Home
ServiceDesk Plus > Resources > ITSM guides > What is SecOps?
Home > Resources > What is SecOps?
SecOps definition

SecOps integration: Bridging the divide between ITSM and
IT security

Try servicedesk plus

Last updated on: July 29, 2024

90% of all decision-makers agree that IT is more responsible for business innovation
than ever before.

IT continues to be the catalyst revamping enterprises digitally, and keeping up with the fast-paced changes of the world. The ITOps team, armed with robust IT service delivery practices, have nailed the right concoction of computing to achieve the ideal results for their organization. By being at the frontiers of employee experience and productivity innovations, ITOps faces one major obstruction though.

91% of organizations hit by a cyberattack last year were running up-to-date protection

This reveals that, despite foreseeing issues, threat actors find unique and surprising ways to attack. The innovations that employees and organizations depend on, have increased the attack surface area.

IT security teams work separately from ITOps teams, and sometimes it might seem they have divergent objectives. Even though both teams want the best for the business, IT security teams look for the confidentiality, integrity, and availability of IT services and information. While ITOps teams focus on performance, efficiency, and availability of the same services. The availability of services, though a common objective, is approached differently. The security team wants to mitigate any attacks that can cause downtime, while the operations team wants to avoid any accidents that would cause downtime.

With the rise in IT-powered business competitive innovations, cybersecurity risks have increased in parallel. The need to bring in security controls during IT service operations is the approach and can improve an organization's security posture without comprising its agility.

What is SecOps?

SecOps in IT operations

SecOps, is the approach of having a security-first mindset and infusing security best practices into IT operations. Without a mutual understanding between the teams, inefficiencies, and downtime are bound to occur. For instance, ITOps could have launched a critical service, and the organization's security tool could just shut it down perceiving it to be vulnerable to cyberattacks.

SecOps ensures there are security controls in place when ITOps are busy keeping services up and running. Similarly, IT service delivery can benefit from inculcating security control with the service value chain. To name a few benefits, here are where weaving SecOps with IT service operations can help:

  • Communications between the InfoSec and ITOps teams becomes seamless, with complete information visibility attained during incident responses, and vulnerability patches.
  • A decrease in service downtime, since patches can be applied more frequently and securely.
  • Validation of access and privilege of critical resources in the network for both end users and IT service delivery teams.
  • Increase in service stability by promoting proactive incident management from the security teams.
  • Systematic infrastructural changes that help maintain the security posture of the organization.

Weave security
controls within
IT service operations

security controls

ITSM is the glue that holds together the work performed by the numerous sub teams in the IT department. So, it's natural to keep ITSM more secure by bridging security controls right within IT service practices. We'll review four main facets of information security management to see how integrating ITSM practices can benefit the organization as a whole. These four categories are not an exhaustive list of how SecOps can be implemented, but provide the initial push needed to quickstart the thought process of bringing security and service operations closer.

Plugging the gaps with quick and effective
patch management

Patching vulnerabilities across the business environment is a time-sensitive activity. The United States' Cybersecurity and Infrastructure Security Agency (CISA) advises organizations to patch vulnerabilities within 15 days. Prominent organizations can be targeted by malicious actors in a short window of time, once a patch for a vulnerability has been publicized. Now, that doesn't mean that patches can be deployed recklessly, potentially causing business downtime again. There are cases of system administrators finding issues after deploying the patches without testing, and being forced to rollback versions to restabilize the system.

There are several steps to perform before deploying patches. These include, but are not limited to, testing the patch for any issues, gaining approvals, choosing the distribution groups, choosing the deployment period, prioritization of the patches, and informing the stakeholders including the end users on the acceptance of the patches. So a methodical approach to deploying patches helps keep unforeseen security attacks and downtimes at bay. Patch management interacts with several ITSM practices to ensure the success of these deployments.

Interactions with ITSM practices

With incident management, IT admins can track, and manage the issues arising out of these patches on unique endpoints, or to a trove of assets. With the incident management approach, as the issue gets resolved, the resolution or work-around gets added to the knowledge base as a part of the process. An incrementally built knowledge base from incident resolutions further reinforces the patch management process with archival insights.

To maximize success with patch management, the patches are deployed through systematic process with change and release management. The change enablement practice, along with release management alerts the relevant stakeholders, mandates the plan for action, as well as sets approval gates, and rollback plans. In other words, change enablement and release management, together govern the what, when, and how of the patching process.

