The ITSM Practice: Elevating ITSM and IT Security Knowledge

Hosted by Luigi Ferri

TechnologyInterviews guests

Website RSS feed

Episodes

150

Latest episode

Jun 2026

Language

EN-US

About the show

Join Luigi Ferri, an experienced ITSM & IT Security Professional, in 'The ITSM Practice.' Explore IT Service Management and IT Security, uncovering innovations and best practices with insights from leading organizations like Volkswagen Financial Services, Vodafone, and more. Each episode offers practical guides and expert discussions for learning and growth. Ideal for all ITSM and IT Security Professionals! Stay Connected: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Youtube: https://www.youtube.com/@theitsmpractice Website: http://www.theitsmpractice.com

Listen to episodes

60 recent

June 16, 2026Episode 1413 min

AI Security Strategy: Why Midmarket Organizations Get It Wrong

Why do most AI security strategies fail in the midmarket? In this episode of The ITSM Practice Podcast, we explore why successful AI security is not about buying more AI tools but about building the right foundation first. Learn how identity management, telemetry quality, governance, and operational maturity determine AI security success. We discuss AI readiness, MSSP evolution, cybersecurity automation, SOC transformation, and practical AI security roadmaps for midmarket organizations. Discover why AI augments security teams rather than replacing them and how organizations can achieve sustainable cyber resilience through proper sequencing.In this Episode, we answer:Why do most AI security initiatives fail in midmarket organizations despite significant investments in AI-powered cybersecurity tools?How do identity management, telemetry quality, and governance impact AI security readiness and operational resilience?What should MSPs and MSSPs prioritize over the next 2–3 years to build effective AI security strategies and support midmarket clients?Resources Mentioned in this Episode:SailPoint website, ebook "Identity as the foundation: The modern zero trust blueprint for 2026", link https://www.sailpoint.com/identity-library/identity-security-essential-to-zero-trust-strategy Xage Security website, article "Zero Trust: A Proven Solution for the New AI Security Challenge", link https://xage.com/blog/zero-trust-proven-solution-for-the-new-ai-security-challenge/Checkpoint website, article "How AI Phishing Attacks Became A Threat in 2025", link https://www.checkpoint.com/cyber-hub/threat-prevention/what-is-phishing/ai-phishing-attacks/ EC-Council website, article "The Rising Threat of AI-Powered Phishing: What it is, How to Detect it, and How to Prevent it", link https://www.eccu.edu/blog/ai-powered-phishing-detection-prevention/ Your Alaska Link TV YouTube Channel, video "Hackers use AI to boost cyber scams and attacks", link https://www.youtube.com/watch?v=hRJqRFj0kRQMicrosoft Mechanics YouTube Channel, video "AI with Zero Trust Security", link https://www.youtube.com/watch?v=OnlN-2Q5QsE Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

June 9, 2026Episode 1411 min

What DoDAF Can Teach Leaders About Architecture and Complexity

Are modern enterprises losing control of their architecture? In this episode, Luigi Ferri explores why cloud adoption, outsourcing, SaaS expansion, and fragmented governance are creating hidden dependencies and increasing operational risk. Discover how the Department of Defense Architecture Framework (DoDAF) offers valuable lessons for improving architectural visibility, governance, resilience, and enterprise-wide coordination in today's complex digital ecosystems.In this episode, we answer to:Why are modern enterprises losing architectural ownership and visibility across complex digital ecosystems?How can the Department of Defense Architecture Framework (DoDAF) help organizations manage complexity, interoperability, and governance?Why do modern outages and operational failures increasingly result from undocumented dependencies and architectural blind spots rather than individual system failures?Resources Mentioned in this Episode:US DoDAF Official Documentation, Department of Defense Architecture Framework (DoDAF) Version 2.02, link https://dodcio.defense.gov/Library/DoD-Architecture-Framework/TOGAF® Enterprise Architecture Framework, TOGAF® Standard, link https://www.opengroup.org/togafNIST Cybersecurity Framework (CSF) 2.0, link https://www.nist.gov/cyberframeworkConnect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

