The ITSM Practice: Elevating ITSM and IT Security Knowledge

Luigi Ferri

Join Luigi Ferri, an experienced ITSM & IT Security Professional, in 'The ITSM Practice.' Explore IT Service Management and IT Security, uncovering innovations and best practices with insights from leading organizations like Volkswagen Financial Services, Vodafone, and more. Each episode offers practical guides and expert discussions for learning and growth. Ideal for all ITSM and IT Security Professionals! Stay Connected: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Youtube: https://www.youtube.com/@theitsmpractice Website: http://www.theitsmpractice.com

  1. 2d ago

    PSD3: Who Owns Trust?

    PSD3 is more than a compliance requirement, it's a test of organisational maturity, security leadership, accountability, and decision-making. Discover how Enterprise Service Management, IT Service Management, and cybersecurity principles help organisations balance security, customer trust, and clear ownership to build resilience beyond regulatory compliance. In this episode, we answer: How does PSD3 reveal an organisation's maturity and decision-making under pressure? When should security lead, and when should it step back to enable business ownership? Who is truly accountable for trust, fraud prevention, and customer protection under PSD3? Resources Mentioned in this Episode: Stripe website, article "What platforms and marketplaces can expect from PSD3", link https://stripe.com/guides/what-platforms-and-marketplaces-can-expect-from-psd3 Deloitte Luxembourg website, article "Shedding light on PSD3/PSR", link https://www.deloitte.com/lu/en/Industries/banking-capital-markets/perspectives/shedding-light-on-psd3-psr.html European Payments Council website, article "What do the PSD3 and PSR mean for the payments sector?", link https://www.europeanpaymentscouncil.eu/news-insights/insight/what-do-psd3-and-psr-mean-payments-sector Advapay website, article "PSD2 vs PSD3/PSR: what’s new in the upcoming EU’s Payment Services Directive and Regulations", link https://advapay.eu/psd2-vs-psd3-whats-new-in-the-upcoming-eus-3rd-payment-services-directive/ PWC Ireland website, article "PSD3: Shaping the future of secure, innovative payments", link https://www.pwc.ie/industries/banking/insights/payment-services-directive-3.html Connect with me on: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Website: http://www.theitsmpractice.com And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security. Credits: Sound engineering by Alan Southgate - http://alsouthgate.co.uk/ Graphics by Yulia Kolodyazhnaya

  2. Jul 7

    The Hidden Cost of Untrusted Data

    Why do organizations struggle to trust their operational data despite having plenty of it? In this episode of The ITSM Practice Podcast, Luigi Ferri explains the critical difference between data quality and data integrity, and why CIOs must build operational trust before launching digital transformation initiatives. Learn practical ITSM strategies to improve data governance, CMDB accuracy, operational accountability, and Enterprise Service Management. In this episode, we answer to: What is the difference between data quality and data integrity, and why does it matter for CIOs? Why do multiple departments report different numbers for the same operational metric? How can organizations build trusted operational data before starting digital transformation? Resources Mentioned in this Episode: Precisely website, article "Data Integrity vs. Data Quality: How Are They Different?", link https://www.precisely.com/blog/data-integrity/data-integrity-vs-data-quality-different Atlan website, article "Data Quality vs Data Governance: How Are They Different in 2026?", link https://atlan.com/data-quality-vs-data-governance/ Salesforce website, article "Salesforce Signs Definitive Agreement to Acquire Informatica", link https://www.salesforce.com/news/press-releases/2025/05/27/salesforce-signs-definitive-agreement-to-acquire-informatica/ Qlik Support Portal, article "Validating data", link https://help.qlik.com/talend/en-US/studio-user-guide/8.0-R2024-12/validating-data Informatica website, white paper "Informatice Data Quality and Observability", link https://www.informatica.com/content/dam/informatica-com/en/collateral/data-sheet/cloud-data-quality_data-sheet_3688en.pdf Connect with me on: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Website: http://www.theitsmpractice.com And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security. Credits: Sound engineering by Alan Southgate - http://alsouthgate.co.uk/ Graphics by Yulia Kolodyazhnaya

