Resources

/

Podcasts

/

Secure IT

Great Security Demands Great IT: Why Automox’s CISO is Customer #1

Episode 08   Published July 11, 2024 12 minute watch

Secure IT

The Secure IT Podcast, hosted by Automox CISO Jason Kikta, is your one-stop shop for all things IT and cybersecurity. Jason knows good security comes from good IT. Step into a CISO’s shoes and trek through the world of technology and cyber defense to stay ahead of potential threats. Each episode is packed with the latest trends, tips, and expert advice.

Jason Kikta is the CTO of Automox

Host

Jason Kikta

RECENT EPISODES

Best-In-Class Remote Control

CISA's BOD 26-04 Directive Explained

[Nothing Weaponized, Everything Exposed]

[AI Hits the Hat Trick], Ep. 32

View all episodes

Available wherever you get your podcasts

Youtube

Apple Podcasts

Spotify

Overcast

Pocket Casts

Amazon Music

Castro

Goodpods

Castbox

Podcast Addict

Player FM

Deezer

Summary

Good security starts with good IT. You can't spot anomalies without a baseline of what normal looks like on your network. Automox CISO Jason Kikta has run Automox's own IT and security as "customer #1" for two years, and he draws this from experience. He sets severity-based patch policies that give him the predictability to measure mean time to remediation and average exposure time. When a critical patch warrants it, he deliberately deviates from those policies. He treats patching as a daily exercise in allocating risk. He spends aggression where it matters and conserves it where the path to a target is unlikely.

Takeaways

  1. Good security depends on good IT. Security work is investigating anomalies, and you can't recognize an anomaly without a stable, predictable baseline of what normal looks like.

  2. Standing patch policies run by severity: critical, high, medium, and low CVEs, plus functionality patches that carry no CVE. That keeps remediation on a known schedule.

  3. Consistency is what makes metrics meaningful. With consistent implementation and deferral windows, you can track mean time to remediation and outstanding patches by category to see whether you're improving, plateauing, or sliding. Without a consistent baseline, you're judging changes on vibes.

  4. When a patch is critical enough, Kikta deviates from the baseline. He might require everyone patched by 6 p.m. Eastern and accept the business disruption as a deliberate trade.

  5. Aggressive patching works like political capital. Spend it heavily where the risk is real, and conserve it where there's no realistic path to the target. Conserving it buys down the risk of being aggressive elsewhere.

Topics

Patching & Endpoint Mgmt

See for yourself how policy-driven IT Automation saves time and eliminates risk.

Dive deeper into this topic

From Click to Fix: Bringing Automox Actions to...

Podcast

Automated Patching Solutions Compared: 2026...

Compare automated patching solutions for 2026. Find the best...

Black background with white text "AUTONOMOUS IT LIVE" in green circle and rectangle, and smaller text "FROM AUTOMOX" beneath.
AI, Humans, and the Hybrid Reality of IT in 2026

Blog

How To Build a Patch Compliance Dashboard That...

The power of IT automation is useless if you can’t prove to...