What asset management (ITAM) looks like outside cybersecurity – Jeremy Boerger – ESW #374
The top priority on the CIS Critical Security Controls list has never changed: inventory and control of enterprise assets. Yet it remains one of the most challenging controls to implement, much less master. The refrain, "you can't secure what you don't know about" is as old as information security itself.
Complicating this task is the fact that improving asset management isn't an aspiration unique to the security team. IT, finance, facilities, and other groups within large enterprises are concerned with this as well. This often leads to challenges: should all these groups attempt to standardize on one common asset database or CMDB? Or should security go their own way, and purchase their own asset management tool?
Answering these questions would be a lot easier if we had someone with an IT asset management (ITAM) perspective, and fortunately, we do! Jeremy Boerger of Boerger Consulting joins us to help us understand the IT perspective, so we can understand if there are opportunities for security and IT to help each other out, or at least find some common ground!
Boerger Consulting Resources:
Jeremy Boerger has been leading and managing information technology asset management (ITAM) teams for over twenty years in sectors as varied as healthcare, manufacturing, and finance. In 2017, he founded Boerger Consulting, LLC to reach more medium and large organizations to maximize their IT total cost optimization (TCO) efforts across their hardware and software expenditures. In 2021, he published Rethinking Information Technology Asset Management (Business Expert Press) to guide and coach more individuals on the finer points of hardware and software asset management (SAM). He currently tours the North America, speaking to like-minded IT Directors, CIOs, CFOs, and CEOs to encourage faster adoption of “the best of the best” practices in the industry: the Pragmatic ITAM Method.
Interview with ThreatLocker: Is Application Allowlisting Making a Comeback? – Danny Jenkins – ESW #374
I often say that it isn't the concepts or ideas in cybersecurity that are bad, but the implementations of them. Sometimes the market timing is just wrong and the industry isn't ready for a particular technology (e.g. enterprise browsers). Other times, the technology just isn't ready yet (e.g. SIEMs needed better database technology and faster storage). Since the ideas are solid, we see these concepts return after a few years.
Application allowlisting is one of these product categories. Threatlocker has been around since 2017 and is now a late stage startup that has achieved market fit. We chat with the company's CEO and founder, Danny Jenkins to find out how they learned from the mistakes made before them, and differentiate from the technology some of us remember from the late 2000s and early 2010s.
Segment Resources:
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!
Danny Jenkins, CEO & Co-Founder of ThreatLocker, a cybersecurity firm providing Zero Trust endpoint security, is a leading cybersecurity expert with over two decades of experience building and securing corporate networks, including roles on red and blue teams. He is dedicated to educating industry professionals about the latest cyber threats and frequently speaks on the topics of ransomware and Zero Trust.
SaaS Security Beyond Just Misconfiguration & Expert Insights on Cybersecurity Ethics – Ed Skoudis, Maor Bin – ESW #374
In this interview, Maor Bin, CEO and Co-Founder of Adaptive Shield, discusses the evolving landscape of SaaS Security. He highlights the challenges posed by the security gap resulting from the rapid adoption of SaaS applications and why SaaS security is beyond just misconfiguration management.
Segment Resources: https://www.adaptive-shield.com/landing-page/the-annual-saas-security-survey-report-2025-ciso-plans-and-priorities/
This segment is sponsored by Adaptive Shield. Visit https://securityweekly.com/adaptiveshieldbh to download the Annual SaaS Security Survey Report!
Cybersecurity professionals are often confronted with ethical dilemmas that need to be carefully navigated. In 25 years of teaching incident handling and penetration testing, Ed has often been asked by his students for help in ethical decision-making. Ed will share some of their questions and his recommended approaches for addressing them. Ed also has a new book out, The Code of Honor, about cybersecurity ethics. All proceeds go to scholarships for college students.
Segment Resources: 1) Ed's book, published June 18, 2024: https://www.amazon.com/Code-Honor-Embracing-Ethics-Cybersecurity/dp/1394275862/ref=sr11?crid=1DSHPCXDIQ1VT&dib=eyJ2IjoiMSJ9.rmZX2-3mj1nI74iKkjbKkQSNKCuRjjn-QQ8qrzVy21tMRAXuKu5Qr5rPgtszkVd7zJMV7oVTuImUZIxMQfecnaRlNRfAVI5G7azyWi8lY.WHOujvlsQXPTJaHuEafwRC2WVKZe474eVXHn46kLiEY&dib_tag=se&keywords=skoudis&qid=1722767581&sprefix=skoudis%2Caps%2C90&sr=8-1
2) Holiday Hack Challenge - sans.org/holidayhack
Ed Skoudis is a Faculty member at IANS Research and the founder of Counter Hack, a company focused on conducting ultra high-quality penetration tests and red team engagements to help organizations better manage their cyber risks. Ed is a SANS Fellow, author, and instructor who has trained over 20,000 cyber security professionals in the art of penetration testing and incident response. Ed is an expert witness who is often called in to analyze large-scale breaches.
A former cybersecurity intelligence officer in the IDF, Maor has over 17 years in cybersecurity leadership. In his career, he led SaaS Threat Detection Research at Proofpoint and won the operational excellence award during his IDI service. Maor got his BSc in Computer Science and is CEO and co-founder of Adaptive Shield, the SaaS Security company that helps security teams continuously manage and control their entire SaaS stack, from threat prevention to detection and response.
