The ITSM Practice: Elevating ITSM and IT Security Knowledge

Luigi Ferri
  • 5.0 (1)
  • TECHNOLOGY
  • UPDATED WEEKLY

Join Luigi Ferri, an experienced ITSM & IT Security Professional, in 'The ITSM Practice.' Explore IT Service Management and IT Security, uncovering innovations and best practices with insights from leading organizations like Volkswagen Financial Services, Vodafone, and more. Each episode offers practical guides and expert discussions for learning and growth. Ideal for all ITSM and IT Security Professionals! Stay Connected: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Youtube: https://www.youtube.com/@theitsmpractice Website: http://www.theitsmpractice.com

  1. 5D AGO

    CISO Strategy: Where Product Security Fails at Scale

    Most organisations manage only build and operate, ignoring growth, where security risk explodes. Luigi Ferri reveals how CISOs miss the most critical phase, where scaling, DevOps, and rapid decisions create hidden security debt. This episode challenges leaders to shift from reactive controls to full product lifecycle governance before risk turns into incidents. In this episode, we answer to: Why is product growth the most dangerous phase for cybersecurity risk? Are CISOs governing product lifecycle or just reacting to failures? How does DevOps accelerate delivery but weaken security accountability? Resources Mentioned in this Episode: Advisera website, article "ISO 27001 control 8.25 Secure development life cycle", link https://advisera.com/iso27001/control-8-25-secure-development-life-cycle/ Ikarus website, article "Security by Design", link https://www.ikarussecurity.com/en/security-news-en/security-by-design-cybersecurity-throughout-the-product-life-cycle/ Netguru website, article "SaaS Development Life Cycle: Key Stages & Best Practices", link https://www.netguru.com/blog/saas-development-life-cycle DevOps by Techstrong Group website, article "DevSecOps: Integrating Security Into the DevOps Lifecycle", link https://devops.com/devsecops-integrating-security-into-the-devops-lifecycle/ Connect with me on: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Website: http://www.theitsmpractice.com And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security. Credits: Sound engineering by Alan Southgate - http://alsouthgate.co.uk/ Graphics by Yulia Kolodyazhnaya

    8 min

  2. APR 21

    ITIL 5 Exposed: Accountability Without Authority

    ITIL 5 exposes a critical ITSM flaw: Service Owners held accountable without authority. Discover how broken governance, security vs delivery conflicts, and unclear decision rights undermine outcomes. Learn why real accountability starts before operations, and how to redesign Enterprise Service Management for true leadership. In this episode, we answer to: Why are Service Owners accountable but not empowered in ITIL 5? How does the security vs delivery tension reveal weak ITSM governance? Resources Mentioned in this Episode: PeopleCert website, article "Understanding the evolution of ITIL", link https://www.peoplecert.org/news-and-announcements/itil-version-5-explained Learning Tree International website, article "ITIL® (Version 5) Has Arrived", link https://www.learningtree.com/blog/itil-5-launch-what-you-need-to-know/ Agile PM Hub website, article "ITIL® 5 Is Here: What’s New and Why It Matters", link https://agilepmhub.com/blog/itil-version-5-whats-new-and-why-it-matters Connect with me on: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Website: http://www.theitsmpractice.com And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security. Credits: Sound engineering by Alan Southgate - http://alsouthgate.co.uk/ Graphics by Yulia Kolodyazhnaya

    8 min

  3. APR 14

    PSD3 Explained: Payments Security & Fraud

    PSD3 is reshaping payments security, moving beyond PSD2’s access model to address fraud, scams and trust abuse. This episode explains why strong authentication is no longer enough, how APIs become critical to trust, and what banks and fintechs must change to stay secure, compliant and resilient. In this episode, we answer to: What makes PSD3 fundamentally different from PSD2 in payments security? Is strong customer authentication enough to stop modern fraud? How do APIs influence trust, performance and security under PSD3? Resources Mentioned in this Episode: Stripe website, article "What platforms and marketplaces can expect from PSD3", link https://stripe.com/guides/what-platforms-and-marketplaces-can-expect-from-psd3 Trustbuilder website, article "From PSD2 to PSD3: What’s Changing in the Future of Payments in Europe", link https://www.trustbuilder.com/en/psd2-psd3-directive-future-payments-europe/ Deloitte website, article "Shedding light on PSD3/PSR", link https://www.deloitte.com/lu/en/Industries/banking-capital-markets/perspectives/shedding-light-on-psd3-psr.html Schoenherr website, article "The EU's new Payments Services Package", link https://www.schoenherr.eu/content/the-eu-s-new-payments-services-package European Payments Council, article "What do the PSD3 and PSR mean for the payments sector", link https://www.europeanpaymentscouncil.eu/news-insights/insight/what-do-psd3-and-psr-mean-payments-sector Connect with me on: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Website: http://www.theitsmpractice.com And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security. Credits: Sound engineering by Alan Southgate - http://alsouthgate.co.uk/ Graphics by Yulia Kolodyazhnaya

