Andres Prieto Anton: Building Cyber Resilience Where IT Meets OT

Andres Prieto Anton
Andres Prieto Anton

As industries grow more integrated and digitized, IT and OT are no longer clearly demarcated. To Andres Prieto Anton, D&T Infra & OT Cyber Security Manager, such convergence is not just a technological transformation but a cultural mindset change and a leadership opportunity. Having worked for many years across IT infrastructure and OT systems, Andres has carved a niche at the point of convergence between innovation, security, and operational trustworthiness.

From Curiosity to Cybersecurity Leadership

Andres began his cybersecurity career during his first years working in IT. As with many IT professionals, he began by managing infrastructure and supporting systems for the enterprise. As industrial technologies were more and more integrated into corporate IT networks, he saw more and more disconnect—and more and more risk. This was particularly the case in industries in which manufacturing operations and production environments were more and more being targeted. 

“When I discovered how were built the OT environment: unsecure, obsoleted, basic infrastructure deployment, it was a wake-up call,” he says. Industrial robots and SCADA systems were no longer just workhorse equipment—now they were cyber targets. “That’s when I went into OT cybersecurity. It wasn’t curiosity anymore; it was a necessity.” 

This evolution compelled Andres to become a specialist in IT and OT, becoming SPOC making the bridge between both worlds and aligning cybersecurity strategies in both spaces. His work guarantees that security systems not only satisfy internal requirements, but also those needed to meet regulatory requirements and the special needs of critical infrastructure.

Remaining Ahead in an Advanced Threat Environment

Cyber attacks keep changing fast, especially in OT environments that tend to use legacy technology and stand-alone systems. These environments were never originally intended with cybersecurity in mind, so they are particularly susceptible to attacks such as ransomware, insider threats, or even nation-state actors.

To keep up to date and try to remain ahead of the game, Andres is proactive. He reviews threat intelligence platforms, participates in global cybersecurity forums, and stays in close touch with the latest research into known vulnerabilities as well as newly discovered attack vectors.

“Asset inventory and monitoring in real-time is not optional,” he explains. “But it’s not sufficient to detect threats—you need the appropriate response protocols in place.”

He also collaborates with OT-specific monitoring tools that have an understanding of industrial protocols and can detect anomalies specific to such environments. These would range from variations in PLC programming, unauthorized firmware upgrades, modifications to HMI configurations or sudden strange communication behaviour of equipment.

Just as crucial is building a solid working relationship between IT and OT teams. Andres stresses ongoing communication and cross-functional workshops that maintain alignment on cybersecurity policies, tool adoption, and incident response planning.

Bridging the IT-OT Divide

One of the biggest challenges that Andres faces most persistently is the disparity of priorities between the OT and IT systems. IT prioritizes speed, flexibility, and connectivity. OT prioritizes stability, safety, and uptime. These conflicting priorities have the potential to create security gaps if carefully managed.

“You can’t just copy-paste IT solutions into OT,” he says. “You need to realize the limitations of the environment and find secure, realistic means of operating within them.”

Andres tackles these issues by assisting in architecting systems that are secure by design. This involves deploying network segmentation, enforcing least-privilege access, installing industrial firewalls, and having physically isolated consoles for critical operations.

He also incorporates cybersecurity risk assessments across all phases of infrastructure planning. By infusing security up front, he tries to eliminates expensive retrofitting and guarantees adherence to worldwide standards such as IEC 62443 and NIST. 

Innovation with Purpose

To Andres, innovation in cybersecurity is more about pushing meaningful change—not doing technology for technology’s sake. In the OT environment, this usually means make use of established IT tools and dedicate them and applying them in a manner that honors the subtleties of industrial environments.

He advocates the application of Zero Trust Architecture (ZTA) in OT, where access is blocked by default and only allowed after rigorous authentication. “Zero Trust is a mindset,” he states. “It’s about assuming breach, verifying everything, and minimizing exposure.”

He’s also working to integrate AI and machine learning for predictive maintenance and early warning of threats. Such software can process enormous amounts of sensor data, find patterns, and raise alerts on anomalies that would otherwise escape detection.

