.png)
At NexusCon 2025, Osman Saleem, Managing Director at Actimeta, walked through what OT cybersecurity actually looks like from the building owner’s seat—after the tools are bought, the network is “secured,” and the dashboards light up with thousands of vulnerabilities. Drawing on experience managing OT cyber programs for large portfolios, including critical infrastructure, Osman focused on why traditional vulnerability-driven approaches break down in real buildings.
The presentation zeroed in on the reality of mixed-age devices, forgotten workstations, service contractor access, and thinly staffed FM and OT teams spread across geographies. Rather than another vendor pitch, this was a candid look at what owners are really dealing with once the cyber journey gets messy.
Behind the paywall, Osman unpacks why “enumerating badness” doesn’t work for building portfolios and how owners can shift from panic-inducing dashboards to decisions that actually reduce risk. You’ll hear why probability-based cyber scoring often falls apart, how consequence-based thinking changes prioritization for mission-critical systems, and what governance, contracts, and capital projects have to do with cyber outcomes.
The recording also covers where owners consistently underestimate risk—like OS patching on BMS workstations—and why top-down compliance moves are often the only way to unlock budget for real remediation. This is essential viewing for any FM, EM, or OT leader trying to make progress on cybersecurity without pretending they can fix everything at once.
Watch the full recording inside Nexus Pro →
At NexusCon 2025, Osman Saleem, Managing Director at Actimeta, walked through what OT cybersecurity actually looks like from the building owner’s seat—after the tools are bought, the network is “secured,” and the dashboards light up with thousands of vulnerabilities. Drawing on experience managing OT cyber programs for large portfolios, including critical infrastructure, Osman focused on why traditional vulnerability-driven approaches break down in real buildings.
The presentation zeroed in on the reality of mixed-age devices, forgotten workstations, service contractor access, and thinly staffed FM and OT teams spread across geographies. Rather than another vendor pitch, this was a candid look at what owners are really dealing with once the cyber journey gets messy.
Behind the paywall, Osman unpacks why “enumerating badness” doesn’t work for building portfolios and how owners can shift from panic-inducing dashboards to decisions that actually reduce risk. You’ll hear why probability-based cyber scoring often falls apart, how consequence-based thinking changes prioritization for mission-critical systems, and what governance, contracts, and capital projects have to do with cyber outcomes.
The recording also covers where owners consistently underestimate risk—like OS patching on BMS workstations—and why top-down compliance moves are often the only way to unlock budget for real remediation. This is essential viewing for any FM, EM, or OT leader trying to make progress on cybersecurity without pretending they can fix everything at once.
Watch the full recording inside Nexus Pro →
Head over to Nexus Connect and see what’s new in the community. Don’t forget to check out the latest member-only events.
Go to Nexus ConnectJoin Nexus Pro and get full access including invite-only member gatherings, access to the community chatroom Nexus Connect, networking opportunities, and deep dive essays.
Sign Up
Nexus Labs exists to move the smart buildings industry forward, without the fluff.
On Wednesday, we send out the renowned (and free) Nexus Newsletter.
This is a great piece!
I agree.