Podcasts about cmdb

Recorded live at EIC 2026 in Berlin, Jeff and Jim sit down with Martin Sandren, IAM Product Lead at IKEA, for a wide-ranging conversation covering nearly every corner of modern identity security. Martin shares what has changed since his first IDAC appearance on episode 293, including the rise of AI, growing interest in digital sovereignty, and the maturing shared signals framework. The conversation moves through risk-based defense in depth, tiered MFA rollout strategies, session management, and the real challenge of trusting AI to make security decisions. Martin introduces identity dark matter and explains how IVIP can surface the 95-plus percent of applications that never reach an IGA system. The episode also covers shadow AI, MCP server risks, the SaaSpocalypse debate, and the EU AI Act. It closes on a grounded note: solar panels.Connect with Martin: https://www.linkedin.com/in/martinsandren/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comTIMESTAMPS00:00 Welcome and EIC 2026 intro01:47 What has changed in two years: AI, sovereignty, shared signals03:06 Martin's EIC presentations: AI for IAM and IAM for AI04:46 Can you prioritize one direction over the other?07:13 What would it take to trust AI making identity decisions?09:32 AI-enhanced detection and risk-based session management13:07 Session invalidation and the shared signals framework14:11 Defense in depth and right-sizing privileges18:25 MFA today: any MFA versus phish-resistant MFA19:17 AI chatbots, enterprise LLMs, and shadow AI23:11 MCP servers, NHI risk, and return on risk thinking27:00 AI configuring IAM systems: how close are we?31:30 LLM costs, the SaaSpocalypse, and enterprise AI futures40:10 Identity dark matter and the IVIP concept44:16 CMDB versus IVIP: do you need both?46:18 The EU AI Act and building an AI governance registry49:18 Where to start: get your AI inventory in place first50:00 Closing thoughts and the solar panel tangentKEYWORDSAI for IAM, IAM for AI, identity dark matter, IVIP, IGA, shared signals framework, phish-resistant MFA, defense in depth, session management, MCP servers, NHI, shadow AI, SaaSpocalypse, EU AI Act, AI governance, zero standing privilege, EIC 2026, IKEA, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Martin Sandren

Send us Fan MailA vulnerability backlog can look like a crisis, but sometimes the real crisis is that you're staring at the wrong picture. We're joined by Dave Sims, most recently Staff VP at Elevance Health and a longtime technology leader, to talk through vulnerability risk management in plain terms and why “more findings” doesn't automatically mean “more security.” We get specific about the difference between vulnerability management and patch management, and how confusion between the two creates low-trust handoffs, endless ticket churn, and slow remediation.We also dig into the messy reality of asset inventory. CMDB data goes stale, cloud resources appear and disappear, and scanners can produce a better “what's out there” view without telling you why it matters. Dave explains how metadata tagging and business context turn raw vulnerability data into risk-based prioritization: knowing who owns a system, what it does, why the business depends on it, and which weaknesses truly expose critical services. Along the way, he shares a story of cutting through years of miscommunication with a single no-blame conversation that unlocked progress fast.If you're a CISO, security leader, architect, or practitioner trying to make VRM work at enterprise scale, this is a practical framework: outside-in black box assessment, inside-out discipline, and a people-first approach that values training, process, and continuous improvement over shiny tools. Subscribe, share this with a teammate who owns patching or VRM, and leave a review if it helps. What's the biggest thing keeping your vulnerability program from being truly risk-based?