CMDB keeps tabs on the latest patch deployed on the configuration items (CIs). CMDBs also offers IT admins the infrastructure baseline configuration information that helps determine the necessity for the patches. IT asset management helps IT admins monitor the health of the assets post the deployment processes.

Patch management

Equip your ITSM platform

Ensure the following requisites in your ITSM platform to build a strong bridge between your IT service operations and the security practices to strengthen your patch management activities

  • The ITSM platform should have an integration within its incident management module that allows scanning the endpoints, and deployment of patches when necessary during incident diagnosis and resolution stage. This integration benefits IT teams in two ways: first, the productivity of the technician increases when the appropriate patches can be directly accessed within the ticket workspace. Second, patches can sometimes fail in specific workstations or server environments, despite the prior testing stage. The integration can allow an opportunity to check the status of the patch deployment in specific endpoints, and to validate if the patch if necessary.
  • Change management and release management modules should be able to create dedicated workflows for each class of patches, with specific planning, implementation, testing, deployment, and review stages. Once approved, IT admins should be able to deploy the patches to the network as a whole from a single console.
  • With built-in IT asset management, ITSM tools should house all the in-depth information of all assets present in the network. The integration with a patch management system should be keeping the asset inventory up-to-date on the latest deployments to each service component.
  • ITSM tools require a CMDB to assist with patch deployment planning and implementation. CIs should be able to update themselves from the patch management systems, and provide the necessary details during a change implementation. Apart from identifying the current infrastructure state of patch compliance, the CMDB relationship maps help assess the level of impact, and radius of deployment needed during a change process.

Case in point

A supermarket chain, Zylker, had its point of sale (POS) systems unable to access the internet for nearly 12 long hours in locations across the country. Zylker's POS machines were not updated frequently because the IT admin team felt the POS system was highly stable and it felt regular reboots and the related downtimes were unnecessarily disruptive to business operations. However, the recently appointed chief security officer (CSO) did not feel comfortable with the high level of security risk this posed for the organization. She mandated all POS machines, and service components to be compliant with the latest patches.

To comply with this request, the IT admin in charge began with the firewall firmware upgrade. With several rounds of patches to deploy, the firewall upgrade seemed like a standard patch deployment process, and the IT admin proceeded to deploy it to all the systems. Unbeknownst to the IT admin, the patch reconfigured the content filtering engine in the operating system. This led to all internet access being blocked in every POS system. Resulting in a longer downtime for the cash counters in the supermarket.

Even after trying to roll back the upgrade, and attempting to patch the systems again after configuration changes, a few of the systems were shut down and couldn't be rolled back to the original version, leading to a failed rollback. This further increased the time to return to a fully operational status.

Lessons learned
  • Initiate a change process no matter the severity of the patch: With a change process now, Zylker documents its deployment plans. This enables the IT team to verify whether the patch would work fine with comprehensive information on each asset, through the built-in IT asset management. These details are added to the change request to keep all stakeholders informed.
  • Refer to the CMDB map to determine the scale of impact: Despite the low probability of firewall upgrades going wrong, Zylker cross-referenced the infrastructure map to ensure that if things go south, they have a reliable backup plan. The CMDB relationship map is associated with change request as well, to ensure stakeholders make decisions with the holistic view of the infrastructure in mind..
  • Test, review, repeat: Zylker's has an integrated change and release process, which includes a dedicated user-acceptance testing, and reviewing stage. This ensures the organization is prepared to deploy to a subset of shops, check the results, reconfigure, and then move forward to another subset of shops. While this might seem to take more time than the previous "launch and forget" approach, it provides a fool-proof way to deploy patches, and document the entire process.
  • Manage incidents from stray systems: A few of Zylker's stores previously had to shut down their systems during the rollback and repatch process. With an integration of its ITSM tool and its patch management tool, Zylker's IT was able to pinpoint these IT assets, create tickets for them, and deploy the latest firmware manually. This process is much more efficient for Zylker.

Securing the keys to robust service with access management

Service access management

Access management restricts sensitive data only to the users that need it. Ideally, access management best practices ensure that access to any critical information is given just in time for the requestor, and revoked once the need for it subsides. In this article, we will look at how to access management's two major facets, privilege management and key management, interact with
ITSM practices.

