Skip to content
STV
  • Our Work
    • MarketsThe infrastructure that powers our lives.
    • ServicesWe work harder so our solutions work better.
    • Infrastructure ReimaginedHow STV is shaping the future.
    • PortfolioProjects that are making communities better.
    • Infrastructure is economic development.

      Infrastructure is economic development.

      It helps create a better quality of life and more opportunities for communities.

  • About Us
    • How We WorkWe understand. We serve. We collaborate.
    • Where We Are60+ offices across North America.
    • What We BelieveMaking communities better with integrity, partnership and optimism.
    • How We Got HereGenerational impact for over a century.
    • We’re here to improve communities.

      We’re here to improve communities.

      Our sense of purpose drives us.

  • Careers
    • Why STVJoin us to create the future you want.
    • Life at STVWe are a team.
    • Job ListingsFind the right opportunity for you.
    • Forget the career ladder.

      Forget the career ladder.

      At STV, your career path grows around you.

  • Insights
    • Thought LeadershipFirst-person perspectives and reflections from our team.
    • Industry ExpertiseDeep dives for projects that makes communities better.
    • Project ExcellenceHow our work is shaping the trends moving the industry.
    • We have an eye on the future.

      We have an eye on the future.

      Learn what's next in the industry.

  • News & Events
    • NewsRead our timely news and latest stories.
    • EventsConnect with us at industry events in your community.
    • We're on the move.

      We're on the move.

      See what's happening at STV.

  • Contact Us

Q+As

STV’s Newest Cybersecurity Expert Talks Building Resilient OT Security

Published

August 1, 2025

STV’s Newest Cybersecurity Expert Talks Building Resilient OT Security
Monitoring server cabinets displaying digital overlay in data center, with malware alert text.

Danielle “DJ” Jablanski recently joined STV’s growing cybersecurity practice as the organization’s new cybersecurity consulting program lead, specializing in Operational Technology (OT).

For nearly a decade, Jablanski has been a leading voice in OT cybersecurity, demonstrating a deep understanding of the evolving threats facing critical infrastructure. She most recently led OT strategy in the Office of the Technical Director with the federal Cybersecurity and Infrastructure Security Agency (CISA) and previously worked as a cybersecurity strategist at a major OT cybersecurity solution provider.

In this interview, Jablanski discusses how she’s leveraging her experience to support STV’s clients across all markets, as well as her overall approach and guidance on navigating some of the most pressing challenges in OT cybersecurity today.

1. How does your recent experience with CISA allow you to best serve infrastructure clients at STV?

My strategic focus at CISA was centered around enhancing the agency’s role as a service provider to owners and operators of OT and industrial control systems. With that understanding of the available assessments and control capabilities and state and federal response capacity, as well as relationships with additional sector risk management agencies, I can assist our clients with building robust and effective security programs that they can then further develop and maintain. The bottom line for the markets we serve will be continuous improvement and underpinning the requirement to operate under, or despite, cyber compromise.

2. You’ve described yourself as an analyst first. How has that perspective shaped your approach to OT cybersecurity?

Being an analyst at heart keeps me focused on asking the right questions and always being overprepared. Not just considering, “what could happen?” but “how could it happen,” and “what are the plausible impacts?” In OT environments, that mindset is crucial. You often work with asset owners who are inundated with information, multiple tools, and shifting priorities. My role is to help them cut through the noise and focus on what truly matters: understanding their systems, preparing for the right scenarios, and getting the most out of tools and capabilities.

Multicolor flowchart graphic demonstrating the three steps of a analyst’s mindset in cybersecurity: knowing what could happen, how could it happen and what are the impacts?

3. Why do asset inventory and third-party risk remain challenging for asset owners?

Cybersecurity has become everything, everywhere, all at once. Overcoming these challenges requires sustained, structural changes, not quick fixes. For asset inventory, it’s not just about listing devices. It’s also about understanding how everything connects and communicates, as well as where vulnerabilities matter most and how to prioritize decisions and actions. On third-party risk, the complexity is even greater. Asset owners are expected to vet every technology component in use: hardware, software, firmware, applications, and the vendor’s vulnerability management. For security, it’s also, “I have this solution, but now they’re offering an OT solution; how do I validate that capability?” It’s a visibility issue, a risk of ownership issue, and a bandwidth issue. Even with unlimited financial resources and the best security stack, most organizations aren’t staffed correctly to navigate this challenge. They need trusted advisors and partners to make informed decisions about their cybersecurity risks, vendors, solutions, and more, just like any other major project.   

4. How can STV help agencies find the balance between being “too in the weeds” or thinking “too high level” about cybersecurity?

The sweet spot is operational relevance. You can’t start with abstract frameworks and hope they translate or buy shiny tools and hope they are silver bullets. At the same time, you can’t get stuck on isolated scenarios, TTPs or vulnerabilities without understanding the local, system-level implications. Even with similar systems and components, the consequences of an attack on a small utility in rural areas are likely different than those that occur at an airport in a major metro. It is essential to map out scenarios, the interdependence of critical systems and functions, and compounding and cascading factors. We have to explicitly understand impact analysis – the potential effects of an incident, especially in smaller communities or mission-critical facilities with less redundancy. Then, the response has to be tailored, affordable, and continuously improved.

5. How can IT and OT teams partner better within an organization?

Currently, we’re seeing many IT teams extending their security controls into OT environments, sometimes with good intentions, but often without the necessary operational nuance. The result? A security tool that grabs data from an OT network but doesn’t support decision-making or a detection tool in OT networks that sees a lot of IT signatures. We need to shift the conversation from convergence to context: how do we secure systems based on how they actually operate? What tools and data do we already have to help us navigate effects-based analysis, rather than focusing on every potential scenario for an adversarial cyberattack? We must work together to identify the potential attack paths and the fault tolerance in systems so we can plan for both the worst-case scenario and the scenario a team is least prepared to respond to. The difference between a “bad day” and an unprepared one represents significant potential for loss.

Graphic discussing four challenges for cybersecurity planning. A red hexagon details operational technology (OT) challenges leading to blue graphics detailing specific challenges: asset inventor, third-party risk, IT/OT collaboration and financial resources.

6. What’s your take on the perception that there’s a lack of financial resources to invest in OT security?

It’s more about building programs than purchasing tools. Organizations make massive capital investments in other areas, but security isn’t always built into the procurement language. The better question is: how do we start this security journey? What preventative measures will shore up the majority of threats we’ve seen before and know how to handle? How do we embed cybersecurity into the design phase, not bolt it on afterward? It’s not about buying the most expensive solution or even conducting the most in-depth assessment – it’s about making smart, intentional decisions early on that leverage all the tacit knowledge and specific context each organization can bring to bear, testing assumptions and investing in people and technology.

Monitoring server cabinets displaying digital overlay in data center, with malware alert text.

Thought Leader

DJ Jablanski
DJ JablanskiCybersecurity Consulting Program Lead – Operational TechnologySend email
Cybersecurity operational technology rail security transit water

Featured

Related News & Insights

Cybersecurity locks over an illustrated city

Q+As

Creating a Road Map for Cybersecurity Resilience for Rail and Transit Agencies

person typing on laptop

Future Focused

Prioritizing a Better Perimeter Around Transit OT Infrastructure

STV's cybersecurity team partnering with clients and stakeholders to perform tabletop exercises to enhance cybersecurity resilience

Future Focused

Strengthening Cyber Resilience Through Tabletop Exercises

  • Privacy Policy
  • STV Logo
  • Sitemap
This field is for validation purposes and should be left unchanged.

Copyright 2025 © STV Incorporated. All rights reserved.