Earn Continuing Professional Education (CPE) credits at no cost and receive a certificate upon completion.
Critical infrastructure—systems that underpin society, from power grids to healthcare—faces persistent cyber threats and unique operational constraints. This free course explains how attackers target essential services, why OT and industrial control environments change the rules, and what cybersecurity professionals can do to reduce risk in real-world conditions.
Start the course now and complete the training at your own pace.
Explore five modules focused on critical infrastructure cybersecurity, including the evolving threat landscape, OT and industrial control system realities, and practical risk-reduction steps. Designed to be clear, actionable, and suitable for both professionals and students.
Module 1 explains what critical infrastructure is and why it has become a frequent target for cyberattacks. It outlines the real-world impact of disruption across essential services such as energy, water, healthcare, and transportation. This module sets the context for the risks and response concepts covered in later modules.
Module 2 explores how the threat landscape for critical infrastructure has evolved—using real-world examples to show how risks and attacker capabilities have changed over time. The lesson includes perspective drawn from a visit to Idaho National Laboratory to connect early infrastructure operations to today’s cybersecurity challenges.
Module 3 focuses on the unique challenges of securing critical infrastructure, where operational technology and industrial control systems introduce complexity that most organizations don’t face. It explains why traditional cybersecurity approaches often need to be adapted to fit specialized environments, skills, and operational constraints.
Module 4 explains how to adapt cybersecurity practices for critical infrastructure environments, where operational requirements and OT/ICS constraints limit what “standard” security approaches can realistically look like. It focuses on practical ways to strengthen protection while maintaining safety, reliability, and continuity of operations.
Module 5 examines common OT-specific risks in critical infrastructure, including limited visibility and resource constraints that complicate traditional security approaches. It closes the lesson with practical actions professionals can take to strengthen situational awareness, build OT-relevant skills, and reduce operational risk.
Take our optional skills assessment to test your knowledge of critical infrastructure!
Participants in this course will learn how cybersecurity threats uniquely impact critical infrastructure environments and why traditional enterprise security approaches often fall short. The course focuses on helping learners understand context, risk, and decision-making rather than technical implementation.
By completing this course, you will:
Understand what qualifies as critical infrastructure and why it is a high-value target for cyberattacks
Recognize how the threat landscape for critical infrastructure has evolved over time
Identify the unique challenges of securing operational technology (OT) and industrial control systems (ICS)
Understand why visibility, legacy systems, and operational constraints complicate security efforts
Learn how cybersecurity professionals can support critical infrastructure through risk awareness, communication, and practical safeguards
Gain foundational insight applicable to risk management, incident response, assessments, and executive discussions
Meet Your Instructor
MS, CAWFE, CEH, CFCE, CHFI, CISSP, CNDA, DFCP, GCFA, GCFR, GCIA, GIME, GSEC
Josh Moulin is a cybersecurity executive with more than two decades of experience protecting critical infrastructure, government systems, and complex enterprise environments. His background spans law enforcement, national security, and executive cybersecurity leadership, giving him a practical, real-world perspective on how cyber risk impacts essential services.
Josh has led and advised cybersecurity programs for federal agencies, state and local governments, healthcare organizations, and critical infrastructure operators. His experience includes operational technology (OT) environments, incident response, digital forensics, risk management, and executive communications.
As the founder of Natsar, Josh focuses on helping organizations and leaders understand cybersecurity in context—translating technical risk into clear, actionable insight that supports informed decision-making. His teaching style emphasizes realism, clarity, and applicability over theory or hype.
You've got questions. We've got answers.
Yes. We know quality CPE-eligible training can be hard to find and expensive. This course is Natsar’s way of giving back by providing no-cost continuing education.
Yes. After you complete the course, you’ll receive a certificate of completion you can use as documentation when reporting CPEs, subject to your certifying body’s requirements. Your certificate is available immediately after completion.
Yes. Natsar provides customized cybersecurity training for individuals, teams, and organizations. If you’d like tailored training for your audience, contact us at [email protected].