Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

Ivanti: Breaking Data Silos: IT and Security Alignment Strategies

Ivanti
07/03/2026
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


We're going to be discussing security and IT alignment today with Darren Gosin. He is the Senior Vice President of Product Management at Avanti. Morning, Darren. How are you? I'm doing great. Thanks. Good to be here, Michael. Thank you so much for making the time. So I want to start by taking on this challenge of security and IT alignment, and specifically want to do this, get a sense of the challenges it can create from a cybersecurity standpoint. Yeah, well, it's a great question. You know, in many organizations, security and the IT organizations are not fully aligned. And what that does is it really introduces risk within the organization, because you can't be able to find and remediate the risk most effectively. You know, one of the main reasons for this is really the differences in the goals and responsibilities between the CIO and the CISO. CIOs are often focused on business growth, innovation, whereas your CISO is more focused on cybersecurity risk and compliance. And CISOs will approach risk management from the standpoint of prioritizing security over speed and agility and productivity at times, and your IT department is doing so different. And also, when you think about the responsibilities, your CISO is responsible for finding and identifying the risk within the organization. And oftentimes, your IT department is responsible for remediating it. So when those two are not aligned, when they're not communicating well, it creates gaps in that overall process to be able to remediate the risk within your organization. And that can be a challenge from a cybersecurity standpoint for any organization. Why are large enterprises struggling to solve basic hygiene issues, such as vulnerability and patch management? Well, that's another great question. You know, and there's a couple of different reasons for this. Number one is scale. Obviously, our attack surfaces are increasing every single day with the technology that we have, the users within the organization. So really expanding the attack surface creates a much bigger challenge each and every day for organizations. And ultimately, they don't have the full visibility of what the issue is. They don't have full visibility of their assets or their attack surface or the exposures on them. Even when they do, it's hard to identify what you focus on first. So prioritization of the information that you have can be another challenge for organizations to solve those basic hygiene issues. And then, like we talked about, security and IT better working together is a good place to start for organizations that are trying to increase the practice to solve basic hygiene issues and vulnerability and patch management. I know siloed data is another common problem. I want to get a sense of what is your advice for improving integration and collaboration between teams? Yeah, I mean, siloed data is a significant problem, not only on the security side for organizations, but I feel like it really can sap the potential of organizations by not being able to make data-driven decisions. But if you think of it from a security perspective, they create a significant challenge. Number one is oftentimes an organization's view of their attack surface is in multiple different areas. So it might be in spreadsheets. It might be in data sets that the security organization has or the IT organization. Same for vulnerabilities. You might have multiple vulnerability scanners, but not doing an aggregation of those. This is why we actually see convergence of security suites within products. And convergence of discovery, asset and vulnerability discovery, endpoint management and endpoint security really coming together. Platforms within organizations do a lot of data normalization across these areas. So they break down those silos to enable you to be able to make better data-driven decisions, have a more comprehensive data set in which you're doing remediation to secure your environment. What capabilities should organizations be looking for in an integrated platform? Yeah, I mean, in an integrated platform, I think the number one data, being able to have a complete data set that's correlated and reconciled across different data sources is the one key value. Let's break down those data silos. Number two is, from a security perspective, you need to have the ability to be able to plug threat intelligence into this as well, so that you can understand what's happening with the vulnerabilities within your organization. And this gives you the ability to be able to prioritize. Like we talked about before, organizations can be overwhelmed with the amount of cyber hygiene that they need to do within their organization and risks that they need to be able to remediate. So you need to have context of what the risk is and how it relates to your environment. This gives you the ability to then start to make risk-based decisions, risk-based remediation decisions. When do I patch? Where do I patch? What are the most critical patches that I need to deploy to my organization? And then, of course, being able to access that data through dashboards and analytics and the ability to be able to slice and dice that information yourself so that you can get a good understanding as well as report within your organization and build more of a security-driven culture. Can you show any examples of organizations that have met these challenges? Yeah, absolutely. I mean, we have a customer in the financial industry that has kind of flipped over the way in which they think about cybersecurity. And rather than trying to meet every single SLA of a vulnerability that they have within their organization, they're taking a very, very risk-based approach. And that allows them to rebaseline what their risk acceptance level is and then be able to put in a practice that allows them to hit that risk acceptance level. So they're taking an approach around exposure management, which really is looking at the tolerance that you have within your organization and then ensuring that your cybersecurity posture meets that risk tolerance. So, you know, that's a way in which they've been able to reduce the noise within their organization and be able to remediate and secure the risk or secure the vulnerabilities that are going to be most impactful to their company. And I want to get a sense from you of what your advice is for anybody who's looking into modernizing their environment and improving alignment between security and IT. Yeah, another great question. You know, I think there's two aspects of this here. One is around processes or culture within your organization. And then the other would be a couple of things to look at from a technology perspective. Number one is across the company, foster a security mindset and culture. So it's not just security and IT, but it's everyone's responsibility. We know that users are a vector that threat actors are using to be able to infiltrate organizations. So really, security has to be top of mind for everyone within your organization. Two is going back to the first question, align the goals of security and IT to both be risk-based, but also business outcome-based. Both the CIO and CISO's organization have an objective to be able to achieve the business outcomes of the organization. And to do so, you need to create a secure environment. Third, from a process perspective, is secure what's important. Bring risk-based and prioritization into that overall security position and posture and program that you have. And then the second is from a technology perspective. Number one is ensure that you can access everything within your organization. And things have shifted with everywhere I work, and people are working on different networks. They're working outside of the network. They're really working from everywhere. SaaS-based solutions are really good to be able to ensure that you have reached and can manage and secure all of the endpoints and assets within your organization. And two is limit the number of vendors that you have. These vendors will create data silos within your organization. They'll increase the number of integrations that you need to create and maintain to do so. So really looking at vendors more holistically, ones that are bringing security and IT together to be able to create a better security posture in your organization from a platform and technology perspective, would be some good places to start. And finally here, for people who are interested in learning more about this topic, what do you recommend? Well, a great place to start is avanti.com. We've done a ton of research around exposure management. We have a number of resources there. So that's a great place to start. Terrific. Darren, thank you so much for the time today. I appreciate it, Michael. Absolutely. We've been speaking with Darren Gosen, Senior Vice President of Product Management at Avanti. For Information Security Media Group, this is Michael Novenson.

