logs and security events from OT hardware and software, and aggregating this security context into an OT DMZ staging area. These logs, events and alerts can be forwarded to an IT, OT, or IT-OT SOC, either managed in-house or by a MSSP service provider. Key topics for this 1-day course includes OT SIEM deployment, custom protocol signatures, IT/OT correlation, and SOC staffing models. Participants will also learn to utilize SOAR, threat feeds, and threat hunting to shift operations from a reactive to a proactive security posture.