Validating Security Controls in an Integrated IT/OT Environment