Privilege management is the practice of maintaining who or what has access to a user, a system, or a protected resource. To put it simply, a sales representative needn't have access to configure the server, or the firewall. While the senior IT admin needn't have access to customer account records.

Secure Shell (SSH) and Secure Sockets Layer (SSL) management is a key responsibility for IT admins. Any case of poor management can lead to unsecured access to systems, misuse of privileges, and potential service downtime. For instance, large enterprises on average hold about one million SSH keys. If mismanaged, it could easily lead to key sprawl over time, with poor visibility of the extent of access each key provides. So when an external attacker gains access to an orphaned key, they can move within the network, elevate privileges and access critical data from core systems.

On the other hand, SSL certificates ensures all web traffic between the enterprise's servers and the users' browsers get encrypted. Without the timely renewals of the certificate, it can even lead to brand reputation damage when the website goes down in front of all netizens.

Interactions with ITSM practices

These are few of the scenarios where access management interacts with ITSM practices:

Incident management interacts with access management, such as a response to any unexpected certificate expiry or anomalous user behavior. Incident response process gets triggered for suspicious user behavior across the network. When a user's privilege score (a base score derived from the user role and historical behavior) drops due to accessing resources that are generally not accessed, an incident is raised, and the team begins analyzing the issue. Further, SSH key management interacts with incident response teams by securely connecting technicians with servers or workstations remotely.

Change management and access management are intertwined in their operations. During an implementation of a change, privilege management systems validate whether the change owner, manager and the implementation team have the authorizations to make changes in the respective CIs. Also, when any policies changes are made regarding user access and privileges, they are implemented via a change management process.

Request fulfillment is part of the access management best practice, where SSH keys and passwords need to be rotated in a regular schedule. Also, identity certificates need to be renewed before expiry. These are taken up as requests by the IT service desk team, and fulfilled as part of the security maintenance and upkeep. Apart from these, depending on the organization structures, end users sometimes request access to critical resources through the request fulfillment practice. , Privilege access requests are
fulfilled as well.

CMDB interactions are primarily around maintaining the records of the access privileges, keys, and identity certificates that each CI holds. Access management systems interacts with the CMDB to update them on a schedule.

Access management

Equip your ITSM platform

Ensure the following requisites in your ITSM platform to strengthen your access management activities:

  • The ITSM platform should integrate a privilege access management (PAM) solution to ensure key rotation, vulnerable certificates detection, and certificate renewals are part of automated workflows in request fulfillment practices.
  • During incident diagnosis, PAM solutions should allow ITSM platforms to initiate secure remote sessions to workstations by automatically fetching the SSH keys from the PAM database. These remote diagnosis sessions need to be recorded and added to the PAM system for security audits later.
  • As part of Incident diagnosis, IT technicians should be given the least necessary privilege when accessing an application in the remote session. This application-level sandboxing should be possible with an integration between the ITSM and PAM systems.
  • ITSM platforms should have built-in CMDB which houses the latest certificates associated the relevant CIs, fetched from the PAM system.
  • The change management process can also be validated by an integration with the PAM system. Access to CIs for any changes would be granted only with an associated change that has been approved by the stakeholders.

Case in point

Zylker Health, a health care facility, faced a data breach of millions of records of electronic patient health information (ePHI). The breach occurred to a outdated SSL protocol, which served as the initial attack vector. Zylker's IT maintains a schedule to renew its SSL certificates, and manually updates protocol whenever necessary. However, due to the manual updates, they were exposed to human errors. Subsequently, one of the network devices was still using a SSL protocol version that was vulnerable to the "heartbleed" vulnerability. This went unnoticed and unpatched during their manual patching process.

Using the vulnerability, the attackers were able to glimpse over the credentials from memory, and used them to login to the network. With access to the network, they were able to exfiltrate patient records.

Lessons learned
  • Maintain a certificate dashboard: Be on the lookout in your environment for any vulnerable or expired certificate that could pose a security risk. The best key management solutions offer a real-time dashboard of certificate authorities, vulnerabilities, expiries, and key summaries.
  • Automate vulnerability scans of keys and certificates: Despite a low cadence of protocol updates, investing in an automated key and certificate environment scan can expose unforeseen devices posing as the weakest link in the chain.
  • Set up a workflow to automate certificate renewal: Integrate the ITSM platform with your key management solution to automatically create incident tickets on any certificate expiry, or any exposed vulnerability. Treating such vulnerabilities as information security incidents with the same level of response ensures a better security posture.

