Question 1

What Are The Laptop Requirements?

Accepted Answer

Important! Bring your own system configured according to these instructions.A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will not be able to fully participate in hands-on exercises in your course. Therefore, please arrive with a system meeting all of the specified requirements.Back up your system before class. Better yet, use a system without any sensitive/critical data. SANS is not responsible for your system or data.Mandatory System Hardware RequirementsCPU: 64-bit Intel i5/i7 (8th generation or newer), or AMD equivalent. A x64 bit, 2.0+ GHz or newer processor is mandatory for this class.CRITICAL: Apple Silicon devices cannot perform the necessary virtualization and therefore cannot in any way be used for this course.BIOS settings must be set to enable virtualization technology, such as "Intel-VTx" or "AMD-V" extensions. Be absolutely certain you can access your BIOS if it is password protected, in case changes are necessary.16GB of RAM or more is required.200GB of free storage space or more is required.At least one available USB Type-A or USB Type-C port. Some endpoint protection software prevents the use of USB devices, so test your system with a USB drive before class.Wireless networking (802.11 standard) is required. There is no wired Internet access in the classroom.SANS has begun providing printed materials in PDF and Web format (electronic workbook). In this new environment, a second monitor and a tablet device can be helpful by keeping the class materials visible while the instructor is presenting or while you are working on lab exercises.Mandatory Host Configuration and Software RequirementsAbility to update BIOS configuration settings to enable virtualization (VT-x) supportYour host operating system must be the latest version of Windows 10, Windows 11, or newer.Fully update your host operating system and hardware drivers prior to the class to ensure you have the right drivers and patches installed.Linux hosts are not supported in the classroom due to their numerous variations. If you choose to use Linux as your host, you are solely responsible for configuring it to work with the course materials and/or VMs.Local Administrator Access is required. (Yes, this is absolutely required. Don't let your IT team tell you otherwise.) If your company will not permit this access for the duration of the course, then you should make arrangements to bring a different laptop.You should ensure that antivirus or endpoint protection software is disabled, fully removed, or that you have the administrative privileges to do so. This course requires full administrative access to the operating system and these products will prevent you from accomplishing the labs.Any filtering of egress traffic may prevent accomplishing the labs in your course. Firewalls should be disabled or you must have the administrative privileges to disable it.Download and install VMware Workstation Pro 16.2.X+ or VMware Player 16.2.X+ (for Windows 10 hosts), VMware Workstation Pro 17.0.0+ or VMware Player 17.0.0+ (for Windows 11 hosts) prior to class beginning. If you do not own a licensed copy of VMware Workstation Pro, you can download a free 30-day trial copy from VMware. VMware will send you a time-limited serial number if you register for the trial at their website. Also note that VMware Workstation Player offers fewer features than VMware Workstation Pro. For those with Windows host systems, Workstation Pro is recommended for a more seamless student experience.On Windows hosts, VMware products might not coexist with the Hyper-V hypervisor. For the best experience, ensure VMware can boot a virtual machine. This may require disabling Hyper-V. Instructions for disabling Hyper-V, Device Guard, and Credential Guard are contained in the setup documentation that accompanies your course materials.Download and install 7-Zip (for Windows Hosts). This tool is also included in your downloaded course materials.Your course media will now be delivered via download. The media files for class can be large. Many are in the 40-50GB range, with some over 100GB. You need to allow plenty of time for the download to complete before arrival to class. Internet connections and speed vary significantly and are dependent on many different factors. Consequently, it is impossible to estimate the length of time it will take to download your materials. Please start your course media downloads as you get the link. You will need your course media immediately on the first day of class. Waiting until the night before the class starts to begin your download has a high probability of failure.Your course materials include a "Setup Instructions" document that details important steps you must take before you travel to a live class event or start an online class. It may take 30 minutes or more to complete these instructions.If you have questions about the laptop specifications, please contact customer service.

Question 2

Who Should Attend ICS613 Training?

Accepted Answer

ICS613 training is recommended for a diverse range of individuals, including:  Cybersecurity Professionals who have a mission to assess Industrial EnvironmentsCybersecurity Professionals who must conduct cyber assessments and penatration tests for regulatory complianceICS Red/Blue/Hunt/Incident Responders/Penetration testers who are looking to enhance their individual and team capabilitiesTeams conducting assessments within Federal and DoD industrial facilities or weapon systemsCybersecurity professionals that are looking to gain experience in safely working with industrial devices and Distributed Control SystemsExperienced pen-testers and cyber professionals who are looking to enhance their tradecraft and skills applied to the ICS domain

Question 3

What Will You Get?

