What asset management (ITAM) looks like outside cybersecurity – Jeremy Boerger – ESW #374
The top priority on the CIS Critical Security Controls list has never changed: inventory and control of enterprise assets. Yet it remains one of the most challenging controls to implement, much less master. The refrain, "you can't secure what you don't know about" is as old as information security itself.
Complicating this task is the fact that improving asset management isn't an aspiration unique to the security team. IT, finance, facilities, and other groups within large enterprises are concerned with this as well. This often leads to challenges: should all these groups attempt to standardize on one common asset database or CMDB? Or should security go their own way, and purchase their own asset management tool?
Answering these questions would be a lot easier if we had someone with an IT asset management (ITAM) perspective, and fortunately, we do! Jeremy Boerger of Boerger Consulting joins us to help us understand the IT perspective, so we can understand if there are opportunities for security and IT to help each other out, or at least find some common ground!
Boerger Consulting Resources:
Jeremy Boerger has been leading and managing information technology asset management (ITAM) teams for over twenty years in sectors as varied as healthcare, manufacturing, and finance. In 2017, he founded Boerger Consulting, LLC to reach more medium and large organizations to maximize their IT total cost optimization (TCO) efforts across their hardware and software expenditures. In 2021, he published Rethinking Information Technology Asset Management (Business Expert Press) to guide and coach more individuals on the finer points of hardware and software asset management (SAM). He currently tours the North America, speaking to like-minded IT Directors, CIOs, CFOs, and CEOs to encourage faster adoption of “the best of the best” practices in the industry: the Pragmatic ITAM Method.
Interview with ThreatLocker: Is Application Allowlisting Making a Comeback? – Danny Jenkins – ESW #374
I often say that it isn't the concepts or ideas in cybersecurity that are bad, but the implementations of them. Sometimes the market timing is just wrong and the industry isn't ready for a particular technology (e.g. enterprise browsers). Other times, the technology just isn't ready yet (e.g. SIEMs needed better database technology and faster storage). Since the ideas are solid, we see these concepts return after a few years.
Application allowlisting is one of these product categories. Threatlocker has been around since 2017 and is now a late stage startup that has achieved market fit. We chat with the company's CEO and founder, Danny Jenkins to find out how they learned from the mistakes made before them, and differentiate from the technology some of us remember from the late 2000s and early 2010s.
Segment Resources:
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!
Danny Jenkins is the CEO and Co-Founder of ThreatLocker, a cybersecurity company specializing in Zero Trust endpoint protection solutions. With over two decades of experience in building and securing corporate networks, including red and blue team operations, Jenkins is a recognized authority in the cybersecurity industry. He is dedicated to advancing cybersecurity awareness and frequently speaks on topics such as ransomware and the Zero Trust approach. Jenkins began his cybersecurity career in 1997 as an ethical hacker. His early career experiences reinforced the importance of proactive, robust cybersecurity measures.
SaaS Security Beyond Just Misconfiguration & Expert Insights on Cybersecurity Ethics – Ed Skoudis, Maor Bin – ESW #374
In this interview, Maor Bin, CEO and Co-Founder of Adaptive Shield, discusses the evolving landscape of SaaS Security. He highlights the challenges posed by the security gap resulting from the rapid adoption of SaaS applications and why SaaS security is beyond just misconfiguration management.
Segment Resources: https://www.adaptive-shield.com/landing-page/the-annual-saas-security-survey-report-2025-ciso-plans-and-priorities/
This segment is sponsored by Adaptive Shield. Visit https://securityweekly.com/adaptiveshieldbh to download the Annual SaaS Security Survey Report!
Cybersecurity professionals are often confronted with ethical dilemmas that need to be carefully navigated. In 25 years of teaching incident handling and penetration testing, Ed has often been asked by his students for help in ethical decision-making. Ed will share some of their questions and his recommended approaches for addressing them. Ed also has a new book out, The Code of Honor, about cybersecurity ethics. All proceeds go to scholarships for college students.
Segment Resources: 1) Ed's book, published June 18, 2024: https://www.amazon.com/Code-Honor-Embracing-Ethics-Cybersecurity/dp/1394275862/ref=sr11?crid=1DSHPCXDIQ1VT&dib=eyJ2IjoiMSJ9.rmZX2-3mj1nI74iKkjbKkQSNKCuRjjn-QQ8qrzVy21tMRAXuKu5Qr5rPgtszkVd7zJMV7oVTuImUZIxMQfecnaRlNRfAVI5G7azyWi8lY.WHOujvlsQXPTJaHuEafwRC2WVKZe474eVXHn46kLiEY&dib_tag=se&keywords=skoudis&qid=1722767581&sprefix=skoudis%2Caps%2C90&sr=8-1
2) Holiday Hack Challenge - sans.org/holidayhack
Ed Skoudis has taught over 40,000 security professionals globally in penetration testing and incident handling. Ed currently serves as the President of the SANS Technology Institute college, supporting over 2,500 students earning their master’s degrees, bachelor’s degrees, and cyber security certificates. Ed is consistently one of the first authorities brought in to provide post-attack analysis on major breaches. Ed is also the founder of the SANS Penetration Testing Curriculum, the CEO and founder of the Counter Hack penetration testing firm, and the leader of the team that builds SANS NetWars and the SANS Holiday Hack Challenge. Ed is a keynote speaker and an Advisory Board member for RSA Conference. He is also on the board of directors for a community bank, a charity, and another college.
A former cybersecurity intelligence officer in the IDF, Maor has over 17 years in cybersecurity leadership. In his career, he led SaaS Threat Detection Research at Proofpoint and won the operational excellence award during his IDI service. Maor got his BSc in Computer Science and is CEO and co-founder of Adaptive Shield, the SaaS Security company that helps security teams continuously manage and control their entire SaaS stack, from threat prevention to detection and response.