  3. Jun 30

    ITIL 5 Foundation: Exam Success

    Preparing for the ITIL 5 Foundation exam? Discover why successful candidates focus on understanding the ITIL Value System, Value Chain, Governance, AI Capability, Four Dimensions, and Service Lifecycles as one connected system instead of isolated chapters. Learn smarter study strategies to improve your exam performance and master ITIL 5 concepts. In this episode, we answer to: Why is the ITIL Value System the foundation for understanding the entire ITIL 5 framework? How does AI Capability depend on governance, knowledge management, and operating models? How can you study the ITIL 5 Foundation exam more effectively by focusing on system thinking instead of memorizing chapters? Resources Mentioned in this Episode: Mind Mesh Academy website, article "ITIL® Foundation (Version 5) Study Guide", link https://www.mindmeshacademy.com/certifications/itil/itil-5-foundation/study-guide PeopleCert website, article "ITIL Foundation (Version 5)", link https://www.peoplecert.org/browse-certifications/it-governance-and-service-management/ITIL-1/itil-5-foundation-version-50-4154 InProgress website, document name "Training Program - ITIL Foundation (Version 5)", link https://inprogressplus.com/wp-content/uploads/2026/05/Training-programme_ITIL5F_ENG_v2.0.pdf PeopleCert website, ITIL 5 Mock exams, link https://www.peoplecert.org/browse-mock-exams/it-governance-and-service-management/ITIL-1 1 World Training Official Channel YouTube Channel, video "Sample Paper | ITIL® Foundation Bridge (version 5)", link https://www.youtube.com/watch?v=-21MZIbPUDI Value Insights website, article "Are you ready to pass the ITIL® (Version 5) Foundation exam?", link https://www.valueinsights.ch/itil5-foundation-exam-quiz/ Connect with me on: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Website: http://www.theitsmpractice.com And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security. Credits: Sound engineering by Alan Southgate - http://alsouthgate.co.uk/ Graphics by Yulia Kolodyazhnaya

  4. Jun 23

    PSD3: Governance Before Technology

    In this episode, Luigi Ferri explores why organisations often take the wrong first step when preparing for PSD3 compliance. Rather than rushing into new tools, fraud platforms, or transformation programmes, PSD3 readiness begins with observation. Learn how incident response, governance, decision authority, and organisational behaviour under uncertainty reveal the real gaps that PSD3 exposes. Discover why governance maturity and clear accountability are critical for building a resilient PSD3 strategy. In this episode, we answer to: Why is the first step towards PSD3 compliance so often the wrong one? How can incident response reveal governance gaps and decision-making weaknesses? What should organisations stabilise before launching PSD3 programmes, fraud initiatives, or policy transformations? Resources Mentioned in this Episode: Deloitte website, article "Shedding light on PSD3/PSR", link https://www.deloitte.com/lu/en/Industries/banking-capital-markets/perspectives/shedding-light-on-psd3-psr.html Schoenherr website, article "The EU's new Payments Services Package", link https://www.schoenherr.eu/content/the-eu-s-new-payments-services-package European Payments Council website, article "What do the PSD3 and PSR mean for the payments sector?", link https://www.europeanpaymentscouncil.eu/news-insights/insight/what-do-psd3-and-psr-mean-payments-sector MK Fintech Partners website, article "PSD3 is Here! How is it Different From Previous Directives?", link https://mkfintechpartners.com/2023/07/11/difference-psd1-psd2-and-psd3/ Finexer website, article "PSD3: All you need to know in 2025", link https://blog.finexer.com/psd3-all-you-need-to-know-in-2025/ Connect with me on: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Website: http://www.theitsmpractice.com And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security. Credits: Sound engineering by Alan Southgate - http://alsouthgate.co.uk/ Graphics by Yulia Kolodyazhnaya

