Resources

/

Podcasts

/

Secure IT

Back to Basics: Three Essentials for Secure IT Operations

Episode 20   Published October 2, 2025 8 minute watch

Secure IT

The Secure IT Podcast, hosted by Automox CISO Jason Kikta, is your one-stop shop for all things IT and cybersecurity. Jason knows good security comes from good IT. Step into a CISO’s shoes and trek through the world of technology and cyber defense to stay ahead of potential threats. Each episode is packed with the latest trends, tips, and expert advice.

Jason Kikta is the CTO of Automox

Host

Jason Kikta

RECENT EPISODES

Best-In-Class Remote Control

CISA's BOD 26-04 Directive Explained

[Nothing Weaponized, Everything Exposed]

[AI Hits the Hat Trick], Ep. 32

View all episodes

Available wherever you get your podcasts

Youtube

Apple Podcasts

Spotify

Overcast

Pocket Casts

Amazon Music

Castro

Goodpods

Castbox

Podcast Addict

Player FM

Deezer

Summary

Most environments fail on fundamentals. The cause is rarely a lack of flashy technology. Automox CISO Jason Kikta treats three of those fundamentals as non-negotiable: asset inventory management, patch management and vulnerability remediation, and identity and access management. His time around U.S. government cyber work shaped that view. Former NSA Tailored Access Operations chief Rob Joyce put it plainly: top-tier attackers learn a network better than its owner does. Most breaches exploit known, already-patched vulnerabilities. Strong authentication and least privilege close the doors that compromised credentials open.

Takeaways

  1. Asset inventory, patch management, and identity and access management are building blocks every other operational control depends on. Master the basics and the rest of a security program has somewhere to stand.

  2. Asset inventory covers more than hardware. It includes software, cloud instances, virtual machines, and shadow IT. Keep it continuously updated so it can inform patching, vulnerability management, incident response, and compliance.

  3. Most successful breaches exploit known vulnerabilities that have had patches available for weeks, months, or even years. That gap is why Kikta pushes for automated, prioritized patch management over manual triage.

  4. Identity and access management rests on multi-factor authentication as non-negotiable, the principle of least privilege, just-in-time access, and regular access reviews so privileges don't accumulate over time.

  5. You can't delegate remediation down to individual application or system owners. Use an exceptions process and mitigating controls instead. A brief outage is usually far cheaper than a full intrusion.

Topics

IT Operations

See for yourself how policy-driven IT Automation saves time and eliminates risk.

Dive deeper into this topic

BlueHammer: What You Need to Know and How to...

A Windows zero-day with public exploit code and no patch. Deploy...

When Opportunism Is the Strategy: Why Cyber...

Iran's destructive cyber operations follow opportunity, not...

The Myth of the All-Knowing IT Pro

Podcast

Pulling Back the CX Curtain with Charles Coaxum

Podcast