Customers
Why Mitiga
Request a DemoEmergency Assistance
Home
»
Blog Main

In this episode of Mitiga Mic, Brian Contos sits down with Greg Fitzgerald, co-founder of Sevco Security, for a candid conversation on the real state of asset visibility, prioritization, and the evolving challenges facing security teams. With nearly three decades in the industry, Fitzgerald brings perspective on how cybersecurity has shifted from endpoint tools to orchestration-wide awareness. And why that shift is critical for cloud, SaaS, AI, and identity defense. Watch the episode or read the full transcript below.

Want more expert insights?

Subscribe to Mitiga on YouTube to explore past episodes and stay ahead of what’s next in cloud and SaaS security with Mitiga Mic.

Featuring: Greg Fitzgerald
Sevco Security Co-founder & CXO, Greg Fitzgerald

Brian Contos: Hey Fitz, welcome to Mitiga Mic.

Greg Fitzgerald: Hey, good to be here.

Brian Contos: So, for those of our viewers who don't know who you are—maybe they were under a rock because you've been in this industry since there was an industry—give us a little background on who you are, what you do, and what you're doing now.

Greg Fitzgerald: Yeah, well, Greg Fitzgerald is the name. I've been around here—part of the OG old guard of cybersecurity. I’ve been fortunate to see everything from the first software firewall, when John McAfee was still sane, to the early antivirus days, all the way through to now, where I’m running a company with a co-founder called Sevco Security. It's all about visibility.

The whole concept we’re solving, after 11 companies in a 27-year period, is that we keep selling all this technology, but most companies don’t even know what they’ve got. They don’t know what devices, what users, what applications, what vulnerabilities. We’ve been building tech to help companies with that for the past five years.

Brian Contos: I think that’s one of the most interesting things about asset intelligence. Some people just think it's laptops or virtual machines, but like you said, it's the users, the applications, and everything else. What are you seeing out there in terms of what people are looking to integrate into that view?

Greg Fitzgerald: Great question. If we take a step back—ten years ago, IT and cybersecurity were simpler. You were a Dell shop or HP or Lenovo. Everything was centralized. You knew the lifecycle, the apps, who had access. Microsoft made patching predictable. You had your arms around it.

Then five years ago, it all blew up. Everything connects to the network now. Anyone can download an app. Access rights have exploded. Third-party supply chains are connected. It’s untenable for humans to keep up.

Forward-thinking orgs are saying: I’ve got EDR, SIEM, IAM—but I know I’m missing things. I need more visibility. And they’re doing it without agents—just getting what they already have to work together.

So at Sevco, we focus on cybersecurity visibility—like ServiceNow does for IT. We integrate into EDRs, IAMs, MFA—so customers can see users, devices, cloud assets, apps—everything. And once they see it, they can act on it.

Brian Contos: Let’s double-click on prioritization. When you’re dealing with all these assets—cloud, virtual, apps, identities—how do you decide what to fix first?

Greg Fitzgerald: Most people use vulnerability scanners—Qualys, Tenable, Rapid7. They all have their own views, their own CVSS severity scores. But that’s one perspective.

We focus on context. Let’s say Chrome has a severe vuln. If you're running a big enterprise, that sounds like panic. But what if only 2% of your users even run Chrome—and most have already patched? Then you don’t need to drop everything. Sally the secretary uses Firefox—it’s not relevant to her. Still needs patching eventually, but it shifts urgency.

Brian Contos: That makes it more real. And you're not just helping IT or SecOps, you're helping the whole business focus where it matters.

You mentioned vuln scanners—but there’s also data from EDRs, patch managers, config tools. Can you bring that data in and use it too?

Greg Fitzgerald: Absolutely. Maturity has changed. It’s not just vuln scanners anymore. Tools like CrowdStrike, Active Directory, MFA, network monitors—they all see vulnerabilities now. But the data overlaps. You get duplicate tickets. Or sometimes you get unique things from just one tool.

Sevco is API-only—we bring all of it in, deduplicate it, normalize it, and parse it. Whether you're using our UI or exporting the raw data, you can work in your environment. We’re that middleware that enables full visibility and action.

Brian Contos: What kinds of upstream systems are you pushing this to? Jira? Ticketing systems?

Greg Fitzgerald: Definitely Jira and helpdesk systems. But also SIEMs. Splunk, for example. We enrich the data and push it back for threat mitigation.

Brian Contos: What about SOAR? Or whatever we’re calling automation this week—hyperautomation maybe?

Greg Fitzgerald: Yeah, same deal. We’re bidirectional with SIEMs and SOARs. That enriched data helps drive automation. Fix what needs fixing without waiting. Mature orgs are doing that.

But some still keep their heads in the sand. If I don’t see it, it’s not real. It’s like ignoring a rash and hoping it goes away.

Brian Contos: I’ve seen that rash analogy way too many times.

Greg Fitzgerald: Right? The good news is more orgs are maturing. You and I have a mission—educate and help folks get proactive, not reactive. If we can help them look ahead and automate where it counts, everyone wins.