Accepted Answer

A fully functional SANS ICS613 Student Kit that students will keep after class:A CLICK PLC Plus Controller w/ Bluetooth and Wi-Fi, including additional modules and communication cards with a sector simulation board.Physical components and attachments for I/O connections to the SANS sector simulator board.Commercial Click PLC Programming software from KOYO Electronics.Commercial human machine interface (HMI) control system runtime applications from Rockwell Automation.Commercial OPC server application software from Matrikon.A SANS ICS613 Windows Virtual Machine.A SANS ICS613 Kali Virtual Machine.Access to the in-class physical ICS range running a distributed control system (DCS) and automation components.Unique custom tools that can be used for hardware and software asset data collection, industrial protocol network analysis, attack surface mapping, and ICS vulnerability validation.

Question 4

What Are The Prerequisites For This Course?

Accepted Answer

This 600-level ICS pentesting course covers assessments and penetration testing within ICS systems and networks. With this cross-discipline focus, it is helpful for all students to have a foundational knowledge of ICS/OT terms, drivers and constraints, and operational risks. With your purchase of this OT pentesting course, you’ll receive complimentary OnDemand access to ICS310: ICS Cybersecurity Foundations™ an added benefit, not a prerequisite or requirement. This course is a great way to reinforce key concepts or fill gaps in your ICS/OT security knowledge.

Question 5

What Learning Path Is This Course A Part Of?

Accepted Answer

The learning path typically begins with ICS410: ICS/SCADA Security Essentials to establish essential knowledge. ICS613 provides specialized methods for applying these skills safely in industrial environments, with potential advancement to ICS612: ICS Cybersecurity In-Depth, for comprehensive defensive capabilities.

Question 6

What Is Industrial Control System Penetration Testing And Why Is It Important?

Accepted Answer

Industrial control system penetration testing is a specialized security assessment methodology that safely evaluates vulnerabilities in operational technology environments without compromising safety or production. Unlike traditional IT penetration testing, ICS assessments require an understanding of process controls, safety systems, and operational constraints to avoid disruptions that could lead to equipment damage, safety incidents, or environmental harm.

Question 7

How Will This Course Benefit My Career?

Accepted Answer

This ICS pentesting course delivers specialized skills that are in high demand across industrial sectors, equipping professionals to conduct assessments that bridge IT security and OT operations. The course positions you for roles requiring OT pentesting certification, providing expertise few cybersecurity professionals possess. You will be prepared to defend essential systems from advanced threats while supporting operational continuity.

SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

ICS613: ICS/OT Penetration Testing & Assessments

Featured Quote

Course Overview

What You'll Learn

Business Takeaways

Meet Your Authors

Jason Dely

Tyler Webb

Don C. Weber

Course Syllabus

Section 1Bench and Lab Testing

Topics covered

Labs

Section 2Preparing for ICS/OT Assessments

Topics covered

Labs

Section 3Top-Down Active Methodology

Topics covered

Labs

Section 4Security and Vulnerability Assessment

Topics covered

Labs

Section 5Bottom-Up Operations Assessment and Capstone

Topics covered

Labs

Things You Need To Know

What Are The Laptop Requirements?

Who Should Attend ICS613 Training?

What Will You Get?

What Are The Prerequisites For This Course?

What Learning Path Is This Course A Part Of?

What Is Industrial Control System Penetration Testing And Why Is It Important?

How Will This Course Benefit My Career?

Relevant Job Roles

Industrial Control Systems and Operational Technologies

ICS/OT Security Pen Tester

ICS Security Analyst Training, Salary, and Career Path

Course Schedule and Pricing

SANS 2026

Orlando, FL, US

SANS Secure Australia 2026

Canberra, ACT, AU

SANS ICS Munich 2026

Munich, DE

SANS Security West 2026

San Diego, CA, US

SANS ICS Security Summit & Training 2026

Orlando, FL, US

SANSFIRE 2026

Washington, DC, US

SANS ICS-OT Singapore 2026

Singapore, SG

SANS Copenhagen August 2026

Copenhagen, DK

SANS Cyber Defense Initiative 2026

Washington, DC, US

Learn Alongside Leading Cybersecurity Professionals From Around The World

Benefits of Learning with SANS