Customers
Why Mitiga
Request a DemoEmergency Assistance
Home
»
Blog Main
Customers
Why Mitiga
Request a DemoEmergency Assistance

In this episode of Mitiga Mic, Brian Contos sits down with Greg Fitzgerald, co-founder of Sevco Security, for a candid conversation on the real state of asset visibility, prioritization, and the evolving challenges facing security teams. With nearly three decades in the industry, Fitzgerald brings perspective on how cybersecurity has shifted from endpoint tools to orchestration-wide awareness. And why that shift is critical for cloud, SaaS, AI, and identity defense. Watch the episode or read the full transcript below.

Want more expert insights?

Subscribe to Mitiga on YouTube to explore past episodes and stay ahead of what’s next in cloud and SaaS security with Mitiga Mic.

Featuring: Greg Fitzgerald
Sevco Security Co-founder & CXO, Greg Fitzgerald

Brian Contos: Hey Fitz, welcome to Mitiga Mic.

Greg Fitzgerald: Hey, good to be here.

Brian Contos: So, for those of our viewers who don't know who you are—maybe they were under a rock because you've been in this industry since there was an industry—give us a little background on who you are, what you do, and what you're doing now.

Greg Fitzgerald: Yeah, well, Greg Fitzgerald is the name. I've been around here—part of the OG old guard of cybersecurity. I’ve been fortunate to see everything from the first software firewall, when John McAfee was still sane, to the early antivirus days, all the way through to now, where I’m running a company with a co-founder called Sevco Security. It's all about visibility.

The whole concept we’re solving, after 11 companies in a 27-year period, is that we keep selling all this technology, but most companies don’t even know what they’ve got. They don’t know what devices, what users, what applications, what vulnerabilities. We’ve been building tech to help companies with that for the past five years.

Brian Contos: I think that’s one of the most interesting things about asset intelligence. Some people just think it's laptops or virtual machines, but like you said, it's the users, the applications, and everything else. What are you seeing out there in terms of what people are looking to integrate into that view?

Greg Fitzgerald: Great question. If we take a step back—ten years ago, IT and cybersecurity were simpler. You were a Dell shop or HP or Lenovo. Everything was centralized. You knew the lifecycle, the apps, who had access. Microsoft made patching predictable. You had your arms around it.

Then five years ago, it all blew up. Everything connects to the network now. Anyone can download an app. Access rights have exploded. Third-party supply chains are connected. It’s untenable for humans to keep up.

Forward-thinking orgs are saying: I’ve got EDR, SIEM, IAM—but I know I’m missing things. I need more visibility. And they’re doing it without agents—just getting what they already have to work together.

So at Sevco, we focus on cybersecurity visibility—like ServiceNow does for IT. We integrate into EDRs, IAMs, MFA—so customers can see users, devices, cloud assets, apps—everything. And once they see it, they can act on it.

Brian Contos: Let’s double-click on prioritization. When you’re dealing with all these assets—cloud, virtual, apps, identities—how do you decide what to fix first?

Greg Fitzgerald: Most people use vulnerability scanners—Qualys, Tenable, Rapid7. They all have their own views, their own CVSS severity scores. But that’s one perspective.

We focus on context. Let’s say Chrome has a severe vuln. If you're running a big enterprise, that sounds like panic. But what if only 2% of your users even run Chrome—and most have already patched? Then you don’t need to drop everything. Sally the secretary uses Firefox—it’s not relevant to her. Still needs patching eventually, but it shifts urgency.

Brian Contos: That makes it more real. And you're not just helping IT or SecOps, you're helping the whole business focus where it matters.

You mentioned vuln scanners—but there’s also data from EDRs, patch managers, config tools. Can you bring that data in and use it too?

Greg Fitzgerald: Absolutely. Maturity has changed. It’s not just vuln scanners anymore. Tools like CrowdStrike, Active Directory, MFA, network monitors—they all see vulnerabilities now. But the data overlaps. You get duplicate tickets. Or sometimes you get unique things from just one tool.

Sevco is API-only—we bring all of it in, deduplicate it, normalize it, and parse it. Whether you're using our UI or exporting the raw data, you can work in your environment. We’re that middleware that enables full visibility and action.

