Host Felicia King sits down with Rick Hernandez, CEO of N2Con, to unravel a common but dangerous IT story: assessments that miss the point and audits that leave companies exposed. Through candid examples—lost laptops, stale Active Directory entries, and policies that never existed—they set the stage for a real-world investigation into how businesses really manage (or mismanage) their digital assets.

As the conversation deepens, the tension grows: accounting firms deliver check-the-box reports, old tools miss cloud realities, and well-meaning assessments become expensive paperweights. Felicia and Rick walk listeners through the messy discoveries they encounter when onboarding clients, and the moment when a seemingly small gap in inventory can lead to a major security and financial risk.

Instead of one-off reports, the episode offers a roadmap—pick a practical framework, insist on executive buy-in, adopt continuous vulnerability management, and own your asset and compliance data. Short, vivid, and tactical, this episode turns audit horror stories into clear next steps for any organization ready to take responsibility for its security.

 

Quick recap

Felicia King and Rick Hernandez discussed challenges around assessments and audits in cybersecurity, particularly focusing on the issues that arise when clients approach MSPs after undergoing assessments with accounting firms. They explored how many organizations lack proper asset inventories and off-boarding processes for equipment, leading to security gaps and compliance challenges. The conversation highlighted the problems with one-time security assessments, with both speakers agreeing that a more effective approach involves implementing continuous monitoring tools and establishing proper frameworks like NIST or CMMC before seeking external assessments. They discussed how many organizations waste money on incomplete assessments from firms lacking proper cybersecurity expertise, and emphasized the importance of executive buy-in and proper risk prioritization for successful security implementations.

Asset Inventory Management Challenges

Felicia and Rick discussed challenges with asset inventory and management in businesses. They highlighted the importance of having an accurate inventory for security purposes and noted that assets are often tracked in various systems, including accounting, spreadsheets, and ticketing systems. They also addressed the issue of tracking assets allocated to employees, particularly when they leave the company, emphasizing the need to reclaim company property, especially devices containing sensitive data.

https://www.watchguard.com/wgrd-security-hub/secplicity-blog/security-gap-lets-attackers-walk-right

Equipment Disposal and Data Security

Rick and Felicia discussed the implementation of a new policy regarding equipment disposal and data security. The policy now requires proper wiping and decommissioning of equipment before it can be given to departing employees, who can then purchase it if desired. They emphasized that the previous approach of simply giving equipment to employees without proper data wiping was ineffective and potentially harmful to the company's data security.

Asset Inventory and Off-boarding Processes

Felicia and Rick discussed the importance of maintaining an accurate asset inventory and proper off-boarding processes for systems. They highlighted how common it is to find stale data and unmanaged assets in systems like Active Directory and Bitdefender platforms, often due to lack of formal off-boarding procedures. Felicia emphasized that an asset management platform can be cost-effective and significantly improve system maintenance efficiency.

IT Asset Inventory Management Discussion

Felicia and Rick discussed the importance of maintaining accurate IT asset inventory and lifecycle tracking, emphasizing that relying solely on IT vendors for documentation is insufficient. They highlighted how understanding equipment lifecycles can help IT managers forecast future replacement costs and plan accordingly. The conversation then shifted to addressing challenges when dealing with clients who approach Managed Service Providers (MSPs) after undergoing formal assessments or audits conducted by accounting firms, with Felicia noting the need to distinguish between assessments and audits in the IT context.

Traditional Security Assessment Limitations

Rick and Felicia discussed the limitations of traditional security assessments conducted by accounting firms and less experienced providers. They agreed that many existing assessment tools and methods are outdated, particularly in modern cloud environments where traditional network discovery techniques no longer work effectively. Both expressed skepticism about the reliability of assessment data from les