Second Case in point:

Threat actors can arise externally or even from internal disgruntled employees. Such was the case with a small town's water management corporation. On one afternoon, the quality monitoring team (QMT) began to notice rising level of metallic minerals in the drinking water reservoir. Despite the multiple levels of filtration, the water quality was reaching lethal levels of contamination. To exacerbate the issue, the reservoir was open and was supplying the water to the town. An emergency alarm was triggered by the QMT and the reservoir was shut down. It took the decontamination team two days to get the whole system up and running again. After investigation, it was revealed that a recently offboarded employee still had access to the filtration system, and had changed the threshold limits in the systems without raising any alarms.

Lessons learned
  • Automate privilege revocation: When the employee offboarding is automated on ITSM platform integrated with the PAM system, the water management corporation can be assured that employees are revoked of all access. With employee offboarding often raised as a ticket to the IT service desk, this automation eliminates the human errors that can result if security lapses.
  • Set incident triggers on suspicious behavior: PAM system can analyze and set a baseline score on user behavior. When a user accesses resources at odd times, and critical systems that they might not need to, the trust score reduces for the user. Once the threshold is hit, an incident is automatically triggered in the ITSM platform alerting the incident
    response team.

Preemptive incident control with information security management

Incident control with ISM

The primary goal of Information security management is to protect the data needed by the business for all of its operations. The security management process typically involves regular testing of mechanisms, event filtering and correlation rules, information security policies, security advisory database, security alert and response management, and reporting for each of these aspects. All the output from these various activities can be categorized under three objectives.

  • Prevention: To ensure security incidents do not occur. Security policy drafts, user awareness programs, and scheduled tests, are a few of the activities that help prevent security issues.
  • Detection: To immediately detect the incidents that have breached the secure perimeter. Activities such as event correlation, and alert management ensure fast identification and notification which is vital for a swift response.
  • Correction: To recover from incidents with minimal impact, once detected. Some of these activities include, incident response management, security review and audit reports, and managing a security advisory database.

At the cross-roads of IT security and IT service operations, the majority of interactions will aim to speed up detection, and assist in quick correction.

In the current decade of cybersecurity, security information and event management (SIEM) tools are generally used to detect threats. SIEM tools works with the abundance of data, including the wide range of sources across the enterprise's entire network, to log every event that happens in the network. The machine learning algorithm, then runs through the data for any suspicious pattern of events that wavers from the norm, and alerts the authorities if it finds any.

Current-gen SIEM tools are equipped with user and entity behavior analytics (UEBA), to quickly detect and mitigate plausible threats to the business. While the detection and location of any significant event over the IT infrastructure is alerted to the IT team, the efficient way to react to these alerts are through ITSM practices. By building a close-knit interaction between the security identification process and the response process, organizations can become more resilient to future incidents.

Interactions with ITSM practices

Incident management and Problem management both interact closely with information security management. For instance, when an behavior anomaly is detected in the network, the incident response team (IRT) is immediately alerted. The IRT begins the triaging, diagnosis and resolution in a systematic manner, based on incident management best practices. Response to incidents needs to be a repeatable, measurable, and instructable process, otherwise chaos and confusion could impact which team to alert, the roles of each stakeholder, and sometimes which approach to take in resolving the incident.

Problem management eliminates the root-cause of an incident. Frequent occurrences of small issues, and any resource draining incidents, is addressed by the problem management team to break down the issue, find the root cause, and apply the solution. Problem management is a crucial supplement for the security posture of the organization. Log management tools with UEBA, can identify the recurring patterns of alerts, in the enterprise's IT landscape, and notify the problem team.

Change enablement interacts both directly and indirectly with information security management. Large enterprises have many changes being pushed to the infrastructure daily, and a poorly configured change can easily slip by to the infrastructure. These poorly configured changes can expose the system to unpatched vulnerabilities or security lapses. SIEM tools alert security teams on configurations changes to CIs that are unapproved, or might increase risk to the security posture of the organization. Indirectly, change management can be the result of problem resolution or an incident diagnosis warranting a change in the infrastructure. As such, when change processes are followed for every change being pushed out, it helps to maintain the established security plans and policies of the organization.

