CASSE-CI – Critical Infrastructure Software Security Engineer Certification Program by Tonex
CASSE CI equips engineers and technical leaders to design and safeguard software that underpins critical infrastructure such as energy grids, transportation systems, industrial plants, and public services. The program blends systems thinking with rigorous software engineering so participants understand both operational constraints and high assurance development practices. Strong emphasis is placed on the evolving cybersecurity threat landscape targeting industrial control and operational technology environments.
Participants learn how insecure software can disrupt safety, reliability, and availability of essential services and how robust engineering choices can significantly reduce cybersecurity exposure. Through structured modules, case driven discussions, and standards aligned methods, the program helps professionals translate security requirements into concrete design and implementation decisions. Graduates are prepared to collaborate with operations, risk, and compliance teams to build resilient critical infrastructure software that supports national and organizational security objectives.
Learning Objectives
- Understand critical infrastructure architectures and software roles
- Apply secure software lifecycle practices for operational technology systems
- Perform structured threat modeling and vulnerability analysis for industrial software
- Integrate cybersecurity controls into design coding testing and deployment
- Align engineering practices with relevant critical infrastructure standards and regulations
- Communicate software risk and mitigation strategies to technical and executive stakeholders
- Improve resilience of critical infrastructure through strong cybersecurity focused engineering decisions
Audience
- Software Engineers and Developers
- Systems and Security Architects
- OT and ICS Engineers
- DevSecOps and Site Reliability Engineers
- Risk and Compliance Analysts
- Cybersecurity Professionals
- Technical Project and Program Managers
Program Modules
Module 1 – Foundations of critical infrastructure software security
- Roles of software in operational technology
- Overview of ICS and SCADA environments
- Safety reliability and availability requirements
- Typical threat actors targeting critical infrastructure
- Security challenges unique to industrial software
- Mindset shift from convenience to resilience
Module 2 – Secure lifecycle for OT software systems
- Requirements engineering for high assurance systems
- Threat modeling techniques for control applications
- Secure architecture patterns for critical services
- Coding practices for robust and predictable behavior
- Configuration management and secure baselining
- Change control in always on environments
Module 3 – Vulnerability analysis and operational risk
- Common weakness patterns in ICS and embedded software
- Static and dynamic security testing approaches
- Evaluating third party and legacy components
- Risk scoring tied to process and safety impact
- Remediation strategies under uptime constraints
- Reporting findings to engineering and operations teams
Module 4 – Platform and communication defense strategies
- Network segmentation within industrial and corporate zones
- Secure use of industrial protocols and gateways
- Hardening engineering workstations and servers
- Identity and access control for privileged users
- Monitoring anomalous application and device behavior
- Coordinated incident handling with plant operations
Module 5 – Standards compliance and governance integration
- Mapping software practices to critical infrastructure standards
- Using security frameworks to guide design decisions
- Policy driven control implementation and verification
- Supply chain and component provenance management
- Documentation to support audits and certifications
- Continuous improvement of secure engineering governance
Module 6 – Advanced scenarios and professional certification readiness
- Analyzing real world critical infrastructure failure cases
- Translating incidents into engineering lessons learned
- Building defensible security justifications for designs
- Integrating cybersecurity into engineering trade studies
- Personal roadmap for CASSE CI exam preparation
- Long term career paths in critical infrastructure security engineering
Exam Domains
1 Critical Infrastructure Cyber Threat Landscape
2 Secure Design for Safety Critical Software
3 Assessment of ICS and OT Vulnerabilities
4 Protection of Industrial Communication Channels
5 Governance Risk Compliance in CI Software
6 Incident Management and Resilience Engineering
Course Delivery
The course is delivered through expert led lectures interactive discussions and structured project style learning activities focused on critical infrastructure software security. Participants engage with real world inspired scenarios design reviews and guided exercises to apply principles directly to operational technology and industrial contexts. Carefully designed materials reinforce both foundational engineering concepts and advanced cybersecurity practices relevant to critical infrastructure.
Assessment and Certification
Participants are assessed through quizzes written assignments design critiques and a capstone style integration exercise focused on realistic critical infrastructure challenges. Performance is evaluated on understanding of software engineering principles alignment with standards and effective application of cybersecurity practices in operational settings. Upon successful completion participants receive the CASSE CI Critical Infrastructure Software Security Engineer Certification from Tonex.
Question Types
- Multiple Choice Questions MCQs
- Scenario based Questions
Passing Criteria
To pass the CASSE CI Certification Program exam candidates must achieve a score of 70 percent or higher.
Strengthen the security and reliability of the systems that keep society running. Enroll in the CASSE CI Critical Infrastructure Software Security Engineer Certification Program by Tonex and advance your capability to design defend and certify critical infrastructure software with confidence.