Case Study / Portfolio Narrative

Objective
Design a security architecture leveraging AT&T USM Anywhere (cloud SIEM) as the core, while remaining vendor-agnostic and flexible enough to adapt to other SIEMs. The use case illustrates how modern IT security practices can extend into OT/ICS/SCADA environments, securing both domains under a unified strategy.

Approach

• Segmentation: Designed physical and logical network segmentation to isolate OT environments while maintaining necessary interconnectivity with IT systems.
• Next-Gen Firewalls: Recommended UTM/Next-Gen firewalls at critical junctions for segmentation, inspection, and policy enforcement, with specific attention to OT/ICS/SCADA IOCs (distinct from IT IOCs).
• Encryption: Applied strong encryption between firewall termination points to protect traffic from interception or tampering.
• Automation: Advocated for active firewall management and API-level integration with the SIEM for automated response, reducing mean time to detect/respond (MTTD/MTTR) where human speed is insufficient.
  
• SIEM Integration: Positioned the cloud SIEM as the centralized intelligence hub — ingesting IT/OT logs, applying correlation rules, and triggering automated workflows.Key Challenges Addressed
• OT Resistance: Overcame OT leaders’ hesitance about internet exposure by demonstrating segmentation, encryption, and controlled integration points.
• Critical Infrastructure Security: Tailored the design for environments such as water treatment, electricity, and manufacturing facilities — each with zero tolerance for downtime.

Outcome

• Delivered a comprehensive IT/OT security strategy adaptable across industries.
• Created a repeatable solution architecture to bridge IT/OT security without compromising operational resilience.
• Strengthened AT&T’s credibility in critical infrastructure engagements by addressing OT-specific requirements.