In this era of converged Building Control Systems, the HVAC, Lighting, Fire, Parking, Elevators, Digital Signage have now become attack surfaces that can be used to compromise not just the building systems, but also the tenants and visitors of the building and their organizational IT systems. In this session we will explore some of the best practices for adopting Zero Trust architectures, use of Cloud services, SOC-as-a-Service, and Contingency Planning/Disaster Recovery for when a cyber incident does occur. Buildings are exceptionally difficult to protect as they are used in every sector but can have different ownership types (REITS, government, private sector), levels of physical security (contract guard, secure facility, Defense Industrial Base, etc.), different levels of energy security (stand-by power, prime power, Distributed Energy Resources), different levels of recovery/resiliency (medical, data centers, commercial office space, residential, etc.) and different financial business models (Triple Net Lease, Energy Savings Performance Contracts, LEED, EPA Energy Star, etc.). The session will look at the proliferation of attack surfaces address, examine the cost savings versus the potential impacts, how to balance risk to succeed -what does that risk management strategy look like? The building owners ultimately need to decide if they are sacrificing security for efficiency and the role their building will play in their portfolio for the next decades.