IT asset management and CMDB interactions with information security practice are quite similar. SIEM tools detect the configuration of the CIs, and determine its current state in its lifecycle, thereby keeping the inventory and CMDB up to date. Some organizations even use SIEM tools to verify CIs if the change has been implemented successfully as well.

Information security management

Equip your ITSM platform

Ensure the following requisites in your ITSM platform to strengthen your information security management practice:

  • The ITSM platform requires an integration with an SIEM tool, that enables automated ticket creation to manage incidents. The SIEM tool with UEBA, should alert the incident response team when any anomalous pattern is detected.
  • The ITSM platform should also have an integrated problem management module that can drill down to find the root cause of any aberrant behavior from the IT environment.
  • As a subsequent step from managing problems, ITSM platforms need a change management module, where a request for change can be raised to make a scheduled configuration change such as a firmware upgrade, or clear the database on servers, etc. based on signals received from the monitoring system. The change module should be able to block a designated CI within a specified time frame, so unauthorized changes are not allowed. Further, the change module of the platform should have workflow with built-in approvals, to ensure necessary security clearances are passed before implementing the change.

Case in point

The CEO of Zylker Logistics, one of the world's leading shipping companies, receives a call from the enforcement agency that its customer data has been leaked. The CEO panics, and checks with their IT manager immediately, to be met with poker faces from the team. The CEO was informed that the leaked customer data has information as old as 14 months, indicating that Zylker Logistics had been breached 14 months ago, and wasn't aware of it.

To trace and analyze how the threat actor breached the perimeter, the IT team filter, and sift through millions of rows of data from the log management tool to stitch together the log trail that led to the breach. After a long time, they figure out that Zylker was compromised through a malicious attachment in an email. The attachment had installed remote access software on a compromised laptop. The installation then reached out to the threat actor, who runs a shell session in the compromised endpoint, and is enabled to scan all the network devices, operating systems, and open ports.

Unfortunately Zylker hadn't patched a vulnerability on a server, which the threat actor uses to gain device access. The server access makes it easy for the threat actor to pull the domain admin's password hash from the memory. Using the hash, and subsequent access to the domain controller, the threat actor makes a copy of the password hashes. With the help of password recovery applications and a brute-force approach, the threat actor cracks the password and creates a personal account. This personal account has been granted nearly all access, except for the administrator level, which ensures the threat actor doesn't raise any alarms. Over several weeks, the threat actor siphons customer data over port 80/443 to an external server, and all of these activities are undetected.

While they received several alerts over the 14 months from separate monitoring tools, they did not correlate alerts together to infer upon the attack. Further, without any alerts being sent to the incident management team, there weren't any diagnosis or investigation for any of the unique alerts.

Lessons learned
  • Configure anomaly detection using UEBA based solutions: Having just a log management tool, Zylker could not correlate several alerts together to infer a security breach. For instance, they received a port scan notification from one of the switches, but it was easily shrugged off as a traffic spike. Zylker's IT team did not piece together the port scan notification with the antivirus alert when the threat actor accessed the compromised workstation. A UEBA solution can establish a baseline behavior of users and machines, and flag abnormal behavior within an organization.
  • Record alerts as tickets in the ITSM platform: For faster response to information security incidents, integrate the SIEM tools to the ITSM platform. SIEM's high-priority alerts would be raised as major incident tickets, which will immediately alert the security teams to be on their toes. With UEBA or basic correlation rules, the SIEM tool continually raises high-risk alerts to the IT service desk, as the attack progresses overtime. Post the alert, when a port scan and antivirus alert from the same IP address is reported, subsequent high-risk alerts are sent when hashed credentials are accessed, and an account is created by an unusual entity. Attacks are rarely undetected or unreported when a SIEM and ITSM tool are both utilized by an organization. A faster response results and mitigation actions can be taken quicker.
  • Initiate root cause analysis to eliminate future lapses: It can take the Zylker's IT team many hours to scrutinize the logs and determine a root cause.. Once the security incident is resolved, a problem management ticket has to be raised. The problem management team needs to have usable insights generated from the ticket to drill down to the issue fast. SIEM tools, or log management tools, that can segment and filter out data, come to the rescue by assisting the IT team with analysis. UEBA-based solutions accelerate the root cause analysis, and provide its correlation data to guide the problem management team to a solution very efficiently..