Brian Contos: I like how this works across prevention, detection, and response. Take Splunk again. If you write a correlation rule and see malicious behavior from a vulnerable, unmanaged device—that rule should elevate the alert.

Greg Fitzgerald: Totally. That’s a huge timesaver. It helps SOC analysts prioritize what matters. It’s also helping with compliance—understanding every user, device, app, and vuln is core to NIST and MITRE ATT&CK models. And to avoid fines, insurance issues, or legal liability.

Brian Contos: And identity is a big part of that. You mentioned SalePoint. If someone’s accessing an app they technically have rights to—but they’re not governed by IAM—that’s a gap.

Greg Fitzgerald: Exactly. Sometimes it’s just human error—job changes, new employees, someone setting up access manually. We let you see that in real time—not batch processing—so you can spot and fix it. Anytime. 24/7.

Brian Contos: So for someone just starting with asset management, exposure, or vuln management—where should they begin?

Greg Fitzgerald: First, ask: are we reactive or proactive? If you’re proactive, don’t fall for the “one platform does it all” myth. CrowdStrike is great—but it only sees what it sees. Look holistically.

And of course, check out Sevco. Whether it’s us or another provider, get your arms around your inventory, posture, and prioritization. Once you have that, you can decide what to adjust, what tools to retire, what gaps to close. Reports, compliance, SOC 2—all of it gets easier.

Brian Contos: Great advice as always, Fitz. Thanks for being on Mitiga Mic.

Greg Fitzgerald: Thank you. Really appreciate it.

LAST UPDATED:

August 12, 2025

Don't miss these stories:

How Threat Actors Used Salesforce Data Loader for Covert API Exfiltration

In recent weeks, a sophisticated threat group has targeted companies using Salesforce’s SaaS platform with a campaign focused on abusing legitimate tools for illicit data theft. Mitiga’s Threat Hunting & Incident Response team, part of Mitiga Labs, investigated one such case and discovered that a compromised Salesforce account was used in conjunction with a “Salesforce Data Loader” application, a legitimate bulk data tool, to facilitate large-scale data exfiltration of sensitive customer data.

God-Mode in the Shadows: When Security Tools and Excessive Permissions Become Cloud Security Risks

By the time the alarms go off, it’s often too late. A trusted third-party security tool, one that promised to protect your cloud and SaaS environments, has been operating with unchecked ‘god-mode’ privileges. These tools, usually classified as SaaS Security Posture Management (SSPM) or Data Security Posture Management (DSPM), have been granted near-unrestricted access to your data, configurations, and secrets.

How AI Is Transforming Cybersecurity: Detection, Response & Threat Evolution with Mitiga’s Ofer Maor

In this episode of Mitiga Mic, Brian Contos, Field CISO at Mitiga, sits down once again with Ofer Maor, CTO and Co-founder, to break down one of today’s most urgent cybersecurity challenges: the intersection of Artificial Intelligence (AI) and Detection & Response. From the Automated SOC to AI-powered attackers and cloud-based AI infrastructure threats, Ofer outlines the three pillars of AI-DR (AI Detection and Response) and what organizations need to know now and in the near future.

Meet Mitiga in Las Vegas at Black Hat, DEF CON, and BSides

From August 4 to 11, Mitiga will be on the ground in Las Vegas for Black Hat USA, DEF CON, and BSides Las Vegas. If you’re responsible for cloud security, SaaS threat detection, or incident response, this is your opportunity to connect directly with our team.

Why Wi-Fi Isn’t Enough: Joseph Salazar on Wireless Airspace Security

In this episode of Mitiga Mic, we sit down with cybersecurity veteran Joseph Salazar, now with Bastille Networks, to uncover the vast and often invisible world of wireless attack surfaces. From Bluetooth-enabled coffee mugs and smart thermostats to malicious USB cables that launch attacks from parking lots, Joseph walks us through real-world threats that operate outside your firewall and beyond traditional security tools.

From Breach Response to Platform Powerhouse: Ofer Maor on Building Mitiga for Cloud, SaaS, and Identity Security

Solutions Platform Helios AI Cloud Security Data Lake Cloud Threat Detection Investigation and Response Readiness (TDIR) Cloud Detection and Response (CDR) Cloud Investigation and Response Automation (CIRA) Investigation Workbench Managed Services Managed Cloud Detection and Response (C-MDR) Cloud Managed Threat Hunting Cloud and SaaS Incident Response Resources Blog Mitiga Labs Resource Library Incident Response Glossary Company About Us Team Careers Contact Us In the News Home » Blog Main BLOG From Breach Response to Platform Powerhouse: Ofer Maor on Building Mitiga for Cloud, SaaS, and Identity Security In this premiere episode of Mitiga Mic, Mitiga’s Co-founder and CTO Ofer Maor joins host Brian Contos to share the journey behind Mitiga’s creation—and how it became the first purpose-built platform for cloud, SaaS, and identity detection and response. Ofer discusses why traditional incident response falls short in modern environments, how Mitiga built its platform from real-world service experience, and the crucial role of automation and AI in modern SOC operations.