Summary

In this episode Marc Schein is chattin’ with Jeremy Boerger, an IT Asset Management (ITAM) expert. Jeremy recounts his entry into ITAM during the Y2K era, where he was tasked with managing compliance systems for a manufacturing firm. This experience sparked his interest in ITAM, which revolves around optimizing an organization’s hardware and software investments for maximum value. He emphasizes ITAM’s focus on cost-consciousness and usability, highlighting its role in efficient product and service utilization.

The discussion dives deeper into the essence of ITAM, explaining its significance in the cybersecurity realm. Jeremy stresses the importance of collaboration between ITAM and cybersecurity teams, citing industry standards like those recommended by NIST and the Department of Defense. He suggests that ITAM’s asset management functions, such as inventory tracking and usage monitoring, are integral to bolstering organizational security measures.

Jeremy acknowledges the historical challenges in establishing ITAM best practices but mentions ISO/IEC 19770 as a leading framework. He also links ITAM’s principles to new cybersecurity regulations, particularly those proposed by the SEC. These regulations emphasize managing end-of-life assets, data disposal, and leveraging returns from decommissioned hardware and software, areas where ITAM plays a crucial role.

As the conversation wraps up, Marc and Jeremy discuss avenues for further engagement and collaboration. Jeremy directs interested parties to his website and LinkedIn profile, where he shares insights on ITAM and cybersecurity integration. The dialogue underscores the evolving landscape of ITAM, its symbiotic relationship with cybersecurity practices, and the potential for synergistic collaboration to enhance organizational resilience and security posture.

Key Takeaways

• 
  
• IT Asset Management (ITAM) helps organizations manage their hardware and software assets to get the most value and utility out of them. It helps control costs and track assets.
  
• ITAM and cybersecurity should work together. Knowing what devices and software are in the environment helps cybersecurity track potential threats.
  
• Best practices for ITAM can be found in ISO standards, ITIL, and NIST frameworks. Organizations like the ISO are bringing ITAM and cybersecurity together.
  
• The SEC is encouraging more asset management to track hardware, software, and data, especially at end of life. This helps control cyber risks.
  
• ITAM can notify cybersecurity when hardware and software changes, so they can update their threat models. Collaboration between the teams is important.
  

Key Quotes

• 
  
• 00:51 – “If you remember back in Y2K, back at the turn of the century […] I had been brought into a small manufacturing firm to help with their Y2K results, a lot of it being swapping out old systems for compliance systems and the like.”
  
• 03:35 – “What I have seen from the other side of the fence is that cybersecurity professionals tend to look at their work in […] silo [as a] very separate activity when there’s all of this wonderful data and technique and knowledge that probably doesn’t get tapped into as well as it should have.”
  
• 06:09 – “Where is the hardware and software and most importantly, the data that is sitting inside that hardware and software? What do you do with it at the end of its lifecycle? And that’s been typically something that cybersecurity folks don’t really pay much attention to.”
  
• 06:37 – “Well, asset management is very concerned about that endgame because there’s money to be had. There are services to be had. If you’re not going to reuse that device or reissue those licenses, then what kind of return cash can you bring into the organization to then fund another investiture?”
  
• “But I also encourage folks to reach out on LinkedIn as well. We’ve got a very active newsletter community speak on a great length about some of the new initiatives, licensing schemes, threat, and even techniques on how to mitigate some of these asset concerns that then do bleed into cybersecurity and service management.” (08:24)
  

About Our Guest

Jeremy Boerger helps companies build and rehabilitate their IT asset management (ITAM) practices, both hardware and software asset management (SAM), recovering almost 10% of the IT department’s budget. In 2017, he founded Boerger Consulting, LLC, to better help business leaders and decision-makers fully realize the promises a properly-functioning ITAM and SAM programs can deliver. He tours the country, speaking at numerous conventions and symposiums. He is also the author of Rethinking Information Technology Asset Management,” available through Amazon, Apple Books, B&N, or wherever you prefer to purchase your eBooks and paperbacks.

FOLLOW OUR GUEST:

WEBSITE | LINKEDIN

ABOUT OUR HOST:

National co-chair of the Cyber Center for Excellence, Marc Schein, CIC,CLCS is also a Risk Management Consultant at Marsh McLennan. He assists clients by customizing comprehensive commercial insurance programs that minimize the burden of financial loss through cost effective transfer of risk. By conducting a Total Cost of Risk (TCoR) assessment, he can determine any gaps in coverage. As part of an effective risk management insurance team, Marc collaborates with senior risk consultants, certified insurance counselors, and expert underwriters to examine the adequacy of existing client programs and develop customized solutions to transfer risk, improve coverage and minimize premiums.

FOLLOW OUR HOST:

WEBSITE | LINKEDIN