    9 min

  4. APR 7

    AI Governance Illusion: Hidden Risks & Accountability in ITSM

    AI governance maturity can be misleading. Many organizations rely on frameworks, policies, and dashboards that signal control but fail to reflect true understanding of AI systems. This episode explores the Governance–Understanding Gap, highlighting why unclear decision ownership and limited system insight create hidden risks in AI, ITSM, and Enterprise Service Management environments. In this episode, we answer to: What is the worst decision an AI system could realistically make in practice? Which AI system in the organization is least understood and hardest to explain? If an AI system makes a harmful decision, who is accountable for it? Resources Mentioned in this Episode: NIST website, framework "AI Risk Management Framework", link https://www.nist.gov/itl/ai-risk-management-framework European Commission website, policy "Artificial Intelligence", link https://digital-strategy.ec.europa.eu/en/policies/artificial-intelligence ISO Standards website, ISO/IEC 42001 standard, link https://www.iso.org/standard/81230.html MIT Sloan Management Review website, article "A framework for assessing AI risk", link https://mitsloan.mit.edu/ideas-made-to-matter/a-framework-assessing-ai-risk Stanford Human-Centered AI website, article " AI Index 2025", link https://aiindex.stanford.edu Connect with me on: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Website: http://www.theitsmpractice.com And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security. Credits: Sound engineering by Alan Southgate - http://alsouthgate.co.uk/ Graphics by Yulia Kolodyazhnaya

    10 min

  5. MAR 31

    DevSecOps: Responsibility Without Authority

    DevSecOps promises shared security responsibility, but what happens when accountability shifts without decision authority? In this episode of The ITSM Practice Podcast, Luigi Ferri explores governance gaps, risk ownership, Security Champions, burnout, and structural ambiguity in DevSecOps. A sharp reflection for CISOs, AppSec leaders, and ITSM professionals navigating security governance and enterprise risk management. In this episode, we answer to: Who is explicitly allowed to accept risk in a DevSecOps operating model? What happens when developers receive security accountability without authority? Are Security Champions strengthening governance, or masking leadership gaps? Resources Mentioned in this Episode: Blackduck website, article "DevSecOps: The good, the bad, and the ugly", link https://www.blackduck.com/blog/devsecops-challenges-benefits.html Jit website, article "6 DevSecOps Best Practices that Enable Developers to Deliver Secure Code", link https://www.jit.io/resources/devsecops/a-practical-guide-to-devsecops-making-it-work-for-developers Decipher Bureau website, article "DevSecOps Professionals: Avoiding ‘The Great Burnout’", link https://www.decipherbureau.com/news/articles/devsecops-professionals-avoiding-the-great-burnout/ Security Journey website, article "From Disruption to Integration: Rethinking Just-in-Time Security Training", link https://www.securityjourney.com/post/from-disruption-to-integration-rethinking-just-in-time-security-training Connect with me on: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Website: http://www.theitsmpractice.com And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security. Credits: Sound engineering by Alan Southgate - http://alsouthgate.co.uk/ Graphics by Yulia Kolodyazhnaya

    7 min

  6. MAR 24

    ISO 31000 vs MoR: Closing the Risk Management Gap

    Enterprise Risk Management (ERM) often looks mature—risk registers, ISO 31000 alignment, MoR processes—yet fails to influence real decisions. In fintech and regulated environments, risk governance must shape judgment, not just document compliance. This episode explores why ISO 31000 and MoR lose impact under pressure, and how to align risk appetite, decision-making, and operational execution before risk accumulates. In this episode, we answer to: How can ISO 31000 truly influence enterprise decision-making in fast-moving fintech environments? Why does Management of Risk (MoR) become procedural compliance instead of strategic risk governance? How can Enterprise Risk Management integrate risk appetite, governance, and operational execution without losing agility? Resources Mentioned in this Episode: Axelos website, white paper "Everything You Wanted to Know About MoR in Less Than 1,000 Words", link https://www.axelos.com/resource-hub/white-paper/everything-you-wanted-to-know-about-m-o-r-in-less-than-1000-words Goodelearning website, article "What is Management of Risk (M_o_R)?", link https://goodelearning.com/articles/what-is-management-of-risk/ Best Practice LMS website, article "M_o_R® - Introduction", link http://www.bestpracticelms.com/mLearn/SPM-App/MOR.html ISO official website, ISO 31000:2018 standard, link https://www.iso.org/standard/65694.html Pacific Certifications, article "ISO 31000: Risk Management Framework Explained for Modern Organizations", link https://blog.pacificcert.com/iso-31000-risk-management-framework-explained/ Connect with me on: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Website: http://www.theitsmpractice.com And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security. Credits: Sound engineering by Alan Southgate - http://alsouthgate.co.uk/ Graphics by Yulia Kolodyazhnaya