Digital twins are another innovation he sees promise in. These virtual models of industrial systems allow security teams to test the impact of cyber threats without affecting real operations. “They give us a safe environment to experiment, simulate, and improve.”

Leading with Clarity and Accountability

Effective leadership in cybersecurity goes beyond technology—it’s about people, clarity, and action. Andres leads with a philosophy grounded in transparency, collaboration, and accountability.

He advocates cross-functional decision-making, yet takes care in being aware of decision ownership needs. “You want diversity of views, particularly legal, compliance, and operations. But you want someone to own the decision and act on it.”

With stakeholders, Andres is unequivocal and precise. He connects cybersecurity with financial risk, operational resilience, and brand value. This causes executives to get it: that cybersecurity is not a technical nicety but a strategic imperative.

He also advises junior professionals to remain curious, to love learning, and to build both technical depth and business fluency.

Creating a Culture of Awareness

Humans are at the center of any security plan. Andres believes that it’s important to do a lot on awareness training, particularly in sectors where human error can cause significant downtime.

“Awareness is the greatest return on investment you can have,” he says. “It doesn’t require a lot of effort to train people, but the reward is enormous.”

He suggest to perform regular spearheads campaigns that involve phishing simulations, USB drop exercises, and game-ified training sessions that make security foremost in their minds. He also suggest to customizes training to roles, acknowledging that what an operator should learn is distinct from what an executive or engineer should learn.

He encourages a culture of speaking up where people can report suspicious behavior without fear of being blamed. “Security is a shared responsibility. Everyone plays a role.

Making a Measurable Impact

Andres remembers one occasion when his team’s proactive monitoring spotted unauthorized use on a PLC. The modifications came from outside the authorized engineering area, within a workstation. Due to rapid detection and well-defined protocols, the team headed off what might have been a serious disruption.

“We caught it early. No harm was done, but it reinforced the idea for everyone that our work makes a difference.”

That experience cemented the importance of preparedness—a blend of the appropriate tools, skilled staff, and an atmosphere of awareness.

A Glimpse of the Future: Cybersecurity in 2025 and Beyond

Peering into the future, Andres envisions several drivers that will influence the future of cybersecurity. Artificial intelligence, automation, and Zero Trust will be increasingly ingrained in daily activities. Yet he also believes the human factor will continue to be essential.

“Technology will change quickly, but culture takes longer to evolve,” he explains. “One of our biggest challenges will be reconciling organizational attitude with the speed of digital change.”

He believes regulatory demands will continue to close in, particularly on OT and critical infrastructure. Businesses will be required to not just show compliance, but active governance and ongoing improvement.

Andres also envisions the need for standardization across hybrid environments. When businesses embrace cloud technologies, remote access solutions, and edge computing, they will require specific policies and consistent monitoring.

“Resilience won’t come from silos. It’ll come from integration and collaboration. This doesn´t mean that everything needs to be managed by one team. Tools and technologies could be common and managed by different teams in autonomy but not independency: that’s why collaboration is key”

A Legacy of Protection and Progress

For Andres, being recognized as a “Top Cybersecurity Influencer” is an award and an imperative. “I’ve always spoken about ‘the path to the moon’ — it’s a long way, but if you take the right steps, it’s absolutely doable.”

His aspiration is to have a legacy of a culture in which cybersecurity is not a reactive function but a strategic enabler. He hopes that organizations understand security as a source of strength and trust, rather than a cost center. And that OT cybersecurity is really important and not equal to the IT Cybersecurity, but similar.

Share it on

Trending Magazines

Jugeshwor Singh Kshetrimayum
Jugeshwor Singh Kshetrimayum: India’s Most Iconic Martial Arts Personality – 2025
Mike Ross
Mike Ross: The Most Inspiring Founder & Director to Watch in 2025
Dino Büscher
Dino Büscher: The Most Inspiring CEO in Experiential Marketing to Watch in 2025
Hala Jaber
The Most Visionary Women Leaders to Watch in 2025