Cristin Gooderham, area vice president of Canada enterprise sales at ServiceNow This week’s In The Channel episodes have been coming live from ServiceNow’s Knowledge 2026 conference in Las Vegas, where the company made its most aggressive platform repositioning in years – moving from workflow automation into what it’s calling the Agentic Business: autonomous AI agents doing real enterprise work, governed by a platform layer that sits above everything else running in your organization. The big announcements – AI Control Tower, Action Fabric, the Go Live AI guarantee – were covered extensively earlier this week. This conversation is a different question: what does all of that actually mean if your customers are Canadian? Cristin Gooderham is area vice president of Canada enterprise sales at ServiceNow. In this conversation, she makes a case worth sitting with: the traits that have historically made Canadian enterprises slower adopters – governance-first thinking, regulatory sensitivity, preference for proven approaches – are actually an advantage in this specific moment. When the lead pitch for enterprise AI is governance and control, Canada is ahead of the curve, not behind it. She also touches on the partner ecosystem dynamic, describing a market that saw boutique ServiceNow specialists absorbed by larger integrators over the past few years, and is now seeing a new generation of AI-first specialists starting to emerge and fill that gap. For Canadian solution providers trying to figure out where they fit in the ServiceNow ecosystem, that’s an encouraging signal. And on the security side, the completed acquisitions of Armis and Veza aren’t just product additions – they’re an active attempt to bring a new category of security-domain partners into an ecosystem that hasn’t historically included them. This episode is part of our Knowledge 2026 coverage series. Also in the series: our conversation with ServiceNow SVP of global partnerships and channels Michael Park, and on Monday, EY Canada partner and national ServiceNow practice leader Steven Kiss. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last sixteen years. I’m Robert Dutt, editor of ChannelBuzz.ca, and your host for the show. This week I’ve been at ServiceNow’s Knowledge 2026 conference in Las Vegas, where the company spent the week making the case for what it’s calling the Agentic Business – the argument that the AI pilot era is over and autonomous agents doing real enterprise work, governed by a platform layer, is the new reality. Yesterday, you heard from ServiceNow’s global channel chief on what it means for the partner model. This episode is a different question: what does it actually mean if you’re a Canadian enterprise or a Canadian partner? My guest is Cristin Gooderham, area vice president for Canada enterprise sales at ServiceNow. She’s leading the company’s go-to-market motion in Canada at what is genuinely a pivotal moment – a week where the platform her team sells just repositioned itself as the governance layer for all enterprise AI, not just workflow automation. We talked about where Canadian organizations actually are on this journey, what makes this market different from the US, and where she sees the near-term opportunity for Canadian partners. Let’s get right into it – my chat with Cristin Gooderham. Cristin, thanks for taking the time. I appreciate it. Cristin Gooderham: I’m very excited to be here. Thank you so much for taking the time with me. Robert Dutt: Well, and thanks for having me out to Knowledge to get a sense of what’s going on here. When you look at where Canadian enterprises are right now on AI adoption – a big theme obviously this week is moving from proof of concepts to proving actual value – where do you see the Canadian market in that regard? Are we ahead, behind, or is it more complicated than that? Cristin Gooderham: I wouldn’t say we’re behind. I would say we’re right on pace with what I’ve seen from my US counterparts. We have some organizations that are driving full force ahead, and then we do have some that are still stuck in that POC landscape where they’re really still struggling to define what they want AI to be for them – which is probably the biggest thing. Where we’ve seen organizations really do a tremendous job is where they’ve come with a very strong point of view of what their business challenge was and tried to look at it from an AI perspective, versus “I wonder what AI could solve for me.” Robert Dutt: The more concrete the approach, the better it sounds like. Cristin Gooderham: Absolutely. Tying everything to a business outcome that can actually, particularly if it can support revenue, is where we see organizations find not just the energy but the funding to put towards it. Robert Dutt: Bill McDermott’s framing this morning was the AI blind spot – organizations running agents without governance visibility, which has kind of been the state of play up until now. Given what you know about Canadian enterprises – whether it’s regulatory caution, public sector sensitivity, or just Canadian conservatism in terms of not wanting to be first out on that limb – do you think that message lands differently in Canada than it does in the US or other markets? Cristin Gooderham: I think for ServiceNow it lands even stronger in the Canadian market because of that conservatism. The reality is platforms like ServiceNow are really bringing to the market true visibility into your AI asset estate and the ability to actually govern and audit what is going on with your AI agents. No one is going to win the AI race by having all the agents – that’s just not a realistic expectation. But having visibility into what all those agents are doing, particularly once they start talking to each other – I think Canadian organizations are going to be very interested to have a view of that estate before they make massive investments in AI. We’ve already had those discussions with a lot of clients who really want to understand: of course we want to get AI, of course we want to find efficiency gains, but we need to do it in a way that we can govern it. That’s been a very key message, and it’s great to hear Bill reiterating it here because that’s really what ServiceNow can bring to the table. Robert Dutt: How live has that governance discussion been with clients to date? Cristin Gooderham: I would say the discussion has been very live. The implementation and action of it – we are working diligently on that piece. Where we’ve seen success is with clients in particular verticals that are far more mature with ServiceNow than others. Our banks in Canada, for example, have been invested in ServiceNow and really viewing us as a strategic platform since as early as 2010 in some cases. They’ve made investments not just from an IT point of view but have expanded into the security and risk areas of our platform. Those are the ones where we’re having the most productive discussions and are really moving quickly beyond proof of value into true value. Robert Dutt: I’m curious to what degree you see the regulatory environment as backfilling that as well – how often is it being driven by existing or coming regulation, especially in regulated industries? Cristin Gooderham: As always, the laws are typically behind the technology. What I’ve seen is that our own customers are taking a very forward-facing look at it because they know that regulation will be something to consider. We’ve had tremendous discussions on AI processing data, data at rest, Canadian sovereignty of the data. That has been a really hot topic. There’s no strong directive coming from the federal government to say all data must reside in Canada at all times. But the AI component has made it very interesting, and it’s a discussion we’re having constantly with customers. Robert Dutt: A stat that came up yesterday was that ninety percent of ServiceNow implementations globally are partner-involved or partner-delivered. What does that mix look like in Canada? What can you tell me about GSIs versus smaller partners? Are you seeing a new breed of more specialized, AI-focused partners emerging that are punching above their weight? Cristin Gooderham: The partner ecosystem in Canada is absolutely a complete mix – everything from global GSIs down to extremely unique niche partners. Over the last few years, we did see a tremendous amount of our really strong boutique partners actually get acquired by global GSIs. When I got to ServiceNow six years ago, we had a tremendous amount of point partners – ServiceNow-specialized and very focused on a particular part of our platform. That went away for a bit because so many GSIs were excited about the opportunity to expand their ServiceNow practices. Now we’re seeing the resurgence of those smaller point solution partners coming back with a ServiceNow-only, AI-first view, which has been really exciting to see. Robert Dutt: I wonder if this becomes a cycle that repeats itself as those folks grow up and we see another wave of consolidation down the road. Cristin Gooderham: Potentially, absolutely. But the opportunity for partners in Canada to focus on ServiceNow is tremendous. We’re really excited to see some of these up-and-coming partners. We had two recently launched in Western Canada – both Ardent Labs and Skymark – taking a ServiceNow-only focus, which is a very different approach than the GSIs. The GSIs are fantastic, but they look holistically. A ServiceNow-dedicated partner can really make an impact in ways a GSI won’t necessarily prioritize. Robert Dutt: One trend we’re seeing across the channel is multi-partner engagement becoming more common. You’re nodding as I say that. I’m curious what you’re seeing in terms of situations where a big GSI tags in more specialized partners to fill the bench and meet customer needs. Cristin Gooderham: It is absolutely critical and something we at ServiceNow fully support. We do it ourselves – we have our own expert services, and a lot of times we will engage niche partners to fill particular gaps. One of the areas where I see our partner ecosystem doing that a tremendous amount is in the security and risk space, because some partners are phenomenal on the overall platform but security and risk is a different skill set – it’s even a different vocabulary. I love seeing partners collaborate because it’s usually the best option for the customer. It’s the best outcome for everybody: the partners are successful, the customer is successful, and therefore ServiceNow is successful. Robert Dutt: I realize this is not how one builds out a business model, but I’m curious – as you said, there’s a rising generation of ServiceNow-focused partners. If you were to point to the greenfield, the underserviced opportunity in the Canadian market today, what would it be? Cristin Gooderham: So I’ve touched on it already – security and risk. With our acquisitions of both Armis and Veza, that is an area where we’re going to continue to invest. If ServiceNow partners are looking to expand their skill set, that is where we need additional help. When we started having the AI Control Tower discussion late last year, it was at every executive briefing the thing that made every CIO sit up and pay attention. So anything in that space is really where we’re going to need to see continued partner enablement and adoption, and hopefully new partners coming in to pick it up. Beyond that, as we continue to make moves into the CRM space, those are also going to be areas where we need additional partners. We have phenomenal partners from the US that come up and do work here, but as an opportunity for more Canadian jobs, that’s definitely an area I would point Canadian partners toward. Robert Dutt: The AI Factory and NVIDIA partnership that came up – how do you see that through a Canadian lens? Cristin Gooderham: I think the key piece is that NVIDIA and ServiceNow together have a great story. We know most of our customers are investing in NVIDIA – a number of the telcos, we’ve already had discussions with them. So it’s really an opportunity for us to continue to expand our AI footprint and help create really positive three-way relationships. As NVIDIA becomes more and more critical in every market, it’s fantastic to see that they see the value in ServiceNow – and our customers are seeing the same thing. Robert Dutt: Data sovereignty – big issue in the Canadian market. It sounded from your earlier comments like it’s not quite a hard regulatory concern yet, but how do you see it playing out? What are customers asking you about? Cristin Gooderham: Data sovereignty is a hot topic in every customer engagement we have. In the public sector space it has a tremendous amount of weight. We’ve seen a real shift from the federal government in terms of their position on sovereignty – they haven’t come out and defined very strongly what data sovereignty looks like, but it’s absolutely something we’re focused on. We announced earlier last year a large investment in Canada to build out our own isolated full stack to host all of our public sector clients, ensuring Canadians on Canadian soil are managing the data. But it does stop somewhat short of true sovereignty. The benefit of SaaS is the ability to push upgrades to customers at any given time – as soon as you move to true data sovereignty, that piece closes off. It doesn’t make it a negative, it’s just something clients need to make decisions on. Robert Dutt: With AI Control Tower coming online and the way Bill was repositioning the company around that governance layer – as almost the orchestrator of the ecosystem – how does that change the partner role? Cristin Gooderham: I don’t think it changes the partner role tremendously. As you heard in the keynote this morning, we’ve always been the platform of platforms, and we’re still advocating that message. It’s just refined itself to really focus on securing and governing the AI estate, as opposed to a more open approach. Partners are still going to be critical to help us get customers to success. But it does mean that retraining and focus into those areas – understanding the security and governance piece – is going to be critical moving forward. Robert Dutt: The security piece is so big in the channel writ large. Do you see it as another entry point for new partners to come into the ServiceNow ecosystem and add what you’re doing to what they’re doing with other vendors and their own managed services? Cristin Gooderham: Absolutely. Where I think there’s a really interesting opportunity is for more security-focused partners that perhaps haven’t focused on ServiceNow before – they’re focused on multiple different point solutions – to actually start looking at ServiceNow as another tool to put in their bag. We are having expanded security conversations all the time. I think it’s very clear through our acquisitions that this is going to be a continued focus. A security partner like Arctiq, for example – they’re already engaged a lot with us, and I believe they’re already engaged with Armis. This could be a really interesting push for them to take on more of ServiceNow. The good part is that there’s no shortage of security tools out there to take on. The challenge as a partner is the same thing – there’s no shortage of security tools to take on. Robert Dutt: Is that mindshare conversation with security-focused partners already happening, or is there a strategy to identify the right partners and get on their radar? Cristin Gooderham: Those conversations are already happening – not necessarily with the more niche individual security partners yet, but a number of the GSIs have very strong security and risk practices. We’ve had a lot of reach out from Canadian partners at organizations like KPMG, where they run a security and risk practice and are very excited about these acquisitions and wanting to discuss how this folds into their practice. So there’s definitely opportunity at every level of partner. Robert Dutt: We talked a little bit about governance, and I noticed that Bell Canada is presenting tomorrow on the subject of their governance guardrails implementation. What can you tell me about that relationship and what they’ve done? Are we starting to see a cluster of organizations moving toward that space, or is Bell still more of a bellwether? Cristin Gooderham: When we talk about Bell, we have to talk about two different angles. We have Bell as a customer – Bell Business, who are a phenomenal customer we’ve engaged with in a very long-term relationship and who have made a huge investment to innovate on the ServiceNow platform. And then underneath Bell we also have their partner, Acteamo, which is a fully Bell-backed organization that is a services partner in the Canadian ecosystem. So there’s Bell as the customer and Bell as the partner. We have phenomenal relationships with both, and we’re very excited to see what Acteamo is doing in the ecosystem. I know they’re looking to expand not only across Canada but even into the US to bring some of the learnings from working with Bell Canada to other telcos. Robert Dutt: When you’re talking to Canadian solution providers who’ve seen the announcements this week and are trying to figure out where they fit in the whole Agentic Business picture – what’s your advice on where to focus, where to build practice, where the opportunity is richest and most accessible right now in the Canadian market? Cristin Gooderham: I’ll go back to what I said at the very beginning – focus on business outcomes. Nobody is interested in a discussion on agentic AI to modernize your CMDB. It’s truly about finding problems in the organization where AI can lead to either revenue generation or true cost savings. Where partners will be successful is if they can quickly identify – whether it’s verticalized opportunities across oil and gas, telco, or retail – areas where they’ve had success before and can bring that to customers. I don’t know that there’s a single point of entry. The challenge with AI is that it can do so many things. But Canadians like to start small. They like to be able to prove something out quickly, and then they like to move fast. So I would always caution partners: look for opportunities to do just that. Start small, move quickly, and then progress to the next step. Robert Dutt: That’s great advice. I appreciate your time, especially given how busy things are. You really helped put a Canadian lens on a lot of what we’ve heard this week. Cristin Gooderham: Thank you so much. Robert Dutt: There you have it – Cristin Gooderham, area vice president for Canada enterprise sales at ServiceNow, recorded live at Knowledge 2026 in Las Vegas. I’d like to thank Cristin for her time during what was clearly a very busy week for the ServiceNow team. And thank you for listening. A few things worth pulling out of this one. First – the Canadian conservatism point. Cristin made the case that the traits that have historically made Canadian enterprises slower adopters – caution around governance, preference for proven approaches, regulatory sensitivity – are actually an advantage in this specific moment. The agentic AI conversation leads with governance. That’s a message that lands here before it lands anywhere else, and that’s an opening for partners. Second – the partner ecosystem observation. What she described is a market that went through a consolidation phase where boutique ServiceNow specialists got absorbed by larger integrators, and is now seeing a new generation of AI-first specialists starting to emerge and fill that gap again. If you’re a mid-sized Canadian solution provider trying to figure out where you fit, that’s encouraging news. And third – security as the door. The Armis and Veza acquisitions she referenced aren’t just product additions. They’re a signal that ServiceNow is actively trying to pull in a new category of security-domain partners who haven’t historically been in the ServiceNow ecosystem. If your practice is in that space, it’s worth paying attention. More from Knowledge 2026 on Monday, when I’ll have my conversation with Steven Kiss, partner and national ServiceNow practice leader at EY Canada – a conversation about what the boutique-to-big-four journey actually teaches you about where the channel is headed next. If you’re finding In The Channel useful, we’d love for you to follow or subscribe wherever you’re listening. We’re on Apple Podcasts, Spotify, YouTube, and most major directories. Ratings and reviews are always appreciated and always read. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.