TL;DR

  • Security and IT misalignment creates remediation gaps because CISOs identify risks while IT teams fix them—poor communication between these groups introduces organizational cyber risk.
  • Large enterprises struggle with basic hygiene due to expanding attack surfaces, fragmented visibility across tools and spreadsheets, and difficulty prioritizing which vulnerabilities to address first.
  • Platform convergence that unifies asset discovery, vulnerability scanning, and endpoint management breaks down data silos and enables risk-based remediation decisions.
  • Organizations should shift from SLA-driven patching to exposure management approaches that define risk tolerance thresholds and prioritize vulnerabilities by actual business impact.

The Cost of Security and IT Misalignment

This interview explores the organizational friction that occurs when security and IT teams operate with different priorities and disconnected data. Daren Goesen explains that CIOs typically focus on business growth and innovation while CISOs prioritize risk management and compliance, creating a fundamental tension. The security team identifies vulnerabilities, but the IT team is responsible for remediation—when these groups aren't communicating effectively, gaps emerge that leave organizations exposed. The conversation establishes that this misalignment isn't just an operational inconvenience but a genuine cybersecurity risk that prevents effective vulnerability management.

Overcoming Scale and Visibility Challenges

Large enterprises struggle with basic cyber hygiene despite significant security investments, and Goesen attributes this to three interconnected problems: expanding attack surfaces, incomplete asset visibility, and prioritization paralysis. Organizations often lack a unified view of their endpoints, vulnerabilities, and exposures—data lives in spreadsheets, multiple scanning tools, and separate departmental systems. Even when visibility exists, the sheer volume of vulnerabilities makes it difficult to determine what to address first. The discussion advocates for platform convergence that normalizes data across discovery, endpoint management, and endpoint security functions, enabling risk-based decision-making rather than attempting to patch everything according to rigid SLAs.

Chapters

0:00 - Introduction
0:21 - Security and IT Alignment Challenges
1:51 - Why Basic Hygiene Remains Difficult
3:06 - Breaking Down Data Silos
4:35 - Integrated Platform Capabilities
6:11 - Customer Success Example
7:23 - Modernization Advice
9:51 - Resources and Wrap-Up

Key Quotes

0:40 "In many organizations, security and the IT organizations are not fully aligned. And what that does is it really introduces risk within the organization, because you can't be able to find and remediate the risk most effectively."
3:21 "Siloed data is a significant problem, not only on the security side for organizations, but I feel like it really can SAP the potential of organizations by not being able to make data-driven decisions."
6:25 "Rather than trying to meet every single SLA of a vulnerability that they have within their organization, they're taking a very, very risk-based approach."