Brian Contos: What kinds of upstream systems are you pushing this to? Jira? Ticketing systems?

Greg Fitzgerald: Definitely Jira and helpdesk systems. But also SIEMs. Splunk, for example. We enrich the data and push it back for threat mitigation.

Brian Contos: What about SOAR? Or whatever we’re calling automation this week—hyperautomation maybe?

Greg Fitzgerald: Yeah, same deal. We’re bidirectional with SIEMs and SOARs. That enriched data helps drive automation. Fix what needs fixing without waiting. Mature orgs are doing that.

But some still keep their heads in the sand. If I don’t see it, it’s not real. It’s like ignoring a rash and hoping it goes away.

Brian Contos: I’ve seen that rash analogy way too many times.

Greg Fitzgerald: Right? The good news is more orgs are maturing. You and I have a mission—educate and help folks get proactive, not reactive. If we can help them look ahead and automate where it counts, everyone wins.

Brian Contos: I like how this works across prevention, detection, and response. Take Splunk again. If you write a correlation rule and see malicious behavior from a vulnerable, unmanaged device—that rule should elevate the alert.

Greg Fitzgerald: Totally. That’s a huge timesaver. It helps SOC analysts prioritize what matters. It’s also helping with compliance—understanding every user, device, app, and vuln is core to NIST and MITRE ATT&CK models. And to avoid fines, insurance issues, or legal liability.

Brian Contos: And identity is a big part of that. You mentioned SalePoint. If someone’s accessing an app they technically have rights to—but they’re not governed by IAM—that’s a gap.

Greg Fitzgerald: Exactly. Sometimes it’s just human error—job changes, new employees, someone setting up access manually. We let you see that in real time—not batch processing—so you can spot and fix it. Anytime. 24/7.

Brian Contos: So for someone just starting with asset management, exposure, or vuln management—where should they begin?

Greg Fitzgerald: First, ask: are we reactive or proactive? If you’re proactive, don’t fall for the “one platform does it all” myth. CrowdStrike is great—but it only sees what it sees. Look holistically.

And of course, check out Sevco. Whether it’s us or another provider, get your arms around your inventory, posture, and prioritization. Once you have that, you can decide what to adjust, what tools to retire, what gaps to close. Reports, compliance, SOC 2—all of it gets easier.

Brian Contos: Great advice as always, Fitz. Thanks for being on Mitiga Mic.

Greg Fitzgerald: Thank you. Really appreciate it.

LAST UPDATED:

August 12, 2025

Don't miss these stories:

Inside Mitiga’s Forensic Data Lake: Built for Real-World Cloud Investigations

Most security tools weren’t designed for the scale or complexity of cloud investigations. Mitiga’s Forensic Data Lake was.

Breaking Down the Microsoft Entra ID Actor Token Vulnerability: The Perfect Crime in the Cloud

When we think about catastrophic vulnerabilities in the cloud, we usually imagine complex exploits that require advanced techniques, persistence, or luck. Sometimes a single flaw breaks the trust we put in our identity providers.

Invisible Threats: Wireless Exploits in the Enterprise with Brett Walkenhorst

In this episode of Mitiga Mic, Field CISO Brian Contos talks with Brett Walkenhorst, CTO of Bastille, about how wireless attack techniques like Evil Twin and Nearest Neighbor are used to gain access to protected environments. They discuss how these threats show up inside data halls, executive spaces, and high-security facilities, often bypassing traditional network defenses

From Rogue OAuth App to Cloud Infrastructure Takeover

How a rogue OAuth app led to a full AWS environment takeover. And the key steps security leaders can take to prevent similar cloud breaches.

CORSLeak: Abusing IAP for Stealthy Data Exfiltration

When people talk about “highly restricted” cloud environments, they usually mean environments with no public IPs, no outbound internet, and strict VPC Service Controls locking everything down.

Defending SaaS & Cloud Workflows: Supply Chain Security Insights with Idan Cohen

From GitHub Actions to SaaS platforms, supply chain threats are growing. Hear Mitiga’s Idan Cohen and Field CISO Brian Contos explore real-world compromises, detection tips, and strategies to strengthen your cloud security.