Staying primed for audit and compliance

IT compliance and audit

Security audits put an enterprise's security policies and plans to the test. An audit also checks whether the business' information system is adhering to the information security best practices. These could be for frameworks such as ISO 27001. For validating that the organizations security standards are compliant, IT teams conduct a self-assessment, which is nearly informal and helps to identify security gaps in the perimeter. Subsequently, organizations use their internal IT auditors to verify the self-assessments, and then bring an external agency with independent auditors to test their actual security posture.

ITSM practices that are implemented properly help an audit as well. For various assessments and audits, auditors require the history of actions, such as during an incident response, or during an configuration change in a CI. The audits trail checks verify actions and workflows, conforming to the security standards. Together, the records of incidents, problems, changes, CI configuration history, requests fulfilled, and other evidence of services delivered, assist organizations in proving their compliance during security audits.

Let's review one of the popular information security standards, ISO 27001, and see how ITSM practices, help check the boxes needed to comply with the standards.

Interactions with ITSM practices

Incident management: The clauses in annex A.16 enumerates the requirements for security incident management to be compliant with ISO 27001. The clauses that directly require you to evaluate your incident management practices involve organizational roles and responsibilities, the assessment process of information security events, the response process, and information security incidents.. Further, ISO 27001 requires compliance with the appropriate incident reporting channels including monitoring and fault logs, and maintaining a record of evidence about the incident.

A well-implemented incident management practice covers the above mentioned clauses, for your organization. For instance, together, the incident logging, incident prioritization, and resolution helps your organization stay compliant with the clauses related to the assessment process of information security events and the response process. The chart below illustrates the incident management sub-processes that helps a team align with ISO 27001 clauses under annex A.16.

Change enablement: ISO 27001 also has requirements for change management under Annex A. Since ISO 27001 requires continuous maintenance of information security systems, there will be changes that have to be implemented. Fortunately, the change enablement ITSM practice already has a defined process on managing changes. A few of the ISO 27001 clauses for change control are about recording a change, planning and testing the modification, impact assessments, communication to all stakeholders, and a recovery plan if the change isn't successful. A change process built on ITSM best practices, checks all of these boxes and helps the organization comply with these standards. The illustration below showcases the relevant change sub-processes that help check the ISO 27001 requirements.

IT asset management and CMDB: With both hardware and software asset management playing a huge part in information security, it is obvious that ISO 27001 standards have requirements to ensure compliance. The requirements essentially require a complete and thorough view of the assets that are managed. The term "assets" includes every resource (hardware, software, employees, and intellectual property) that is used to build, monitor, deliver, and manage a service. Therefore, a CMDB with continuously updated CI details is also required.

The ISO 27001 standards state that all assets should be identified, classified, assessed their importance to the infrastructure, as well as convey who controls them, the asset owner details, and their financial or non financial value. The IT asset management practice, when implemented accordingly, helps IT organizations achieve the same requirements. The IT asset inventory stores all the details of the asset, and the CMDB defines the importance of each asset, based on its thorough relationship maps with the enterprise infrastructure.

Audit and compliance flowchart

Equip your ITSM platform:

Ensure the following requisites in your ITSM platform to strengthen your security audits:

  • The ITSM platform should have multiple ways to log in incidents. Besides manual submissions, automations through integrations should be available, such as monitoring, diagnostic, and firewall tools.
  • The platform should have dedicated sections to document the incident diagnosis, and resolution.
  • If communications are built-in to the platform, the incident communication to stakeholders can be faster, and seamless.
  • The platform should be able to generate reports on historic incident trends for easier fault analysis, and also gather feedback on the entire stakeholder experience.
  • Make sure the platform has the ability to create separate workflows for general changes, and emergency changes.
  • The change module should be able to schedule them on a common calendar, to make sure conflicts can be detected. Also, built-in communication channels, such as announcements, can make work easier for change managers.
  • The ability to manage change advisory boards and their approvals from within the workflow.
  • The ITSM platform should have integrated asset management that enables cradle-to-grave asset management.
Zephan

Author's bio

Zephan is the product marketing analyst for ManageEngine's ESM suite of products. He loves to create resources that educates IT service desk folks on the best practices for making the most of ITSM. He also helps ServiceDesk Plus customers reach their IT goals by conducting engaging live sessions on using the platform to its full potential. When he is not focusing on ITSM, you can find him fervently discussing MotoGP.