June 2, 2026Episode 1310 min

Identity Is the New Perimeter

AI is changing cybersecurity faster than most organizations can govern it. In this episode of The ITSM Practice Podcast, Luigi Ferri explores why identity has become the true enterprise perimeter. As organizations race to deploy Agentic AI, autonomous agents, cloud platforms, and APIs, many are building on identity governance models that were never designed for machine-scale decision-making. From Zero Trust Architecture and Identity & Access Management (IAM) to the lessons behind major breaches at MGM, Snowflake, and Uber, this episode examines a critical question: If enterprises struggled to govern human identities, how will they govern autonomous AI identities? Discover why AI governance without identity governance is impossible, why identity is evolving into the operational control plane of digital business, and what CIOs and CISOs must do before AI adoption outpaces organizational control.In this episode, we answer:Why is identity becoming the new perimeter in the age of AI?What risks emerge when autonomous agents operate without strong identity governance?How can organizations redesign trust before AI scales faster than governance?Resources Mentioned in this Episode: NIST website, Zero Trust Architecture (SP 800-207), link https://csrc.nist.gov/pubs/sp/800/207/final?NIST website, AI Risk Management Framework, link https://www.nist.gov/itl/ai-risk-management-frameworkEuropean Commission website, EU AI Act, link https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-aiDark Reading website, article "Okta Agent Involved in MGM Resorts Breach, Attackers Claim", link https://www.darkreading.com/application-security/okta-flaw-involved-mgm-resorts-breach-attackers-claimCyberark website, article "The MGM Resorts Attack: Initial Analysis", link https://www.cyberark.com/resources/blog/the-mgm-resorts-attack-initial-analysisBlackfog website, article "Showflake Data Breach Explained", link https://www.blackfog.com/snowflake-data-breach-explained-key-lessons/Cloud Security Alliance website, article "Unpacking the 2024 Snowflake Data Breach", link https://cloudsecurityalliance.org/blog/2025/05/07/unpacking-the-2024-snowflake-data-breachUSA CISA website, article "Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester", link https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-320a?USA CISA website, advisory on MFA fatigue and modern identity attacks, link https://www.cisa.gov/news-events/alerts/2022/10/31/cisa-releases-guidance-phishing-resistant-and-numbers-matching-multifactor-authenticationConnect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

May 26, 2026Episode 129 min

FINMA and ITIL 4: Building Resilient Swiss Banks

FINMA Circular 2023/1 is transforming operational resilience from a compliance exercise into a strategic leadership priority for Swiss banks. In this episode, Luigi Ferri explains why ITIL 4 is far more than ITSM, it is a powerful enterprise operating model that connects governance, cybersecurity, risk management, supplier coordination, and business continuity to build truly resilient financial institutions.In this episode, we answer to:Why is operational resilience becoming the new license to operate for banks?How does ITIL 4 support FINMA resilience and cybersecurity requirements?What organizational silos are preventing true enterprise resilience?Resources Mentioned in this Episode: Finma website, Circular 2023/1 Operational risks and resilience for banks, link https://www.finma.ch/en/~/media/finma/dokumente/dokumentencenter/myfinma/rundschreiben/finma-rs-2023-01-20221207.pdfFinma website, article "FINMA publishes Circular “Operational risks and resilience – banks”, link https://www.finma.ch/en/news/2022/12/20221213-mm-anh-rs-op-risks/KPMG website, article "FINMA Circular 2023/1", link https://assets.kpmg.com/content/dam/kpmgsites/ch/pdf/finma-circular-2023.pdf.coredownload.inline.pdf InfoGuard website, article "FINMA Circular 2023/1 Checklist - Ready for a regulatory audit?", link https://www.infoguard.ch/hubfs/images/blog/24/InfoGuard-FINMA-Checkliste_EN.pdf Manage Engine website, article "The ITIL 4 Service Value System", link https://www.manageengine.com/products/service-desk/itsm/itil-4-service-value-system.html Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

