Industrial Control Systems, the systems that make modern life possible, continue to be targeted and exploited creating havoc for governments, companies, and consumers alike. These environments are complicated to secure party due to legacy technologies and processes, but also by the people within the organization itself. After the City of Oklahoma City’s recent experience overhauling SCADA systems some key lessons about the human side of SCADA security were learned. The challenge defenders have begins with how do we establish a security program that benefits management, operational technology, and information technology groups. Attendees of this session will review these challenges and hear about ways to improve the relationships between these groups to reduce working friction, and bring about a more robust and effective SCADA security program.