Bureau Veritas Cybersecurity’s Sjoerd Peerlkamp Wins S4x26’s “My Favorite Metric!” game show with OT GHOST 

Bureau Veritas Cybersecurity is proud to share that Sjoerd Peerlkamp, our Global Director for Industrial Cybersecurity, won S4x26’s “My Favorite Metric!” game show with his conference pitch around the OT GHOST: OT’s Greatest Hazard: the Overlooked Security Threats.  

In a rapid 3 minute presentation, Sjoerd delivered a message that resonated with OT and ICS security leaders: defenders have to protect everything, while attackers only need one overlooked weakness. Traditional OT security metrics often celebrate the 99 percent that is covered, but real risk concentrates in the one percent that is not.

Sjoerd’s winning concept, OT GHOST, confronts the false confidence created by green KPIs. A strong patch rate can still leave a small gap that leads to a complete shutdown. A clean vulnerability count can still hide an approved exception that becomes the attack path. OT security is not about averages. It is about what gets overlooked.

The OT GHOST metric is simple and disciplined. Each month, the OT security team identifies one realistic attack scenario with catastrophic impact, the “ghost” that would keep leaders awake at night. Examples include:

• The exception: a legacy system that cannot be patched but has outsized impact
• The blind spot: a critical inherited asset with no clear owner
• The cascade: a chain of low-risk issues that can combine into a high-impact domino effect across the plant floor

The team then translates that monthly GHOST into company value at risk and brings it alongside traditional reporting metrics, helping executives and boards understand what could actually break operations, not just what looks good on a dashboard. 

Over time, the approach can scale beyond the security team. Sjoerd framed this as building a culture of “OT Ghost Busters,” where the people closest to the assets help spot the most significant overlooked threats. A monthly recognition, the “Ghost Buster Award,” rewards the person who identifies the most meaningful GHOST, reinforcing learning and shared ownership rather than blame.

Sjoerd’s idea stood out because it turns compliance into active threat hunting, keeps focus tight on one high-impact scenario per month, and encourages attacker mindset across the organization. One GHOST at a time, teams can surface hidden paths, prioritize what matters most, and reduce real business risk before it becomes an incident.

Congratulations to Sjoerd on this well-deserved win and for bringing a practical, memorable way to measure what OT teams too often miss.