Security teams have more data than ever -- and less confidence in it. Angelos Kottas, VP of Product and Corporate Marketing at Axonius, opens by sharing a striking finding from the Axonius Actionability Report: 55% of CISOs still run their environments off spreadsheets, and fewer than 20% have daily updates to their asset data. The result is a gap between what organizations think they know and what is actually happening across their digital real estate. Axonius was founded in 2017 after its co-founders witnessed a Fortune 100 retailer go into crisis during a live security incident -- unable to identify which assets were impacted or who owned them. That founding story still frames the company's mission: give security teams a comprehensive, enriched, and current view of every asset so they can stop flying blind. But Kottas argues that visibility alone is no longer the goal. Axonius launched its exposure management product at RSAC Conference 2025 -- its most successful product launch to date -- and the message from customers is consistent: what used to take weeks now takes hours or minutes. The platform now enables teams to move from discovery to coverage gap analysis to prioritized remediation, all in one place. The business case is real. Texas A&M University used Axonius to gamify risk reduction across its decentralized schools and divisions, turning remediation into a leaderboard and dramatically accelerating time to closure. An entertainment company customer used Axonius during the 2024 CrowdStrike Blue Screen of Death incident to scope its impact and build a remediation plan in minutes -- delaying operations by just five minutes, while others faced days of disruption. Kottas also addresses the AI question head-on. He frames it as AI squared: the foundation for artificial intelligence is asset intelligence. Agentic AI and autonomous SOC workflows are only as reliable as the data underneath them. Conflicting endpoint counts across EDR, CMDB, and other tools produce dirty data that undermines AI trust. Axonius solves this by delivering a deduplicated, enriched asset graph with business context layered in -- so AI systems can make recommendations organizations can actually act on. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Angelos Kottas, VP of Product and Corporate Marketing, Axonius LinkedIn: https://www.linkedin.com/in/amkottas/ RESOURCES Axonius website: https://www.axonius.com Axonius Actionability Report: https://www.axonius.com (available on the Axonius website) Adapt 2026 (annual customer conference, April 15, New York City): https://www.axonius.com Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Angelos Kottas, Axonius, Sean Martin, asset intelligence, exposure management, cyber asset attack surface management, CAASM, vulnerability management, actionability, CISO visibility, AI in cybersecurity, agentic AI, asset discovery, coverage gap analysis, incident response, RSAC Conference 2026, brand spotlight, brand story, brand marketing, marketing podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode, Jeffrey discusses the value of the CMDB.Email Jeffrey with any questions or feedback (jtefertiller@servicemanagement.us)Each week, Jeffrey will be sharing his knowledge on Service Delivery (Mondays) and Service Management (Thursdays). Jeffrey is the founder of Service Management Leadership, an IT consulting firm specializing in Service Management, Asset Management, CIO Advisory, and Business Continuity services.  The firm's website is www.servicemanagement.us.  Jeffrey has been in the industry for 30 years and brings a practical perspective to the discussions. He is an accomplished author with seven acclaimed books in the subject area and a popular YouTube channel with approximately 1,600 videos on various topics.  Also, please follow the Service Management Leadership LinkedIn page.

In this episode, Jeffrey discusses four ingredients for an awesome CMDB.Email Jeffrey with any questions or feedback (jtefertiller@servicemanagement.us)Each week, Jeffrey will be sharing his knowledge on Service Delivery (Mondays) and Service Management (Thursdays). Jeffrey is the founder of Service Management Leadership, an IT consulting firm specializing in Service Management, Asset Management, CIO Advisory, and Business Continuity services.  The firm's website is www.servicemanagement.us.  Jeffrey has been in the industry for 30 years and brings a practical perspective to the discussions. He is an accomplished author with seven acclaimed books in the subject area and a popular YouTube channel with approximately 1,600 videos on various topics.  Also, please follow the Service Management Leadership LinkedIn page.

Segment 1 - Interview with Tim Morris Bringing intelligence to assets You've been through 6 CMDB projects in the last decade. None of them came close to the original goals, the CMDB was already out-of-date long before the project had any hopes of completing. Is building an asset inventory just too ambitious a project for most organizations, or is there a better way? Tim Morris shares a different approach with us today. It might require some convincing and some courage, but it seems much more likely to succeed than any of your past CMDB efforts… Segment Resources Trusted automation: Building autonomous IT with confidence This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them! Segment 2 - Topic: the new White House cybersecurity strategy In this segment, we explore some early details about the White House's new, but yet unreleased cybersecurity strategy. It appears that drafts have been shared (or leaked) to the press, so there's plenty to discuss here! Segment 3 - News Finally, in the enterprise security news, Massive amounts of funding and acquisitions as we get close to RSA Open source registries need help Microsoft Copilot reads email marked as DO NOT READ Don't use an LLM to generate passwords is prompt injection a vulnerability defining risks AI changes the build versus buy equation the scammer's perspective All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-447

Segment 1 - Interview with Tim Morris Bringing intelligence to assets You've been through 6 CMDB projects in the last decade. None of them came close to the original goals, the CMDB was already out-of-date long before the project had any hopes of completing. Is building an asset inventory just too ambitious a project for most organizations, or is there a better way? Tim Morris shares a different approach with us today. It might require some convincing and some courage, but it seems much more likely to succeed than any of your past CMDB efforts… Segment Resources Trusted automation: Building autonomous IT with confidence This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them! Segment 2 - Topic: the new White House cybersecurity strategy In this segment, we explore some early details about the White House's new, but yet unreleased cybersecurity strategy. It appears that drafts have been shared (or leaked) to the press, so there's plenty to discuss here! Segment 3 - News Finally, in the enterprise security news, Massive amounts of funding and acquisitions as we get close to RSA Open source registries need help Microsoft Copilot reads email marked as DO NOT READ Don't use an LLM to generate passwords is prompt injection a vulnerability defining risks AI changes the build versus buy equation the scammer's perspective All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-447

Segment 1 - Interview with Tim Morris Bringing intelligence to assets You've been through 6 CMDB projects in the last decade. None of them came close to the original goals, the CMDB was already out-of-date long before the project had any hopes of completing. Is building an asset inventory just too ambitious a project for most organizations, or is there a better way? Tim Morris shares a different approach with us today. It might require some convincing and some courage, but it seems much more likely to succeed than any of your past CMDB efforts… Segment Resources Trusted automation: Building autonomous IT with confidence This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them! Segment 2 - Topic: the new White House cybersecurity strategy In this segment, we explore some early details about the White House's new, but yet unreleased cybersecurity strategy. It appears that drafts have been shared (or leaked) to the press, so there's plenty to discuss here! Segment 3 - News Finally, in the enterprise security news, Massive amounts of funding and acquisitions as we get close to RSA Open source registries need help Microsoft Copilot reads email marked as DO NOT READ Don't use an LLM to generate passwords is prompt injection a vulnerability defining risks AI changes the build versus buy equation the scammer's perspective All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-447

Segment 1 - Interview with Tim Morris Bringing intelligence to assets You've been through 6 CMDB projects in the last decade. None of them came close to the original goals, the CMDB was already out-of-date long before the project had any hopes of completing. Is building an asset inventory just too ambitious a project for most organizations, or is there a better way? Tim Morris shares a different approach with us today. It might require some convincing and some courage, but it seems much more likely to succeed than any of your past CMDB efforts… Segment Resources Trusted automation: Building autonomous IT with confidence This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them! Segment 2 - Topic: the new White House cybersecurity strategy In this segment, we explore some early details about the White House's new, but yet unreleased cybersecurity strategy. It appears that drafts have been shared (or leaked) to the press, so there's plenty to discuss here! Segment 3 - News Finally, in the enterprise security news, Massive amounts of funding and acquisitions as we get close to RSA Open source registries need help Microsoft Copilot reads email marked as DO NOT READ Don't use an LLM to generate passwords is prompt injection a vulnerability defining risks AI changes the build versus buy equation the scammer's perspective All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-447

In this episode, Jeffrey discusses one method to improving your CMDBEach week, Jeffrey will be sharing his knowledge on Service Delivery (Mondays) and Service Management (Thursdays). Jeffrey is the founder of Service Management Leadership, an IT consulting firm specializing in Service Management, Asset Management, CIO Advisory, and Business Continuity services.  The firm's website is www.servicemanagement.us.  Jeffrey has been in the industry for 30 years and brings a practical perspective to the discussions. He is an accomplished author with seven acclaimed books in the subject area and a popular YouTube channel with approximately 1,500 videos on various topics.  Also, please follow the Service Management Leadership LinkedIn page.

