Skip to content
← All insights
· 6 min read · by Aaron Crow

IT–OT convergence is not a product

Most vendors will sell you a box and call it convergence. Real convergence is operational, organizational, and frankly uncomfortable.

#OT #ICS #IT-OT #Strategy

Walk a trade-show floor and “IT–OT convergence” is on every vendor banner. Walk a control room and you’ll find the IT and OT teams quietly avoiding each other in the break room. Convergence doesn’t ship in a SKU.

What convergence actually means

Convergence is three things, in order:

  1. Visibility. Both teams can see the same picture of the environment, at the right level of detail for their role.
  2. Process. Change, incident, and access workflows that span both worlds without dropping the baton.
  3. People. Engineers and analysts who can hold a real conversation about each other’s domain without translation overhead.

You can buy the first one. The second is hard. The third is what determines whether the program is real.

Where to start

If you only do one thing in the first 90 days, start with a joint tabletop. Pick a scenario that has to cross the boundary (ransomware on the enterprise network with operational impact downstream, for example) and run it with both teams in the same room. The exercise itself is half the value. The other half is the conversations that happen during the breaks.

What you’re looking for: where do hand-offs fail? Who has authority to take what action? What does each side assume about the other that turns out to be wrong?

What doesn’t work

  • Buying a “convergence platform” and calling it done. A platform with no agreed process is just an expensive dashboard that nobody owns.
  • Forcing OT to adopt IT’s tools wholesale. OT environments have constraints that most enterprise tooling ignores, and ignoring those constraints is how you take a plant offline.
  • One-way training. Sending OT engineers to a SANS course is great. Not sending IT analysts to walk the plant is half the program.

The honest version

Convergence is a multi-year shift in how two organizations relate to each other. It rewards leadership that’s willing to be patient about visible wins and aggressive about cultural ones. It punishes leaders who treat it as a procurement exercise.

If you want a longer conversation about how this plays out in practice, the PrOTect IT All podcast has dozens of hours on exactly this topic.

Keep reading

MORE INSIGHTS

April 12, 2026

The quiet attack surface most executives ignore

Your enterprise security is excellent. Your home network, family devices, and personal accounts are a different conversation.

March 22, 2026

Red team is not a penetration test

Confusing the two is how you spend $80k on a report nobody reads. Here's the difference, and when each is the right call.