Shaping My Path Toward Red Teaming in Critical Infrastructure

This second week of my journey has been less about technical breakthroughs and more about clarity of direction. As I continue learning the fundamentals of cybersecurity—especially through the early Purple Team work I’ve been doing—I’ve gained a better sense of where I want to grow next. And that direction is slowly pointing toward Red Teaming for critical infrastructure.

Not in the sense of being ready for professional adversary simulation teams or ICS penetration testing today—far from it. Instead, this week helped me recognize that the offensive side of security, when applied responsibly to industrial environments, is something I want to gradually build toward.

My early work has focused on understanding both sides of an attack: how threats operate and how to detect them. Purple Teaming has been a great introduction because it forces me to think like an attacker while immediately grounding that mindset in defensive reality.

As I worked through scenarios in my lab this week—basic credential abuse, log analysis, mapping actions to MITRE ATT&CK—I found myself increasingly drawn to the offensive logic behind each technique. Not because it’s exciting in a “hacker culture” way, but because offense reveals the gaps that matter most in critical infrastructure. Seeing how even simple attacks could be simulated in a controlled environment gave me a better appreciation for the Red Team perspective.

I’m not trying to jump ahead of my skill level. Rather, I’m beginning to understand that learning Red Team fundamentals, at a careful pace, is likely going to be part of my long-term path in ICS security.

Another realization from this week: meaningful learning doesn’t come from rushing through content—it comes from actually building things and making mistakes along the way.

I started planning out small, approachable projects that I can complete one at a time, gradually raising the difficulty as I learn more:

These aren’t advanced Red Team operations. They’re not meant to be. They’re stepping stones—practical exercises that help convert theoretical knowledge into real, hands-on understanding. My goal is simply to complete each project with intention, learn from the results, and document what I discover along the way.

Over time, I want these mini-projects to evolve into more ICS-specific work: protocol testing, safe replay scenarios, and eventually learning how adversaries approach industrial environments. But for now, I’m taking it slowly and focusing on building the fundamentals the right way.

The more I study critical infrastructure, the more I realize how much is at stake. These systems power cities, hospitals, water treatment facilities, and entire regions. Even in my small, early-stage learning environment, I can feel the weight of what it means to work in this field.

What I’m doing right now is modest—small labs, simple simulations, foundational skills. But even at this early stage, it feels purposeful. I’m not just learning to “hack things.” I’m learning how real-world failures could cause physical consequences, and how the combination of thoughtful offense and informed defense can help prevent them.

That sense of meaning has made my direction clearer:
I want to continue developing toward Red Teaming for critical infrastructure, slowly and responsibly, with a long-term commitment to contributing where it matters.

I’m still early in this journey, but each week brings more clarity—and more motivation.

If you're in cybersecurity, considering ICS/OT, or just curious about what it takes to break into critical infrastructure protection, follow along. I'll be publishing weekly updates, technical deep-dives, and lessons learned.

Connect:

LinkedIn: https://www.linkedin.com/in/ryan-sharpnack-ics-security

Questions? Hit reply or reach out.