This week, we discuss the Cloudflare outage, their current business strategy, and paying OSS maintainers. Plus, thoughts on loading the dishwasher and managing your home. Watch the YouTube Live Recording of Episode (https://www.youtube.com/live/byFyPbe9HC0?si=DpOApdTKs9oh-bWl) 548 (https://www.youtube.com/live/byFyPbe9HC0?si=DpOApdTKs9oh-bWl) Runner-up Titles Mystery Knob Vegans are cursed vegetarians Skilled enough Defrag the dishwasher Design Intentions QR codes everywhere I don't know where we draw the line, but I know where we start SDT IoT CMBD, Home Edition. SDT Open Source Money Maker Lead with Nagware Stocks go up, stocks go down Safari's my naked browser Coté wanted to add periods to all of these but did not. Rundown FFmpeg to Google: Fund Us or Stop Sending Bugs (https://thenewstack.io/ffmpeg-to-google-fund-us-or-stop-sending-bugs/) Cloudflare blames massive internet outage on 'latent bug' (https://techcrunch.com/2025/11/18/cloudflare-blames-massive-internet-outage-on-latent-bug/) Cloudflare outage on November 18, 2025 (https://blog.cloudflare.com/18-november-2025-outage/) Replicate is joining Cloudflare (https://blog.cloudflare.com/replicate-joins-cloudflare/) Relevant to your Interests The Walt Disney Company Announces Multi-Year Distribution Agreement With YouTube TV (https://thewaltdisneycompany.com/the-walt-disney-company-announces-multi-year-distribution-agreement-with-youtube-tv/) Anthropic claims of Claude AI-automated cyberattacks met with doubt (https://www.bleepingcomputer.com/news/security/anthropic-claims-of-claude-ai-automated-cyberattacks-met-with-doubt/) Disrupting the first reported AI-orchestrated cyber espionage campaign (https://www.anthropic.com/news/disrupting-AI-espionage) Compact, human-readable serialization of JSON data for LLM prompts (https://github.com/toon-format/toon) Outage Tracker | Updog By Datadog (https://updog.ai/) Jeff Bezos Creates A.I. Start-Up Where He Will Be Co-Chief Executive (https://www.nytimes.com/2025/11/17/technology/bezos-project-prometheus.html) Power (https://a16z.com/powerpoint-is-your-therapist-gamma-is-your-coach/)P (https://a16z.com/powerpoint-is-your-therapist-gamma-is-your-coach/)oint is your therapist, Gamma is your coach | Andreessen Horowitz (https://a16z.com/powerpoint-is-your-therapist-gamma-is-your-coach/) Red Hat Introduces Project Hummingbird for “Zero-CVE” Strategies (https://www.redhat.com/en/about/press-releases/red-hat-introduces-project-hummingbird-zero-cve-strategies) A new era of intelligence with Gemini 3 (https://blog.google/products/gemini/gemini-3/) The platform that needs a platform (https://cote.io/2025/11/19/the-platform-that-needs-a.html) The AI Coding Startup Favored by Tech CEOs Is Now Worth $29.3 Billion (https://www.wsj.com/tech/ai/the-ai-coding-startup-favored-by-tech-ceos-is-now-worth-29-3-billion-14c72c02) The Smartest Fliers Use This App to Survive America's Travel Hell (https://www.wsj.com/tech/personal-tech/flighty-app-flight-cancellations-delays-900a8aad) Oracle's Market Cap Decline: Analyzing the Impact on Finance (https://platformonomics.com/2025/11/platformonomics-tgif-108-november-14-2025/) OpenAI's Fidji Simo Plans to Make ChatGPT Way More Useful—and Have You Pay For It (https://www.wired.com/story/fidji-simo-is-openais-other-ceo-and-she-swears-shell-make-chatgpt-profitable/) Europe's cookie nightmare is crumbling (https://www.theverge.com/news/823788/europe-cookie-prompt-browser-changes-proposal) Nonsense AI-Powered Teddy Bear Caught Talking About Sexual Fetishes and Instructing Kids How to Find Knives (https://gizmodo.com/ai-powered-teddy-bear-caught-talking-about-sexual-fetishes-and-instructing-kids-how-to-find-knives-2000687140) Whipped Cream Worth $80K Stolen in Ontario (https://www.yahoo.com/news/articles/whipped-cream-worth-80k-stolen-135930616.html) Conferences DevOpsDayLA at SCALE23x (https://www.socallinuxexpo.org/scale/23x), March 6th, Pasadena, CA Use code: DEVOP for 50% off. CFP open until Dec. 1st. SDT News & Community Join our Slack community (https://softwaredefinedtalk.slack.com/join/shared_invite/zt-1hn55iv5d-UTfN7mVX1D9D5ExRt3ZJYQ#/shared-invite/email) Email the show: questions@softwaredefinedtalk.com (mailto:questions@softwaredefinedtalk.com) Free stickers: Email your address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) Follow us on social media: Twitter (https://twitter.com/softwaredeftalk), Threads (https://www.threads.net/@softwaredefinedtalk), Mastodon (https://hachyderm.io/@softwaredefinedtalk), LinkedIn (https://www.linkedin.com/company/software-defined-talk/), BlueSky (https://bsky.app/profile/softwaredefinedtalk.com) Watch us on: Twitch (https://www.twitch.tv/sdtpodcast), YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured), Instagram (https://www.instagram.com/softwaredefinedtalk/), TikTok (https://www.tiktok.com/@softwaredefinedtalk) Book offer: Use code SDT for $20 off "Digital WTF" by Coté (https://leanpub.com/digitalwtf/c/sdt) Sponsor the show (https://www.softwaredefinedtalk.com/ads): ads@softwaredefinedtalk.com (mailto:ads@softwaredefinedtalk.com) Recommendations Brandon: The Beast in Me (https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.netflix.com/title/81427733&ved=2ahUKEwiy4NnP_P6QAxWGnWoFHU37GesQFnoECGcQAQ&usg=AOvVaw0QnhTLbjScTHWLLBI4qs26) Matt: The Prestige (https://www.imdb.com/title/tt0482571/) Coté: Fantastic 4 (https://en.wikipedia.org/wiki/The_Fantastic_Four:_First_Steps) with that Boba Fet (https://en.wikipedia.org/wiki/The_Fantastic_Four:_First_Steps)t (https://en.wikipedia.org/wiki/The_Fantastic_Four:_First_Steps) guy (https://en.wikipedia.org/wiki/The_Fantastic_Four:_First_Steps), “Winter's Mourning,” from Uncaged God (https://www.dmsguild.com/en/product/382873/uncaged-goddesses)d (https://www.dmsguild.com/en/product/382873/uncaged-goddesses)esses (https://www.dmsguild.com/en/product/382873/uncaged-goddesses). Photo Credits Header (https://unsplash.com/photos/gray-and-white-spoon-and-fork-lot-closeup-photo-vZZfVCUOKfw)

In this episode, Jeffrey continues series on the CMDB, discussing servicesEach week, Jeffrey will be sharing his knowledge on Service Delivery (Mondays) and Service Management (Thursdays). Jeffrey is the founder of Service Management Leadership, an IT consulting firm specializing in Service Management, Asset Management, CIO Advisory, and Business Continuity services.  The firm's website is www.servicemanagement.us.  Jeffrey has been in the industry for 30 years and brings a practical perspective to the discussions. He is an accomplished author with seven acclaimed books in the subject area and a popular YouTube channel with approximately 1,500 videos on various topics.  Also, please follow the Service Management Leadership LinkedIn page.

In this episode, Jeffrey continues his series on the CMDB, discussing ongoing governanceEach week, Jeffrey will be sharing his knowledge on Service Delivery (Mondays) and Service Management (Thursdays). Jeffrey is the founder of Service Management Leadership, an IT consulting firm specializing in Service Management, Asset Management, CIO Advisory, and Business Continuity services.  The firm's website is www.servicemanagement.us.  Jeffrey has been in the industry for 30 years and brings a practical perspective to the discussions. He is an accomplished author with seven acclaimed books in the subject area and a popular YouTube channel with approximately 1,500 videos on various topics.  Also, please follow the Service Management Leadership LinkedIn page.

