Operational Technology (OT) environments face a constant push and pull between three powerful forces: operations, cybersecurity, and regulatory compliance. While each domain is critical to safe and reliable system performance, their priorities can often clash; creating a complex decision-making landscape where trade-offs are inevitable. It is well known that a change that improves security posture may hinder operational uptime, while a compliance-driven control may offer limited to no security value in real-world conditions.

This session explores this “tug-of-war” dynamic through the lens of real-world scenarios from critical infrastructure sectors including energy, oil & gas, and manufacturing. Building on frameworks like NIST CSF and insights from field operations, we’ll examine how to assess these competing priorities and develop strategies that minimize conflict. Attendees will gain a mental model blueprint for evaluating security initiatives within this triad and learn how to spot “false wins”; solutions that check compliance boxes but provide little operational or security benefit. The session will also include a discussion on governance models, the role of OT service management, and the importance of collaborative planning across engineering, IT, and security teams.

Whether you're a cybersecurity leader, plant engineer, or risk manager, the goal of this session is to provide a realistic guide to secure, operationally sound, and standards-aligned decision making in complex OT environments.