May 19, 2026Episode 116 min

Broken Transmission: Why Fintech Strategy Fails

Broken Transmission: Why Agile Fintechs Miss Strategy | In this episode of The ITSM Practice Podcast, Luigi Ferri explains why fintech strategy execution fails despite Agile delivery, strong squads, and constant releases. Learn how fragmented ownership, poor prioritization, and disconnected KPIs create operational misalignment, reducing business outcomes and authorization rate performance.In this episode, we answer to:Why do Agile fintech teams fail to execute business strategy effectively?How does fragmented ownership impact authorization rate improvement initiatives?Why do operational priorities override strategic portfolio management in fintech organizations?Resources Mentioned in this Episode:Project Management Institute, whitepaper "The High Cost of Low Performance 2014", link https://www.pmi.org/-/media/pmi/documents/public/pdf/learning/thought-leadership/pulse/pulse-of-the-profession-2014.pdf University of Salford - Manchester, Abdallah M. Salameh, document "A Heterogeneous Approach to Agile Tailoring", link https://salford-repository.worktribe.com/OutputFile/1487893 Institute of Project Management website, article "The Emerging Importance of Benefits Realisation", link https://projectmanagement.ie/blog/the-emerging-importance-of-benefits-realisation/ McKinsey & Company website, article "Don’t cancel or coddle at-risk capital projects—challenge them", link https://www.mckinsey.com/capabilities/operations/our-insights/dont-cancel-or-coddle-at-risk-capital-projects-challenge-them Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

May 12, 2026Episode 108 min

FINOS vs ISO 42001: What to Choose

Fintech leaders: stop defaulting to ISO 42001. Discover how FINOS empowers you to design scalable, audit-ready AI governance before regulation forces your hand. Learn to align controls, reduce risk, and build governance by design—not by pressure.In this episode, we answer to:What makes FINOS a powerful alternative to ISO 42001?How can fintechs design governance before audits hit?Why does governance fail without alignment?Resources Mentioned in this Episode:FINOS website, article "AI Strategic initiative series: Building an AI Governance Framework - Key Takeaways from the NYC Workshop", link https://www.finos.org/blog/building-an-ai-governance-framework-key-takeaways-from-the-nyc-workshop FINOS website, article "FINOS AI Governance Framework v1.0 — Turning Drafts into Deployable Guardrails", link https://www.finos.org/blog/finos-ai-governance-framework-v1.0-turning-drafts-into-deployable-guardrails Air Governance website, article "A heuristic approach to identifying GenAI risks", link https://air-governance-framework.finos.org/heuristic-assessment.html Air Governance website, article "FINOS AI Governance Framework", link https://air-governance-framework.finos.org GitHub website, repo "finos/ai-governance-framework - Public", link https://github.com/finos/ai-governance-framework Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

May 5, 2026Episode 179 min

Who Owns Cloud Security?

A single question can expose a major cloud risk: who is responsible? This episode breaks down the cloud shared responsibility model, revealing how unclear ownership, misconfigurations, and weak governance lead to data breaches, and how ISO/IEC 27017 helps close the gaps.In this episode, we answer to:Who is really accountable for cloud security failures?Why do misconfigurations cause most cloud data breaches?How does ISO/IEC 27017 strengthen cloud security governance?Resources Mentioned in this Episode:ISO Standards website, standard ISO/IEC 27017:2015, link https://www.iso.org/standard/43757.htmlVanta website, article "The ultimate guide to ISO 27017", link https://www.vanta.com/collection/iso-27001/guide-to-iso-27017Microsoft website, article "ISO/IEC 27017:2015", link https://learn.microsoft.com/en-us/azure/compliance/offerings/offering-iso-27017 Safeshield website, article "Why should SaaS companies comply with the ISO/IEC 27017 security standard for cloud service providers (CSP)", link https://www.safeshield.cloud/why-should-saas-companies-comply-with-the-iso-27017-security-standard-for-cloud-service-providers-csp NordLayer website, article "ISO 27017: cloud protection essentials", link https://nordlayer.com/learn/iso/iso-27017/ Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