Send us a textA single Windows shortcut can open the door to espionage—and that's exactly where we begin. We break down a fresh LNK exploit campaign to show how hidden command execution and DLL sideloading slip past busy teams, then pivot into the core defense most organizations underuse: disciplined configuration management. From baselines and version control to change boards and rapid rollback, we map the habits and tools that turn chaos into control.We walk through building secure, realistic baselines with CIS Benchmarks and NIST 800‑128, and why “simple and enforceable” beats “perfect and ignored.” You'll hear how least privilege for change stops shadow tweaks, how EDR and application firewalls catch command and control, and how automation with Ansible, SCCM, and Terraform keeps fleets consistent. We spotlight the CMDB as a living source of truth—only valuable if you maintain ownership, automate updates, and report on drift so leadership and risk teams can act.Change governance becomes your stabilizer. A change control board aligns IT, security, operations, risk, and compliance before big moves, while an emergency change advisory board authorizes fast action for zero‑days and incidents with a strict post‑implementation review. We break down the full change lifecycle—request, impact analysis, staging, implementation, verification, CMDB updates—and the common pitfalls to avoid, including undocumented changes, brittle rollbacks, and ignoring post‑change scan results. Expect practical guidance on when to auto‑patch Windows, how to iterate quarterly without overengineering, and what metrics prove progress.If you're aiming to master CISSP Domain 7 or just want fewer outages and faster recovery, this conversation gives you a clear blueprint to reduce attack surface and increase stability. If it helps, share it with a teammate, subscribe for more deep dives, and leave a quick review so we can keep improving for you.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

In this episode, Jeffrey continues his series on the CMDB, gaining stakeholder adoptionEach week, Jeffrey will be sharing his knowledge on Service Delivery (Mondays) and Service Management (Thursdays). Jeffrey is the founder of Service Management Leadership, an IT consulting firm specializing in Service Management, Asset Management, CIO Advisory, and Business Continuity services.  The firm's website is www.servicemanagement.us.  Jeffrey has been in the industry for 30 years and brings a practical perspective to the discussions. He is an accomplished author with seven acclaimed books in the subject area and a popular YouTube channel with approximately 1,500 videos on various topics.  Also, please follow the Service Management Leadership LinkedIn page.

In this episode, Jeffrey continues his series on the CMDB, discussing scope and governanceEach week, Jeffrey will be sharing his knowledge on Service Delivery (Mondays) and Service Management (Thursdays). Jeffrey is the founder of Service Management Leadership, an IT consulting firm specializing in Service Management, Asset Management, CIO Advisory, and Business Continuity services.  The firm's website is www.servicemanagement.us.  Jeffrey has been in the industry for 30 years and brings a practical perspective to the discussions. He is an accomplished author with seven acclaimed books in the subject area and a popular YouTube channel with approximately 1,500 videos on various topics.  Also, please follow the Service Management Leadership LinkedIn page.

In this episode, Jeffrey begins a series on the CMDB, emphasizing the relationships between Change and Config (CMDB)Each week, Jeffrey will be sharing his knowledge on Service Delivery (Mondays) and Service Management (Thursdays). Jeffrey is the founder of Service Management Leadership, an IT consulting firm specializing in Service Management, Asset Management, CIO Advisory, and Business Continuity services.  The firm's website is www.servicemanagement.us.  Jeffrey has been in the industry for 30 years and brings a practical perspective to the discussions. He is an accomplished author with seven acclaimed books in the subject area and a popular YouTube channel with approximately 1,500 videos on various topics.  Also, please follow the Service Management Leadership LinkedIn page.

Dave Herrald, Global Head of Cybersecurity GTM at Databricks, tells Jack about transforming security operations through modern data lake architectures and strategic AI implementation. He discusses the practical benefits of separating storage from compute, giving security teams direct control over data retention while maintaining operational flexibility. The conversation explores how organizations can move beyond traditional SIEM limitations by leveraging cost-effective data lake storage with advanced analytics capabilities. They touch on AI agents in security, where Dave advocates for focused agents over broad analyst replacement approaches. He also addresses common concerns about hallucinations, framing them as engineering challenges rather than insurmountable obstacles, and shares real-world examples of successful agent implementations. Topics discussed: Moving from traditional SIEM architectures to modern data lake approaches for cost-effective security analytics and data control. Implementing focused AI agents for specific security tasks like context gathering rather than attempting broad analyst replacement. Leveraging graph analytics for security operations including CMDB visualization, breach scoping, and vulnerability prioritization across enterprise environments. Addressing AI hallucinations through prompt engineering and proper context management rather than avoiding AI implementation entirely. Building detection capabilities using SQL and Python for analytics that provide supersets of traditional SIEM query languages. Creating normalization frameworks using standards like OCSF to enable consistent data analytics across diverse security data sources. Developing career resilience in security through mission-focused thinking, continuous AI learning, and building practical skills. Comparing modern AI agents to traditional SOAR platforms for automation effectiveness and maintenance requirements. Establishing data governance and access controls in security data lakes while maintaining operational flexibility and cost effectiveness. Listen to more episodes:  Apple  Spotify  YouTube Website

In this episode, Jeffrey discusses the unspoken ways to improve your CMDB.Each week, Jeffrey will be sharing his knowledge on Service Delivery (Mondays) and Service Management (Thursdays).Jeffrey is the founder of Service Management Leadership, an IT consulting firm specializing in Service Management, Asset Management, CIO Advisory, and Business Continuity services.  The firm's website is www.servicemanagement.us.  Jeffrey has been in the industry for 30 years and brings a practical perspective to the discussions. He is an accomplished author with seven acclaimed books in the subject area and a popular YouTube channel with approximately 1,500 videos on various topics.  Also, please follow the Service Management Leadership LinkedIn page.

Join Brett Karl, Vice President of Solutions & Alliances, and Jake Hershkowitz, Regional Sales Executive, as they discuss GlideFast's expertise in providing innovative solutions to the energy sector. Dive into how GlideFast partners with businesses in industries like utilities, construction, healthcare, and more to optimize their IT operations, CMDB, ITOM, and security solutions, all using ServiceNow. Hear insights into the latest trends impacting energy companies and how GlideFast supports digital transformation efforts with tailored, efficient, and secure solutions.

In this episode, Monica Hidalgo, Founding Partner of Volteo Digital, shares her insights on empowering businesses through digital transformation and the strategic partnership with ServiceNow. With over a decade of experience, Monica has played a pivotal role in establishing Volteo’s Global Delivery Center in Mexico, which evolved into a Center of Excellence, driving innovation and operational excellence across industries. Beyond her professional achievements, Monica is the founder of Women Who Transform, an initiative aimed at uplifting women in technology through mentorship, workshops, and networking. The Customer Connection Podcast helps you explore the implementation and adoption of the ServiceNow platform. This show is led by Customer Experience Expert and Director of Customer Creator and Workflows-Leading Practices, Jerry Campbell, and Portfolio Manager Shanna Grier. Key highlights of the episode: 3:40 - Monica shares her childhood passion for traveling and how it shaped her curiosity about different cultures and human connections. 9:50 - Insights into Volteo’s NextGen Program, which trains individuals with no prior ServiceNow experience to address the talent scarcity in the ecosystem. 11:11 - How ServiceNow’s Impact Accelerators helped improve a customer’s CMDB health and guided another customer through a smooth platform upgrade. 13:31 - Monica discusses the rising importance of AI in digital transformation and how Volteo is leveraging it to automate processes and drive productivity. 15:30 - The Volteo-ServiceNow partnership: how it combines vertical expertise and platform innovations to deliver value and optimize customer outcomes. To learn more about the implementation and adoption of the ServiceNow Platform, subscribe to the Customer Connection Podcast on Apple Podcasts or wherever you listen to podcasts. For feedback, please send an email to customerconnection@servicenow.com See omnystudio.com/listener for privacy information.

In this episode, Monica Hidalgo, Founding Partner of Volteo Digital, shares her insights on empowering businesses through digital transformation and the strategic partnership with ServiceNow. With over a decade of experience, Monica has played a pivotal role in establishing Volteo’s Global Delivery Center in Mexico, which evolved into a Center of Excellence, driving innovation and operational excellence across industries. Beyond her professional achievements, Monica is the founder of Women Who Transform, an initiative aimed at uplifting women in technology through mentorship, workshops, and networking. The Customer Connection Podcast helps you explore the implementation and adoption of the ServiceNow platform. This show is led by Customer Experience Expert and Director of Customer Creator and Workflows-Leading Practices, Jerry Campbell, and Portfolio Manager Shanna Grier. Key highlights of the episode: 3:40 - Monica shares her childhood passion for traveling and how it shaped her curiosity about different cultures and human connections. 9:50 - Insights into Volteo’s NextGen Program, which trains individuals with no prior ServiceNow experience to address the talent scarcity in the ecosystem. 11:11 - How ServiceNow’s Impact Accelerators helped improve a customer’s CMDB health and guided another customer through a smooth platform upgrade. 13:31 - Monica discusses the rising importance of AI in digital transformation and how Volteo is leveraging it to automate processes and drive productivity. 15:30 - The Volteo-ServiceNow partnership: how it combines vertical expertise and platform innovations to deliver value and optimize customer outcomes. To learn more about the implementation and adoption of the ServiceNow Platform, subscribe to the Customer Connection Podcast on Apple Podcasts or wherever you listen to podcasts. For feedback, please send an email to customerconnection@servicenow.com See omnystudio.com/listener for privacy information.