    8 min

  7. MAR 17

    ITIL 5: Stop Explaining Failures. Start Owning System Decisions

    In this episode of the ITSM Practice Podcast, Luigi Ferri explores how ITIL 5 shifts leadership from explaining incidents to owning systemic decisions. In complex service ecosystems, governance must move upstream—before automation, architecture, and risk scale. True IT Service Management leadership is no longer about post-incident justification, but about accountable decision design in Enterprise Service Management. In this episode, we answer to: How does ITIL 5 redefine accountability in modern IT Service Management? Why is governance shifting upstream in complex, automated service environments? Are Heads of Service accountable for decisions they did not design? Resources Mentioned in this Episode: ITIL Training Academy website, article "ITIL® (Version 5): Everything New in ITIL Latest Version", link https://www.itil.org.uk/blog/itil-version-5-a-complete-guide PeopleCert website, article "ITIL, The Language of Growth", link https://www.peoplecert.org/Frameworks-Professionals/ITIL-framework PMG Academy website, article "The Definitive Guide to ITIL® Version 5 Foundation", link https://www.pmgacademy.com/en/articles/itil/the-definitive-guide-to-itil-version-5-foundation/ ITIL official website, article "ITIL AI Governance White Paper", link https://www.itil.com/Itil-News-and-Announcements/ai-governance-white-paper INOC website, article "5 ITIL Incident Management Best Practices", link https://www.inoc.com/blog/itil-incident-management Connect with me on: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Website: http://www.theitsmpractice.com And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security. Credits: Sound engineering by Alan Southgate - http://alsouthgate.co.uk/ Graphics by Yulia Kolodyazhnaya

    7 min

  8. MAR 10

    ITIL 5, SCF and the Compliance Illusion

    In this episode of the ITSM Practice Podcast, Luigi Ferri challenges the illusion of security frameworks and compliance culture. Exploring the Secure Controls Framework (SCF), ISO, NIST and ITIL 5, he exposes governance immaturity, framework sprawl and risk misalignment. A sharp reflection on cybersecurity governance, enterprise risk management and why compliance without thinking weakens leadership. In this episode, we answer to: Is compliance replacing real risk-based security governance? Why do organizations accumulate ISO, NIST and SCF instead of clarifying risk ownership? How does ITIL 5 transform control frameworks into accountable governance? Resources Mentioned in this Episode: Compliance Forge website, article "The Secure Controls Framework (SCF) Is The Common Controls Framework (CCF)", link https://complianceforge.com/scf/what-is-the-scf/ Secure Controls Framework website, article "The SCF Makes Compliance A Natural Byproduct of Secure Practices", link https://securecontrolsframework.com/what-is-the-scf/ Secure Controls Framework on GitHub, article "The Secure Controls Framework (SCF) is a meta-framework (framework of frameworks) that maps to over 100 cybersecurity and privacy-related laws, regulations and industry frameworks", link https://github.com/securecontrolsframework/securecontrolsframework Secure Controls Framework website, article "Security, Compliance & Resilience (SCR) Principles", link https://securecontrolsframework.com/domains-principles/ Secure Controls Framework website, article "Secure, Compliant & Resilient Capability Maturity Model (SCR-CMM)", link https://securecontrolsframework.com/free/capability-maturity-model/ Connect with me on: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Website: http://www.theitsmpractice.com And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security. Credits: Sound engineering by Alan Southgate - http://alsouthgate.co.uk/ Graphics by Yulia Kolodyazhnaya

    9 min
See All (144)

About

Join Luigi Ferri, an experienced ITSM & IT Security Professional, in 'The ITSM Practice.' Explore IT Service Management and IT Security, uncovering innovations and best practices with insights from leading organizations like Volkswagen Financial Services, Vodafone, and more. Each episode offers practical guides and expert discussions for learning and growth. Ideal for all ITSM and IT Security Professionals! Stay Connected: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Youtube: https://www.youtube.com/@theitsmpractice Website: http://www.theitsmpractice.com

Information

You Might Also Like