LCRA faced a challenge. The Cybersecurity department had adopted NIST 800-53 security controls for the entire organization. But due to the diverse nature of the businesses at LCRA, those controls were not universally applicable across business units such as power generation, river operations, and telecommunications. The implemented security controls didn't account for differences between the operations technology (OT) and enterprise information technology (IT) environments. So LCRA Cybersecurity made it a priority to develop controls for the OT environment that would keep the organization safe while taking into account business needs and professional standards that were widely accepted in the OT environment. To accomplish this goal, Cybersecurity focused on their OT customers. Before writing any new security controls, Cybersecurity staff engaged in deep consultation with OT executives, managers and other professionals to learn their needs. The end result was not just a new set of controls that was widely praised by those working in OT. It also led to a better relationship and increased trust between Cybersecurity and the OT departments.