The top priority on the CIS Critical Security Controls list has never changed: inventory and control of enterprise assets. Yet it remains one of the most challenging controls to implement, much less master. The refrain, "you can't secure what you don't know about" is as old as information security itself. Complicating this task is the fact that improving asset management isn't an aspiration unique to the security team. IT, finance, facilities, and other groups within large enterprises are concerned with this as well. This often leads to challenges: should all these groups attempt to standardize on one common asset database or CMDB? Or should security go their own way, and purchase their own asset management tool? Answering these questions would be a lot easier if we had someone with an IT asset management (ITAM) perspective, and fortunately, we do! Jeremy Boerger of Boerger Consulting joins us to help us understand the IT perspective, so we can understand if there are opportunities for security and IT to help each other out, or at least find some common ground! Boerger Consulting Resources: Email newsletter LinkedIn newsletter Book page Amazon book page I often say that it isn't the concepts or ideas in cybersecurity that are bad, but the implementations of them. Sometimes the market timing is just wrong and the industry isn't ready for a particular technology (e.g. enterprise browsers). Other times, the technology just isn't ready yet (e.g. SIEMs needed better database technology and faster storage). Since the ideas are solid, we see these concepts return after a few years. Application allowlisting is one of these product categories. Threatlocker has been around since 2017 and is now a late stage startup that has achieved market fit. We chat with the company's CEO and founder, Danny Jenkins to find out how they learned from the mistakes made before them, and differentiate from the technology some of us remember from the late 2000s and early 2010s. Segment Resources: ThreatLocker Solutions This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In this interview, Maor Bin, CEO and Co-Founder of Adaptive Shield, discusses the evolving landscape of SaaS Security. He highlights the challenges posed by the security gap resulting from the rapid adoption of SaaS applications and why SaaS security is beyond just misconfiguration management. Segment Resources: https://www.adaptive-shield.com/landing-page/the-annual-saas-security-survey-report-2025-ciso-plans-and-priorities/ This segment is sponsored by Adaptive Shield. Visit https://securityweekly.com/adaptiveshieldbh to download the Annual SaaS Security Survey Report! Cybersecurity professionals are often confronted with ethical dilemmas that need to be carefully navigated. In 25 years of teaching incident handling and penetration testing, Ed has often been asked by his students for help in ethical decision-making. Ed will share some of their questions and his recommended approaches for addressing them. Ed also has a new book out, The Code of Honor, about cybersecurity ethics. All proceeds go to scholarships for college students. Segment Resources: 1) Ed's book, published June 18, 2024: https://www.amazon.com/Code-Honor-Embracing-Ethics-Cybersecurity/dp/1394275862/ref=sr11?crid=1DSHPCXDIQ1VT&dib=eyJ2IjoiMSJ9.rmZX2-3mj1nI74iKkjbKkQSNKCuRjjn-QQ8qrzVy21tMRAXuKu5Qr5rPgtszkVd7zJMV7oVTuImUZIxMQfecnaRlNRfAVI5G7azyWi8lY.WHOujvlsQXPTJaHuEafwRC2WVKZe474eVXHn46kLiEY&dib_tag=se&keywords=skoudis&qid=1722767581&sprefix=skoudis%2Caps%2C90&sr=8-1 2) Holiday Hack Challenge - sans.org/holidayhack Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-374

The top priority on the CIS Critical Security Controls list has never changed: inventory and control of enterprise assets. Yet it remains one of the most challenging controls to implement, much less master. The refrain, "you can't secure what you don't know about" is as old as information security itself. Complicating this task is the fact that improving asset management isn't an aspiration unique to the security team. IT, finance, facilities, and other groups within large enterprises are concerned with this as well. This often leads to challenges: should all these groups attempt to standardize on one common asset database or CMDB? Or should security go their own way, and purchase their own asset management tool? Answering these questions would be a lot easier if we had someone with an IT asset management (ITAM) perspective, and fortunately, we do! Jeremy Boerger of Boerger Consulting joins us to help us understand the IT perspective, so we can understand if there are opportunities for security and IT to help each other out, or at least find some common ground! Boerger Consulting Resources: Email newsletter LinkedIn newsletter Book page Amazon book page I often say that it isn't the concepts or ideas in cybersecurity that are bad, but the implementations of them. Sometimes the market timing is just wrong and the industry isn't ready for a particular technology (e.g. enterprise browsers). Other times, the technology just isn't ready yet (e.g. SIEMs needed better database technology and faster storage). Since the ideas are solid, we see these concepts return after a few years. Application allowlisting is one of these product categories. Threatlocker has been around since 2017 and is now a late stage startup that has achieved market fit. We chat with the company's CEO and founder, Danny Jenkins to find out how they learned from the mistakes made before them, and differentiate from the technology some of us remember from the late 2000s and early 2010s. Segment Resources: ThreatLocker Solutions This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In this interview, Maor Bin, CEO and Co-Founder of Adaptive Shield, discusses the evolving landscape of SaaS Security. He highlights the challenges posed by the security gap resulting from the rapid adoption of SaaS applications and why SaaS security is beyond just misconfiguration management. Segment Resources: https://www.adaptive-shield.com/landing-page/the-annual-saas-security-survey-report-2025-ciso-plans-and-priorities/ This segment is sponsored by Adaptive Shield. Visit https://securityweekly.com/adaptiveshieldbh to download the Annual SaaS Security Survey Report! Cybersecurity professionals are often confronted with ethical dilemmas that need to be carefully navigated. In 25 years of teaching incident handling and penetration testing, Ed has often been asked by his students for help in ethical decision-making. Ed will share some of their questions and his recommended approaches for addressing them. Ed also has a new book out, The Code of Honor, about cybersecurity ethics. All proceeds go to scholarships for college students. Segment Resources: 1) Ed's book, published June 18, 2024: https://www.amazon.com/Code-Honor-Embracing-Ethics-Cybersecurity/dp/1394275862/ref=sr11?crid=1DSHPCXDIQ1VT&dib=eyJ2IjoiMSJ9.rmZX2-3mj1nI74iKkjbKkQSNKCuRjjn-QQ8qrzVy21tMRAXuKu5Qr5rPgtszkVd7zJMV7oVTuImUZIxMQfecnaRlNRfAVI5G7azyWi8lY.WHOujvlsQXPTJaHuEafwRC2WVKZe474eVXHn46kLiEY&dib_tag=se&keywords=skoudis&qid=1722767581&sprefix=skoudis%2Caps%2C90&sr=8-1 2) Holiday Hack Challenge - sans.org/holidayhack Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-374

The top priority on the CIS Critical Security Controls list has never changed: inventory and control of enterprise assets. Yet it remains one of the most challenging controls to implement, much less master. The refrain, "you can't secure what you don't know about" is as old as information security itself. Complicating this task is the fact that improving asset management isn't an aspiration unique to the security team. IT, finance, facilities, and other groups within large enterprises are concerned with this as well. This often leads to challenges: should all these groups attempt to standardize on one common asset database or CMDB? Or should security go their own way, and purchase their own asset management tool? Answering these questions would be a lot easier if we had someone with an IT asset management (ITAM) perspective, and fortunately, we do! Jeremy Boerger of Boerger Consulting joins us to help us understand the IT perspective, so we can understand if there are opportunities for security and IT to help each other out, or at least find some common ground! Boerger Consulting Resources: Email newsletter LinkedIn newsletter Book page Amazon book page Show Notes: https://securityweekly.com/esw-374

The top priority on the CIS Critical Security Controls list has never changed: inventory and control of enterprise assets. Yet it remains one of the most challenging controls to implement, much less master. The refrain, "you can't secure what you don't know about" is as old as information security itself. Complicating this task is the fact that improving asset management isn't an aspiration unique to the security team. IT, finance, facilities, and other groups within large enterprises are concerned with this as well. This often leads to challenges: should all these groups attempt to standardize on one common asset database or CMDB? Or should security go their own way, and purchase their own asset management tool? Answering these questions would be a lot easier if we had someone with an IT asset management (ITAM) perspective, and fortunately, we do! Jeremy Boerger of Boerger Consulting joins us to help us understand the IT perspective, so we can understand if there are opportunities for security and IT to help each other out, or at least find some common ground! Boerger Consulting Resources: Email newsletter LinkedIn newsletter Book page Amazon book page Show Notes: https://securityweekly.com/esw-374

Mark Bodman, ServiceNow's Sr. Product Manager for CSDM & CMDB joins us to demystify the CSDM.Mentioned in this episode- The Invisibility Problem- ServiceNow Community Youtube CSDM ContentThanks to our sponsors, - Clear Skye the optimized identity governance & security solution built natively on ServiceNow.- Magic Mind the world's first mental performance shot.  Get you up to 48% off your 1st subscription or 20% off one time purchases with code CJANDTHEDUKE20 at checkout.  Claim it at: https://www.magicmind.com/cjandthedukeABOUT USCory and Robert are vendor agnostic freelance ServiceNow architects.Cory is the founder of TekVoyant.Robert is the founder of The Duke Digital MediaSponsor Us!

