Converged IT/OT cybersecurity architecture implementing Purdue model with strict network segmentation across IT (users, engineering, admin VLANs), DMZ buffer zone, and air-gapped OT network. Traffic flows from Internet through clustered firewalls and WAF, then branches to IT perimeter via Core Switch or to industrial zone via DMZ firewall and OT firewall. CyberGuard Defence SOC platform monitors all zones via immutable SIEM logs, with agents on commercial PCs, CAO stations, and vault systems feeding telemetry. This architecture isolates critical SCADA/slicing servers and 3D printers from IT compromise while maintaining centralized threat detection and response. Fork and customize this diagram to model your facility's specific VLAN topology, firewall rules, and SOC integration points.