This session will provide a practical view as to why IT-led security programs often struggle in operational technology (OT) environments and the things that companies can do to bridge the gap. The session will outline five common mistakes CISOs often make when interacting with OT teams: not understanding OT priorities (safety and availability), undervaluing OT engineers' knowledge, incorrect assumptions about OT patching, excluding OT from incident response planning, and not applying OT-specific security frameworks.