CMA & magician Chris Schuh joins us to discuss ServiceNow event management, ITOM, CMDB.  We go deep on why its so difficult to get right, and how to cope.Thanks to our sponsors, Clear Skye the optimized identity governance & security solution built natively on ServiceNow.Magic Mind the world's first mental performance shot.  Get you up to 48% off your 1st subscription or 20% off one time purchases with code CJANDTHEDUKE20 at checkout.  Claim it at: https://www.magicmind.com/cjandthedukeABOUT USCory and Robert are vendor agnostic freelance ServiceNow architects.Cory is the founder of TekVoyant.Robert is the founder of The Duke Digital MediaSponsor Us!

A brief discussion about the CMDB Each week, Jeffrey will be sharing his knowledge on Service Management (Mondays) and Asset Management (Thursdays). Jeffrey is the founder of Service Management Leadership, an IT consulting firm specializing in Service Management, Asset Management, CIO Advisory, and Business Continuity services.  The firm's website is www.servicemanagement.us.   Jeffrey has been in the industry for 30 years and brings a practical perspective to the discussions. He is an accomplished author with seven acclaimed books in the subject area and a popular YouTube channel with approximately 1,400 videos on various topics.  Also, please follow the Service Management Leadership LinkedIn page.

Today's guest is Sven Richter, Senior Consultant ServiceNow, Product Line Lead SecOps & IRM at agineo GmbH in Germany. Specializing in Enterprise Service Management (ESM) solutions, agineo collaborates with clients on innovative projects aimed at enhancing the company's success. With over 30 years of experience, agineo has been digitally transforming and optimizing clients' business processes to be agile and forward-thinking. As a distinguished ServiceNow partner, agineo relies on established platforms like ServiceNow cloud technology to streamline processes and simplify intricate workflows for their service projects. This approach ensures the swift and efficient success of projects. It is through this proven methodology that agineo has solidified its position as the largest ServiceNow Elite Partner in the German-speaking region. In this episode, Sven discusses: An overview of his six years working with ServiceNow, His role as Product line lead for security operations and IRM, Why cybersecurity is important for business, Offering an integrated system with CMDB & third-party tools, Examples of the impact their SecOps offerings bring to customers, His key advice for your ServiceNow career

Today's guest is Gordon Hazzard, GRC Practice Lead at Wholepoint Systems. Founded in 2014, Wholepoint Systems, a ServiceNow premier partner, is new type of value added reseller to the tech industry.  They are passionate about assisting customers in identifying the best new technologies for their environments and sticking with their customers throughout the entire life cycle of their investments.  ​This means not just selling customers technology, but providing long term solutions to assist their customers in staying ahead of the rapidly changing tech landscape. Gordon brings nearly a decade of extensive experience in the consulting and implementation space, specializing in Governance, Risk and Compliance (GRC) solutions. With a track record of delivering tailored GRC solutions that not only meet but exceed client expectations, Gordon is forming an elite ServiceNow implementation team built on the dual pillars of domain expertise and technical mastery. It is their goal is to empower clients with scalable, sustainable and intuitive solutions that optimize business processes, increase transparency and reduce costs. In this episode, Gordon talks about: His journey from GRC consulting to ServiceNow Practice Lead, Wholepoint Systems' diverse ServiceNow solutions, Guiding federal agencies in ServiceNow CAM, GRC and support, How ServiceNow centralizes processes, integrates CMDB & automates for efficiency, Investing in AI to enhance GRC automation for efficiency, Hiring and growing exciting talent, and the company culture, Being a premier ServiceNow partner with holistic, client-centric solutions

A brief discussion about the CBDB Each week, Jeffrey will either be sharing his knowledge or interviewing guests from the technology, Service Management, or Business Continuity leadership communities.  Stay tuned as tomorrow's show is one you will not want to miss. Jeffrey is the founder of Service Management Leadership, an IT consulting firm specializing in Service Management, CIO Advisory, and Business Continuity services.  The firm's website is www.servicemanagement.us.  Jeffrey is an accomplished author with seven acclaimed books in the subject area and a popular YouTube channel with approximately 1,400 videos on various topics.  Also, please follow the Service Management Leadership LinkedIn page. Branding by Balaji - Follow him at @bwithbranding on Instagram #ITSM #ITIL #AssetManagement #ServiceManagement #IT #BusinessContinuity #Transformation

Building upon his years of experience with Configuration Management, Allen Dixon gets practical and dives deep into how to build a successful CMDB. He provides insights on what to prioritize through the building process, shining a light on the importance of clean and valuable data, communication with customers, the difference between a CMDB and an inventory, and the significance it has for Change Management. He finally puts together opportunities and gaps for future improvements to look out for. Allen Dixon is an ITIL-trained professional with over two decades of IT experience across industries such as healthcare and automotive. For the past nine years, he has been dedicated to IT Service Management and ITIL process implementation. He is a valued contributor to the book "VeriSM: Unwrapped and Applied" and has recently been named as DB Shanker's, Head of Regional Service and Operations Management for the Americans.

Luigi Ferri takes the mic to talk CMDB in his second episode for the Service Management Leadership Podcast. Here is Luigi's LinkedIn profile: https://it.linkedin.com/in/ukbestpractices Each week, Jeffrey will either be sharing his knowledge or interviewing guests from the technology, Service Management, or Business Continuity leadership communities.  Stay tuned as tomorrow's show is one you will not want to miss. Jeffrey is the founder of Service Management Leadership, an IT consulting firm specializing in Service Management, CIO Advisory, and Business Continuity services.  The firm's website is www.servicemanagement.us.  Jeffrey is an accomplished author with seven acclaimed books in the subject area and a popular YouTube channel with approximately 1,400 videos on various topics.  Also, please follow the Service Management Leadership LinkedIn page. Branding by Balaji - Follow him at @bwithbranding on Instagram #ITSM #ITIL #AssetManagement #ServiceManagement #IT #BusinessContinuity #Transformation

Tier44 EM/8® provides maps, floor plans, rack views, real-time access to IT and Facilities metrics, with full historic analysis. Built directly on the ServiceNow platform, EM/8 uses the CMDB details, configuration information, images and relationships to render rack content, either individually, with or without monitoring details or as a complete row of racks. There is no second CMDB, no synchronization and no ambiguity on the location of the content. In this episode of Solution Spotlight, hosted by Instor CEO Jack Vonich, we're joined by Clemens Pfeiffer, CEO of Tier44, to learn more about their powerful software.

Jason Edelman (@jedelman8, Founder/CTO @networktocode) talks about the challenges of managing complex networks in a world of DevOps and automation.SHOW: 717CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwNEW TO CLOUD? CHECK OUT - "CLOUDCAST BASICS"SHOW SPONSORS:Datadog Monitoring: Modern Monitoring and AnalyticsStart monitoring your infrastructure, applications, logs and security in one place with a free 14 day Datadog trial. Listeners of The Cloudcast will also receive a free Datadog T-shirt.CloudZero – Cloud Cost Visibility and Savings​​CloudZero provides immediate and ongoing savings with 100% visibility into your total cloud spendSHOW NOTES:Network to Code (homepage)Nautobot (homepage)The Cloudcast Eps.114 - Evolving to SDN DevOpsThe Cloudcast Eps.150 - Evolving from Plumbers to CodersTopic 1 - Welcome back to the show Jason. Tell us a little bit about your journey with Network to Code, and your focus these days.Topic 2 - Let's talk about network automation and how it's evolved over the years. Give a sense of the scope of complexity that companies are facing these days. Topic 3 - How has the concept of a CMDB for the network, or Network Source of Truth emerged to provide a more centralized view of all aspects of the network? Topic 4 - How does the Nautobot framework work? What type of team or skill sets typically build and maintain it? Topic 5 - What are some of the typical problems that Nautobot is able to solve for companies? Topic 6 - How does Network to Code engage with companies to get their Nautobot environments running? FEEDBACK?Email: show at the cloudcast dot netTwitter: @thecloudcastnet

Author of The Service Desk Handbook, Sanjay Nair talks to us about his book, where he compiled and organized the main elements of a well functioning Service Management tool. He points out the importance of having a good team, with the right people, and building a strong foundation for your help desk from the start. Then, he refers to his current work and emphasizes on the value of certifications, an accurate CMDB, and the challenges of implementing new work processes. Sanjay Nair is an ITIL and COBIT certified Service Management professional with over 26 years of experience in the field. He's also the author of The Service Desk Handbook. Currently, he is the Manager of IT Operations at Knet. Sanjay has also previously served as Help Desk Manager at Automated System Company and he ran the Network Operations Center and Service Desk at the National Bank of Kuwait.