FAQ

Why do security and IT teams struggle to work together effectively?

The fundamental challenge is differing objectives: CIOs focus on business growth and innovation while CISOs prioritize risk and compliance. Additionally, security teams identify vulnerabilities but IT teams remediate them, creating a handoff that fails without strong communication and shared goals.

What should organizations look for in an integrated security platform?

Key capabilities include correlated and reconciled data across sources, threat intelligence integration for vulnerability context, risk-based prioritization tools, and dashboards that enable custom analytics and reporting to build a security-driven culture.


Categories:
  • » Webinar Library » Ivanti
  • » Cybersecurity » Endpoint Security
  • » Data Protection
Channels:
News:
Events:
Tags:
  • Security Operations
  • Vulnerability Management
  • Best Practices
  • Interview
  • IT and security alignment
  • vulnerability management
  • patch management
  • data silos
  • exposure management
  • risk-based prioritization
  • attack surface management
  • endpoint security
  • cyber hygiene
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: Ivanti: Breaking Data Silos: IT and Security Alignment Strategies

              Upcoming Webinar Calendar

              • 07/09/2026
                01:00 PM
                07/09/2026
                The HUMAN Experience: Empowering Agentic Trust in Practice
                https://www.truthinit.com/index.php/channel/2026/the-human-experience-empowering-agentic-trust-in-practice/
              • 07/14/2026
                01:00 PM
                07/14/2026
                Crafting an Elite Security Team to Achieve Championship-Level Defense
                https://www.truthinit.com/index.php/channel/2025/crafting-an-elite-security-team-to-achieve-championship-level-defense/
              • 07/14/2026
                02:00 PM
                07/14/2026
                Understanding the Crucial Role of Context in AI Data
                https://www.truthinit.com/index.php/channel/2037/understanding-the-crucial-role-of-context-in-ai-data/
              • 07/21/2026
                04:00 AM
                07/21/2026
                Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
              • 07/21/2026
                01:00 PM
                07/21/2026
                HUMAN Dialogue: Insights from Attackers During the FIFA World Cup
                https://www.truthinit.com/index.php/channel/2029/human-dialogue-insights-from-attackers-during-the-fifa-world-cup/
              • 07/22/2026
                06:30 AM
                07/22/2026
                Insights and Strategies for Mastering the DPDP Framework
                https://www.truthinit.com/index.php/channel/2000/insights-and-strategies-for-mastering-the-dpdp-framework/
              • 07/28/2026
                01:00 PM
                07/28/2026
                Illumio + Netskope: Zero Trust in the Age of AI Autonomy
                https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
              • 07/29/2026
                04:00 AM
                07/29/2026
                Real-Time Strategies for Safeguarding Against Prompt Injections
                https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
              • 07/29/2026
                12:00 PM
                07/29/2026
                Unified Data Security in Action: Uncover, Analyze, and Resolve Threats
                https://www.truthinit.com/index.php/channel/2045/unified-data-security-in-action-uncover-analyze-and-resolve-threats/
              • 08/19/2026
                12:00 PM
                08/19/2026
                Becoming Agent Ready: Insights from Cyera's Expertise
                https://www.truthinit.com/index.php/channel/2036/becoming-agent-ready-insights-from-cyeras-expertise/
              • 09/30/2026
                04:00 AM
                09/30/2026
                AI Command Center: Optimizing Visibility and Control in Your Operations
                https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/

              Upcoming Events

              • Jul
                09

                The HUMAN Experience: Empowering Agentic Trust in Practice

                07/09/202601:00 PM ET
                • Jul
                  14

                  Crafting an Elite Security Team to Achieve Championship-Level Defense

                  07/14/202601:00 PM ET
                  • Jul
                    14

                    Understanding the Crucial Role of Context in AI Data

                    07/14/202602:00 PM ET
                    • Jul
                      21

                      Strategies for Managing AI Governance and Securing App-to-LLM API Traffic

                      07/21/202604:00 AM ET
                      • Jul
                        21

                        HUMAN Dialogue: Insights from Attackers During the FIFA World Cup

                        07/21/202601:00 PM ET
                        More events
                        Truth in IT
                        • Sponsor
                        • About Us
                        • Terms of Service
                        • Privacy Policy
                        • Contact Us
                        • Preference Management
                        Desktop version
                        Standard version