This episode explains how to coordinate IT and OT during incidents without letting either side accidentally increase risk, a common scenario theme where the “wrong” answer is a technically reasonable IT action applied at the wrong time in OT. You’ll learn why authority and accountability must be explicit, including who can approve isolations, who can change firewall rules, who can touch controller logic, and who owns safety decisions when containment could affect process behavior. We cover the operational nuance that many OT symptoms have both cyber and non-cyber explanations, so coordination must include shared situational awareness, evidence exchange, and agreed investigative steps that do not disrupt deterministic control. Safety priorities are emphasized as the governing constraint, including the need to validate current process state, identify safe states, and coordinate any changes with operators who understand the physical process and its tolerances. You’ll also learn best practices for communication cadence, decision logs, and handoffs, so IT and OT can move quickly while still preserving evidence, maintaining uptime where possible, and preventing parallel “fixes” that conflict. Produced by BareMetalCyber.com, where you’ll find more cyber audio courses, books, and information to strengthen your educational path. Also, if you want to stay up to date with the latest news, visit DailyCyber.News for a newsletter you can use, and a daily podcast you can commute with.