  5. Jun 16

    AI Security Strategy: Why Midmarket Organizations Get It Wrong

    Why do most AI security strategies fail in the midmarket? In this episode of The ITSM Practice Podcast, we explore why successful AI security is not about buying more AI tools but about building the right foundation first. Learn how identity management, telemetry quality, governance, and operational maturity determine AI security success. We discuss AI readiness, MSSP evolution, cybersecurity automation, SOC transformation, and practical AI security roadmaps for midmarket organizations. Discover why AI augments security teams rather than replacing them and how organizations can achieve sustainable cyber resilience through proper sequencing. In this Episode, we answer: Why do most AI security initiatives fail in midmarket organizations despite significant investments in AI-powered cybersecurity tools? How do identity management, telemetry quality, and governance impact AI security readiness and operational resilience? What should MSPs and MSSPs prioritize over the next 2–3 years to build effective AI security strategies and support midmarket clients? Resources Mentioned in this Episode: SailPoint website, ebook "Identity as the foundation: The modern zero trust blueprint for 2026", link https://www.sailpoint.com/identity-library/identity-security-essential-to-zero-trust-strategy Xage Security website, article "Zero Trust: A Proven Solution for the New AI Security Challenge", link https://xage.com/blog/zero-trust-proven-solution-for-the-new-ai-security-challenge/ Checkpoint website, article "How AI Phishing Attacks Became A Threat in 2025", link https://www.checkpoint.com/cyber-hub/threat-prevention/what-is-phishing/ai-phishing-attacks/ EC-Council website, article "The Rising Threat of AI-Powered Phishing: What it is, How to Detect it, and How to Prevent it", link https://www.eccu.edu/blog/ai-powered-phishing-detection-prevention/ Your Alaska Link TV YouTube Channel, video "Hackers use AI to boost cyber scams and attacks", link https://www.youtube.com/watch?v=hRJqRFj0kRQ Microsoft Mechanics YouTube Channel, video "AI with Zero Trust Security", link https://www.youtube.com/watch?v=OnlN-2Q5QsE Connect with me on: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Website: http://www.theitsmpractice.com And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security. Credits: Sound engineering by Alan Southgate - http://alsouthgate.co.uk/ Graphics by Yulia Kolodyazhnaya

  6. Jun 9

    What DoDAF Can Teach Leaders About Architecture and Complexity

    Are modern enterprises losing control of their architecture? In this episode, Luigi Ferri explores why cloud adoption, outsourcing, SaaS expansion, and fragmented governance are creating hidden dependencies and increasing operational risk. Discover how the Department of Defense Architecture Framework (DoDAF) offers valuable lessons for improving architectural visibility, governance, resilience, and enterprise-wide coordination in today's complex digital ecosystems. In this episode, we answer to: Why are modern enterprises losing architectural ownership and visibility across complex digital ecosystems? How can the Department of Defense Architecture Framework (DoDAF) help organizations manage complexity, interoperability, and governance? Why do modern outages and operational failures increasingly result from undocumented dependencies and architectural blind spots rather than individual system failures? Resources Mentioned in this Episode: US DoDAF Official Documentation, Department of Defense Architecture Framework (DoDAF) Version 2.02, link https://dodcio.defense.gov/Library/DoD-Architecture-Framework/ TOGAF® Enterprise Architecture Framework, TOGAF® Standard, link https://www.opengroup.org/togaf NIST Cybersecurity Framework (CSF) 2.0, link https://www.nist.gov/cyberframework Connect with me on: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Website: http://www.theitsmpractice.com And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security. Credits: Sound engineering by Alan Southgate - http://alsouthgate.co.uk/ Graphics by Yulia Kolodyazhnaya