April 28, 2026Episode 167 min

CISO Strategy: Where Product Security Fails at Scale

Most organisations manage only build and operate, ignoring growth, where security risk explodes. Luigi Ferri reveals how CISOs miss the most critical phase, where scaling, DevOps, and rapid decisions create hidden security debt. This episode challenges leaders to shift from reactive controls to full product lifecycle governance before risk turns into incidents.In this episode, we answer to:Why is product growth the most dangerous phase for cybersecurity risk?Are CISOs governing product lifecycle or just reacting to failures?How does DevOps accelerate delivery but weaken security accountability?Resources Mentioned in this Episode:Advisera website, article "ISO 27001 control 8.25 Secure development life cycle", link https://advisera.com/iso27001/control-8-25-secure-development-life-cycle/ Ikarus website, article "Security by Design", link https://www.ikarussecurity.com/en/security-news-en/security-by-design-cybersecurity-throughout-the-product-life-cycle/ Netguru website, article "SaaS Development Life Cycle: Key Stages & Best Practices", link https://www.netguru.com/blog/saas-development-life-cycle DevOps by Techstrong Group website, article "DevSecOps: Integrating Security Into the DevOps Lifecycle", link https://devops.com/devsecops-integrating-security-into-the-devops-lifecycle/ Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

April 21, 2026Episode 138 min

ITIL 5 Exposed: Accountability Without Authority

ITIL 5 exposes a critical ITSM flaw: Service Owners held accountable without authority. Discover how broken governance, security vs delivery conflicts, and unclear decision rights undermine outcomes. Learn why real accountability starts before operations, and how to redesign Enterprise Service Management for true leadership.In this episode, we answer to:Why are Service Owners accountable but not empowered in ITIL 5?How does the security vs delivery tension reveal weak ITSM governance?Resources Mentioned in this Episode:PeopleCert website, article "Understanding the evolution of ITIL", link https://www.peoplecert.org/news-and-announcements/itil-version-5-explained Learning Tree International website, article "ITIL® (Version 5) Has Arrived", link https://www.learningtree.com/blog/itil-5-launch-what-you-need-to-know/ Agile PM Hub website, article "ITIL® 5 Is Here: What’s New and Why It Matters", link https://agilepmhub.com/blog/itil-version-5-whats-new-and-why-it-matters Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

April 14, 2026Episode 78 min

PSD3 Explained: Payments Security & Fraud

PSD3 is reshaping payments security, moving beyond PSD2’s access model to address fraud, scams and trust abuse. This episode explains why strong authentication is no longer enough, how APIs become critical to trust, and what banks and fintechs must change to stay secure, compliant and resilient.In this episode, we answer to:What makes PSD3 fundamentally different from PSD2 in payments security?Is strong customer authentication enough to stop modern fraud?How do APIs influence trust, performance and security under PSD3?Resources Mentioned in this Episode: Stripe website, article "What platforms and marketplaces can expect from PSD3", link https://stripe.com/guides/what-platforms-and-marketplaces-can-expect-from-psd3 Trustbuilder website, article "From PSD2 to PSD3: What’s Changing in the Future of Payments in Europe", link https://www.trustbuilder.com/en/psd2-psd3-directive-future-payments-europe/ Deloitte website, article "Shedding light on PSD3/PSR", link https://www.deloitte.com/lu/en/Industries/banking-capital-markets/perspectives/shedding-light-on-psd3-psr.html Schoenherr website, article "The EU's new Payments Services Package", link https://www.schoenherr.eu/content/the-eu-s-new-payments-services-package European Payments Council, article "What do the PSD3 and PSR mean for the payments sector", link https://www.europeanpaymentscouncil.eu/news-insights/insight/what-do-psd3-and-psr-mean-payments-sector Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya