Andres Prieto Anton’s Mission to Redefine OT Cybersecurity from the Inside Out
In an era where digital threats increasingly encroach upon the physical world, the guardianship of operational technology (OT) has never been more vital. Standing at this critical intersection is Andres Prieto Anton, a cybersecurity leader whose work is redefining how global industries defend the integrity of their most sensitive and safety-critical systems. As the boundaries between IT and OT dissolve and the risks multiply, Andre’s forward-thinking leadership signals a new chapter in industrial cybersecurity—one that goes beyond firewalls and embraces trust less design, real-time resilience, and human-centric transformation.
Rethinking the Perimeter
“Beyond the Firewall” isn’t just the title of this edition—it’s a philosophy Andres has long embraced. In traditional IT environments, firewalls were once the ultimate gatekeepers. But in modern OT landscapes, they’re just one piece of an increasingly complex puzzle. For Andres, defending industrial environments requires a deeper, multi-layered approach.
“It means recognizing that true protection in OT goes deeper than perimeter defense,” he says. “It’s about embedding security into every layer—from device firmware and control systems to data flows and operational processes.” This mindset shift includes everything from dedicated consoles and visibility platforms to segmenting networks and implementing Zero Trust principles—even in legacy environments where trust was once assumed.
By bringing cybersecurity closer to the operational edge, Andres challenges conventional thinking. He advocates for security architectures that are native to industrial ecosystems—resilient, adaptive, and built with the unique constraints of OT in mind.
Leading Across Complex Frontlines
Andres’s leadership journey spans a rich diversity of industrial domains—from chemical to pharmaceuticals and biosciences. These environments are united by one truth: their operations are critical, continuous, and deeply human.
At the core of his approach is empathy—the ability to navigate cross-disciplinary teams with both technical clarity and human understanding. “Leading cybersecurity in OT has taught me to balance security with productivity,” he says. “To speak the language of both executives and plant operators.”
He has built and led a dedicated infrastructure and cybersecurity team embedded within the company to support manufacturing while appreciating operational nuances. By respecting the rhythms of industrial production, Andres has helped shift cybersecurity from a compliance box to a core enabler of reliability.
The Invisible Threat: Human Factors in OT
While technology evolves rapidly, Andres is quick to point out the persistent and underestimated challenge in OT security: people. “The human factor remains one of the most underestimated risks,” he emphasizes. Engineers and operators often inherit decades-old assumptions about system trust and may lack the tools or training to recognize modern threats.
For Andres, addressing this challenge is not about more rules—it’s about cultural transformation. It’s about helping every operator see themselves as a frontline defender, instilling awareness and accountability across every role. “Cybersecurity must become a shared responsibility,” he says. “It should be as much a part of plant operations as safety or quality.”
Standardizing Trust with IEC 62443
A key pillar in Andres’s strategy has been the implementation of IEC 62443 standards, a robust framework designed to systematize industrial cybersecurity across diverse environments. But for Andres, standards are only as powerful as their adoption.
“IEC 62443 has been transformative,” he explains. “It goes beyond technical controls. It creates shared expectations between IT and OT and helps align vendors and stakeholders through a common language.” By codifying roles, security zones, conduits, and defense-in-depth strategies, it has brought much-needed structure to once-disjointed operations.
Yet Andres notes that challenges remain—particularly around mindset. “We still need a cultural shift among OT vendors and IT departments to realize that these are no longer silos. We need collaboration, delegation, and understanding.”
Engineering Security into the Physical World
In industries where digital missteps can cause physical harm, Andres’s work begins with risk awareness. “Designing security across the digital and physical realms means understanding operational workflows and safety interlocks,” he says.
This involves close collaboration with plant engineers to map out critical paths and introduce cybersecurity controls that support—not interrupt—operations. From network segmentation to passive monitoring and fail-safes, every control is carefully measured against its potential impact on uptime and safety.
Most importantly, Andres builds trust—with engineers, plant staff, and operational leaders. By demonstrating that cybersecurity enhances reliability, he helps dispel the myth that safety and security are at odds.
Innovations Rooted in Context
While many OT environments resist change due to their fragile legacy systems, Andres has introduced innovations with both subtlety and power. One example is his deployment of passive network monitoring tools that use AI to identify anormal communication patterns between PLCs, HMIs, and SCADA servers.