  7. Jun 2

    Identity Is the New Perimeter

    AI is changing cybersecurity faster than most organizations can govern it. In this episode of The ITSM Practice Podcast, Luigi Ferri explores why identity has become the true enterprise perimeter. As organizations race to deploy Agentic AI, autonomous agents, cloud platforms, and APIs, many are building on identity governance models that were never designed for machine-scale decision-making. From Zero Trust Architecture and Identity & Access Management (IAM) to the lessons behind major breaches at MGM, Snowflake, and Uber, this episode examines a critical question: If enterprises struggled to govern human identities, how will they govern autonomous AI identities? Discover why AI governance without identity governance is impossible, why identity is evolving into the operational control plane of digital business, and what CIOs and CISOs must do before AI adoption outpaces organizational control. In this episode, we answer: Why is identity becoming the new perimeter in the age of AI? What risks emerge when autonomous agents operate without strong identity governance? How can organizations redesign trust before AI scales faster than governance? Resources Mentioned in this Episode: NIST website, Zero Trust Architecture (SP 800-207), link https://csrc.nist.gov/pubs/sp/800/207/final? NIST website, AI Risk Management Framework, link https://www.nist.gov/itl/ai-risk-management-framework European Commission website, EU AI Act, link https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai Dark Reading website, article "Okta Agent Involved in MGM Resorts Breach, Attackers Claim", link https://www.darkreading.com/application-security/okta-flaw-involved-mgm-resorts-breach-attackers-claim Cyberark website, article "The MGM Resorts Attack: Initial Analysis", link https://www.cyberark.com/resources/blog/the-mgm-resorts-attack-initial-analysis Blackfog website, article "Showflake Data Breach Explained", link https://www.blackfog.com/snowflake-data-breach-explained-key-lessons/ Cloud Security Alliance website, article "Unpacking the 2024 Snowflake Data Breach", link https://cloudsecurityalliance.org/blog/2025/05/07/unpacking-the-2024-snowflake-data-breach USA CISA website, article "Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester", link https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-320a? USA CISA website, advisory on MFA fatigue and modern identity attacks, link https://www.cisa.gov/news-events/alerts/2022/10/31/cisa-releases-guidance-phishing-resistant-and-numbers-matching-multifactor-authentication Connect with me on: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Website: http://www.theitsmpractice.com And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security. Credits: Sound engineering by Alan Southgate - http://alsouthgate.co.uk/ Graphics by Yulia Kolodyazhnaya

  8. May 26

    FINMA and ITIL 4: Building Resilient Swiss Banks

    FINMA Circular 2023/1 is transforming operational resilience from a compliance exercise into a strategic leadership priority for Swiss banks. In this episode, Luigi Ferri explains why ITIL 4 is far more than ITSM, it is a powerful enterprise operating model that connects governance, cybersecurity, risk management, supplier coordination, and business continuity to build truly resilient financial institutions. In this episode, we answer to: Why is operational resilience becoming the new license to operate for banks? How does ITIL 4 support FINMA resilience and cybersecurity requirements? What organizational silos are preventing true enterprise resilience? Resources Mentioned in this Episode: Finma website, Circular 2023/1 Operational risks and resilience for banks, link https://www.finma.ch/en/~/media/finma/dokumente/dokumentencenter/myfinma/rundschreiben/finma-rs-2023-01-20221207.pdf Finma website, article "FINMA publishes Circular “Operational risks and resilience – banks”, link https://www.finma.ch/en/news/2022/12/20221213-mm-anh-rs-op-risks/ KPMG website, article "FINMA Circular 2023/1", link https://assets.kpmg.com/content/dam/kpmgsites/ch/pdf/finma-circular-2023.pdf.coredownload.inline.pdf InfoGuard website, article "FINMA Circular 2023/1 Checklist - Ready for a regulatory audit?", link https://www.infoguard.ch/hubfs/images/blog/24/InfoGuard-FINMA-Checkliste_EN.pdf Manage Engine website, article "The ITIL 4 Service Value System", link https://www.manageengine.com/products/service-desk/itsm/itil-4-service-value-system.html Connect with me on: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Website: http://www.theitsmpractice.com And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security. Credits: Sound engineering by Alan Southgate - http://alsouthgate.co.uk/ Graphics by Yulia Kolodyazhnaya

About

Join Luigi Ferri, an experienced ITSM & IT Security Professional, in 'The ITSM Practice.' Explore IT Service Management and IT Security, uncovering innovations and best practices with insights from leading organizations like Volkswagen Financial Services, Vodafone, and more. Each episode offers practical guides and expert discussions for learning and growth. Ideal for all ITSM and IT Security Professionals! Stay Connected: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Youtube: https://www.youtube.com/@theitsmpractice Website: http://www.theitsmpractice.com

You Might Also Like