OT cybersecurity is everyone’s job, not just the security team’s
.
Most OT cyber incidents don’t start with a sophisticated attack. They start with a routine task. A maintenance call. A configuration tweak. A USB drive plugged in to troubleshoot. A vendor connecting remotely under time pressure. Your operators, technicians, and engineers are good at their jobs but unless they have been trained to spot how cyber risk appears on the plant floor, every one of those routine moments is a potential incident.
The Armexa Core Curriculum gives your OT workforce the cybersecurity awareness they need to operate safely, securely, and confidently. Every shift, every day. It’s awareness and role-based training built for operators, engineers, technicians, maintenance teams, IT staff supporting OT, vendors, and contractors. The people whose daily decisions actually shape your cyber risk.
Three ways to deploy: enroll individuals through the Armexa training portal, license it for a team or site, or roll it out across your enterprise through your existing LMS. Link down page.
Built the Way Real Workforces Learn
.
21 self-paced, SCORM-compliant modules. Designed to be assigned by role and responsibility, not in a one-size-fits-all rollout. A typical roll-out:
- Start everyone with Module 1 — General Awareness (20 minutes). A concise, awareness course every person who touches OT should take. Available in English and Spanish. Run it standalone or as the on-ramp to the full curriculum.
- Layer in Modules 2–21 — Role-Based Training. Deeper instruction across 20 foundational OT cybersecurity domains. Assign by role, system access, and responsibility, so every learner only sees what is relevant to their job. Topics include:
- Access Control
- Change Management
- Incident Response
- OT Security Awareness
- Removable Media
- Security Monitoring
- Training & Screening
- Asset Management
- Data Security
- Malware Prevention
- Patch Management
- Risk Management
- Supply Chain Management
- Vulnerability Management
- Backup & Recovery
- Endpoint Protection
- Network Segmentation
- Physical Security
- Secure Remote Access
- System Hardening
Who It’s For?
Your OT cybersecurity program is only as strong as the people executing it day-to-day. The Core Curriculum is built for the broad OT workforce, the people whose actions actually move the needle on cyber risk. It is not advanced certification training for cybersecurity SMEs.
Treat OT cybersecurity awareness the way you already treat ethics, workplace safety, harassment prevention, and IT cyber awareness — as mandatory, organization-wide compliance training. MTSA (effective January 12, 2026), NERC CIP-004, AWIA, and IEC 62443 all include OT workforce training requirements, and cyber insurance underwriters are asking for it by name. The people running, maintaining, and supporting your OT systems can directly impact safety, the environment, production, and your regulatory standing every single shift.
Module 1 is for everyone listed below. Modules 2–21 are then assigned by roles such as:
- Control room and field operators — your first line of defense. The first to spot abnormal behavior, the first to act on it.
- Process, automation, and controls engineers — making the design, configuration, and engineering calls that shape your cyber risk posture.
- Instrumentation, electrical, and controls technicians — hands-on with the field devices, networks, and workstations where most OT exposure actually lives.
- Maintenance and reliability personnel — performing the routine work where so many real-world OT incidents quietly start.
- IT staff supporting OT — bridging two worlds with very different priorities. Safety, availability, and determinism don’t bend to IT-first thinking.
- Vendors, integrators, and third-party contractors — prove baseline OT security awareness before they ever touch your control systems.
- Plant supervisors, OT leadership, compliance, and risk personnel — accountable for workforce readiness, audit defensibility, and program governance.
What it isn’t: It isn’t phishing-and-password IT awareness training repackaged with an OT label. It is purpose-built for industrial environments, written in the language of the plant, and drawn from more than 15 years of hands-on work inside chemical plants, refineries, pipelines, manufacturing facilities, and offshore operations. Nor is it a certification track for OT cybersecurity SMEs (Armexa offers those separately).
Three Ways to Deploy
.
For Individuals
Build and prove the OT cybersecurity awareness your role demands. Enroll online in the most relevant topics to your work or complete the full curriculum. Your completion records and assessment scores are yours to keep, on a transcript you can share with current and future employers.
Ideal for consultants, contractors, vendors, and other third-party personnel who need to demonstrate baseline OT security awareness before stepping onto a site.
.
For Teams (10+)
Group pricing is available for teams of ten or more. Get a crew, shift, site team, or contractor group up to speed without standing up an enterprise LMS. Group licenses through the Armexa training portal give administrators full visibility into completions and assessment scores across the team.
Get more info to get a quote →
.
For Organizations (Enterprise LMS)
Plug SCORM-compliant modules directly into your existing Learning Management System and roll out consistent OT cybersecurity awareness training across every operator, technician, engineer, supporting IT staffer, vendor, and contractor in your workforce. Full tracking. Full reporting. Audit-ready records. No custom development. No drawn-out scoping process.
Deploy the full library, build role-based learning paths, or assign individual modules to close specific gaps.
Want it branded as your own? Ask about the Armexa Custom Corporate Curriculum, based on the same Core Curriculum foundation, optionally tailored in module count, branding, and content to align with your OT cybersecurity program governance and/or regulatory environment.
Why Armexa
.
Built by OT Practitioners. Written for the OT Workforce.
Every module is developed by Armexa’s industrial cybersecurity experts — practitioners with decades of experience in industrial automation, process control, process safety, and OT cybersecurity, working inside the same kinds of facilities your workforce protects. The curriculum development is led by John Cusimano, ISA Fellow, chair of the ISA/IEC 62443-3-2 standard, and pioneer of the CyberHAZOP and CyberBowtie methodologies — the same standards and methods your engineering and operations teams rely on.
Audit-Ready, Standards-Aligned
Aligned to ISA/IEC 62443, NIST SP 800-82, API 1164, NERC CIP, and the personnel-training expectations in regulatory frameworks including USCG MTSA (training mandate effective January 12, 2026) and TSA Pipeline Security guidance. Documented, role-appropriate training your auditors and regulators will accept — and that your cyber insurance underwriter will recognize. Already deployed at large industrial operators including a global industrial gases supplier, with multi-year, multi-site rollouts across 200+ users.
Consistent Across Every Site, Every Shift
Every learner gets the same high-quality content, whether they’re at headquarters or a remote terminal. For multi-site, regulated operations, that consistency is the difference between a defensible program and a patchwork one.
Built to Fit Your Workflow
Run it through the Armexa portal as an individual or group, or plug SCORM packages straight into any major LMS. No new tools to learn.
On-Demand, Around the Clock
No travel. No waiting for a course date. No fighting shift rotations or turnaround schedules. Learners take modules on their own time, with progress saved across sessions — so the program adapts to the plant, not the other way around.
.
Ready to Get Started?
.
Get your OT workforce trained on the cybersecurity practices that actually matter — fast, consistent, and audit-ready.
Individuals and teams:
Enroll directly through the Armexa training portal. Access the Training Portal →
Organizations:
Talk to us about LMS deployment, enterprise licensing, the Custom Corporate Curriculum, or a live demo of the module library. Contact Sales →