“We improved situational awareness without disrupting operations,” he says. Combined with centralized syslog servers to correlate events across systems, Andres has built a telemetry-rich environment where threats—and anomalies of any kind—can be caught early.
This visibility empowers not just the cybersecurity team but engineers and operators too. “It’s about making the invisible visible,” he says. “And giving everyone the context they need to act.”
Breaking the Silos: IT Meets OT
For years, the rift between IT and OT has complicated cybersecurity efforts. But under Andres’s leadership, those silos are falling. He’s championed a unified approach rooted in trust and shared responsibility.
“We created a dedicated IT team focused on manufacturing,” he explains. “They work hand in hand with OT during risk assessments, incident planning, and projects.” Regular cross-training has helped each team understand the other’s world—its pressures, priorities, and purpose.
But Andres is realistic about the journey. “It takes time,” he says. “You have to let go of the ‘Gollum approach’—the idea that knowledge is a treasure to be hoarded. True collaboration only happens when people feel safe, respected, and informed.”
A Vision Fueled by Digital Twins
When asked about the future of OT security, Andres lights up. He’s particularly enthusiastic about digital twins—virtual models of industrial environments that can simulate the impact of cyber and physical events.
“Digital twins, combined with AI, could revolutionize our ability to anticipate and respond to threats,” he says. From predictive telemetry to automated response orchestration, these tools offer a glimpse into a future where security isn’t just reactive—it’s predictive and proactive.
It’s a vision where resilience is built in, not bolted on. Where cyber defenses adapt dynamically to threats without compromising the pace of innovation.
Zero Trust, Real Results
In OT, the idea of Zero Trust must be carefully tailored. But for Andres, it’s more than theory—it’s practice. He has long applied its principles across network zones, enforcing least privilege, strong authentication, and continuous verification.
“It’s not about denial—it’s about not assuming trust anywhere,” he explains. Even within plant perimeters, every connection, identity, and action is subject to scrutiny. This shift in mindset has redefined how teams perceive security—not as a barrier, but as a guardian of operational integrity.
Making Cyber Risks Real for Leaders
One of Andres’s greatest strengths is his ability to communicate complex risks in language that business leaders understand. Rather than diving into technical jargon, he speaks in terms of operational impact, reputational harm, and business continuity.
“I explain how a compromise might halt a production line or delay a product launch,” he says. He leverages real-world analogies and simulations to drive the point home. “But as always,” he notes with candor, “one real-world incident often speaks louder than a thousand words.”
Yet it’s this grounded realism that helps Andres gain executive support—not through fear, but through clarity and accountability.
Pride in People and Progress
When reflecting on his proudest achievements, Andres doesn’t immediately point to tools or systems—but to people. “I’m proud of building a team that understands IT and OT,” he says. “A team that collaborates, wins trust, and challenges the idea that remote teams can’t know what’s happening on the ground.”
His leadership has delivered tangible results: visibility into isolated networks, automated asset inventories, and cyber protections that don’t disrupt business. But above all, he’s created a culture where security is everyone’s business.
Building the Human Firewall
Awareness, Andres insists, starts with relevance. Whether it’s practical phishing tips for operators or hardening guidance for engineers, he believes in meeting people where they are.
He believes on interactive workshops, role-based simulations, and even routine safety communications that include cyber topics. “The best ROI in cybersecurity is the human firewall,” he says. “Celebrate wins, address concerns, and make it a conversation—not a lecture.”
For the Next Generation
To those entering the field, Andres offers heartfelt advice: “Be curious, humble, and collaborative. This work isn’t just technical—it’s human.” He urges newcomers to visit factories, meet people face-to-face, and understand the processes they’re protecting.
“Your work helps keep the world running,” he says. “It’s not just cybersecurity. It’s critical infrastructure protection.”
A Visionary Future
As the industrial world evolves, so too must its defenses. Andres’s long-term vision is to embed cybersecurity into the DNA of every innovation. “I want to see a future where every asset is monitored with intelligence, every response is orchestrated with precision, and every team understands its role in cyber defense.”
By building bridges between IT, OT, and business leadership, Andres is charting a path to that future, “path to the moon” as he name it: one where resilience is collective, proactive, and unshakable.
Leave a Reply