Mayuresh Ektare, an expert in risk management and SVP of Product Management at Brinqa, joins Sean Martin for a quick dive into the world of centralizing risk management frameworks. Ektare explains that the magic sauce isn't just bringing the data together, but stitching it together to create a unified understanding of an organization's attack surface. By overlaying business context, customers can prioritize and act upon the right set of findings in a timely fashion. Martin and Ektare discuss the challenges faced by customers in finding a centralized repository for business context, with many relying on tribal knowledge or CMDB records.Ektare introduces the concept of a Risk Operations Center (ROC), which allows organizations to orchestrate the risk lifecycle and proactively reduce exposure. Comparing it to a Security Operations Center (SOC), he highlights the importance of extending vulnerability management programs to encompass cloud infrastructure and application security posture management. The conversation also touches on the challenges of managing false positives and distilling a vast amount of findings into actionable items. By overlaying business context and understanding the impact of vulnerabilities on their organization, customers can fine-tune security scores, prioritize effectively, and respond accordingly.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuest:Mayuresh Ektare, SVP of Product Management at Brinqa [@brinqa]On Linkedin | https://www.linkedin.com/in/mektare/ResourcesLearn more about Brinqa and their offering: https://itspm.ag/brinqa-pmdpFor more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

In this episode I get to talk with Daniel Post about data classification and data governance. Dan is a Senior Sales Engineer for Varonis. He has been in the industry for a while and has knowledge that we break down into 'bite sized' chunks to make it easier for your staff to consume.Talking Points:Where does a company first start their Data Classification and Governance journey?What are some of the challenges that a company can expect when it comes to data classification?What are you seeing in the field right now that makes it hard for companies in their data governance program?Now that data lives in the 'Hybrid' world, how does data governance work when you have data on network drives like Isilon and cloud drives like Microsoft or Box?Does it integrate with a CMDB/ticketing system like Service Now or Service Desk, so your GRC team can take 'action' on it?Podcast Sponsor: The sponsor for this episode is Varonis. Varonis is a cybersecurity solutions company that is very mature in the Data Classification and Governance space. They are based out of good ole' New York City! Proceeds from this sponsorship will be going to the Autism Support of Kent County Michigan. Pam and her team help parents with finding support idea/solutions for their children with Autism. More information here - https://www.autismsupportofkentcounty.org/

Today's guest is Pedro Soto, ServiceNow CMDB/ITOM & Performance Analytics Consulting Practice Lead, Country Manager US at The Cloud People. Founded in 2019, The Cloud People help and guide organizations to transform their business to the cloud, to gain and utilize the competitive advantages from the best cloud platform solutions on the market including ServiceNow. By utilizing their Smart Resourcing concept, customers get top quality resources for a reasonable price in a simplified and transparent way. Pedro is a 20+ year-veteran leading teams of high-achievers in consulting, sales, project management and customer success helping companies leverage technology investments to reduce costs and improve customer experience. Currently, he leads the Americas team who are dedicated to helping technology leaders using ServiceNow to accelerate their digitization strategies by enabling their CMDB to support the adoption of the CSDM framework. In the episode, Pedro will discuss: The interesting work he does with The Cloud People, Macro-trends driving Digital Transformation in the sector, Why ServiceNow is the platform of choice, Examples of how they are using ServiceNow to benefit customers, Advice to CIO's embarking on a Digital Transformation journey and What excites him for the future of the ServiceNow platform

A brief discussion about CMDB Scope Each week, Jeffrey will be interviewing guests from the technology, Service Management, or Business Continuity leadership communities. Stay tuned as next week's show is one you will not want to miss. Jeffrey is the founder of Service Management Leadership, an IT consulting firm specializing in Service Management, CIO Advisory, and Business Continuity services. The firm's website is www.servicemanagement.us. Jeffrey is an accomplished author with seven acclaimed books in the subject area and a popular YouTube channel with approximately 1,400 videos on various topics. Also, please follow the Service Management Leadership LinkedIn page.

A brief discussion about the Forrester research on the CMDB Each week, Jeffrey will be interviewing guests from the technology, Service Management, or Business Continuity leadership communities. Stay tuned as next week's show is one you will not want to miss. Jeffrey is the founder of Service Management Leadership, an IT consulting firm specializing in Service Management, CIO Advisory, and Business Continuity services. The firm's website is www.servicemanagement.us. Jeffrey is an accomplished author with seven acclaimed books in the subject area and a popular YouTube channel with approximately 1,400 videos on various topics. Also, please follow the Service Management Leadership LinkedIn page.

A brief discussion about scope Each week, Jeffrey will be interviewing guests from the technology, Service Management, or Business Continuity leadership communities. Stay tuned as next week's show is one you will not want to miss. Jeffrey is the founder of Service Management Leadership, an IT consulting firm specializing in Service Management, CIO Advisory, and Business Continuity services. The firm's website is www.servicemanagement.us. Jeffrey is an accomplished author with seven acclaimed books in the subject area and a popular YouTube channel with approximately 1,400 videos on various topics. Also, please follow the Service Management Leadership LinkedIn page.

Today's guest is Richard Groff, Senior ServiceNow Program Manager at Latham & Watkins in Berlin, Germany. Latham & Watkins is a global law firm who has internationally recognized practices in a wide spectrum of transactional, litigation, corporate and regulatory areas. Their success is grounded in their devotion to the collaborative process, which reaches across global offices & practices and draws upon their deep subject matter expertise, an abiding commitment to teamwork and a powerful tradition of creative lawyering. Richard is an experienced Program Manager with a demonstrated history of working in the law practice, investment banking and entertainment industries. He is skilled in Operations Management, Personnel Management and Team Building, System Deployment, Agile Project Management and Transformational Change Management. Richard is also a strong program and project management professional with a Bachelor of Arts focused in History from New York University. In the episode, Richard will discuss: How key drivers relate to business outcomes and drive strategy at L&W, The reality of implementing ServiceNow in your business, Challenges to be aware of when putting your strategy into practice, The importance of team building & talent development, Finding talent in a competitive ServiceNow market, How to effectively manage your service models and CMDB, and The future of AI in ServiceNow

Each Wednesday, Jeffrey will be discussing topics in the technology, Service Management, or Business Continuity areas. Stay tuned as next week's show is one you will not want to miss. Jeffrey is the founder of Service Management Leadership, an IT consulting firm specializing in Service Management, CIO Advisory, and Business Continuity services. The firm's website is www.servicemanagement.us. Jeffrey is an accomplished author with seven acclaimed books in the subject area and a popular YouTube channel with approximately 1,400 videos on various topics. Also, please follow the Service Management Leadership LinkedIn page. Branding by Balaji - Follow him at @bwithbranding on Instagram

Each Wednesday, Jeffrey will be discussing topics in the technology, Service Management, or Business Continuity areas. Stay tuned as next week's show is one you will not want to miss. Jeffrey is the founder of Service Management Leadership, an IT consulting firm specializing in Service Management, CIO Advisory, and Business Continuity services. The firm's website is www.servicemanagement.us. Jeffrey is an accomplished author with seven acclaimed books in the subject area and a popular YouTube channel with approximately 1,400 videos on various topics. Also, please follow the Service Management Leadership LinkedIn page. Branding by Balaji - Follow him at @bwithbranding on Instagram

Someone that knew Bill Gates when he was a boy in on the podcast this week, although we only talk about Bill Gates for a moment. He has 30+ years in backup experience and tells us what it's been like to adapt to all of the backup changes over the years. His first backup was to punch cards and punch tape, and he was in the same Boy Scout troop as Bill Gates. Fans of the podcast know his name already, as it comes up randomly on the show as a friend of Curtis. But this is the first time Stuart Liddle has graced us with his presence. Like Mr. Backup, his career starts with a data loss story that actually involved people having to re-enter data. We discuss a lot of configuring and running backups, including deciding on retention periods, treating all backups the same (or not), virtual tape libraries and other dedupe systems, and how important a change management data database (CMDB) is. We also talk about the danger of becoming entrenched in a specialty like backup, knowing only one specialty or product. We talk about how it's not good for you or your company. Finally we talk about the different way people are using the cloud today for IT and backup, and how that affects cost. Curtis and Prasanna use a great analogy that helps it make sense. This week's episode is fully of useful information. Mentioned in this episode: Free eBook version of O'Reilly's Modern Data Protection For a limited time, you can get a free ebook copy of my latest O'Reilly book, Modern Data Protection. Just go to druva.com/podcast and download it!