Skip to content
MarketScale
‹ Back to IndustriesSoftware & Technology

Tech Convergence is Minimizing IT Security Risk By Creating More Synergies Within Companies

Can a proper convergence strategy mitigate IT security risk? It is something all business stakeholders need to consider. In today’s world, where a single security breach could spell catastrophe, how prepared are organizations to combat the intertwined threats looming over their digital and physical landscapes? As technological advancements evolve, the spectrum of security threats…

This story was produced through MarketScale. See how Software & Technology teams put it to work with Executive Thought Leadership.

By Carlos Rivera · Carlos RiveraCybersecurityInfo-tech Research GroupIt Security
Share

Key takeaways

01

Can a proper convergence strategy mitigate IT security risk?

02

It is something all business stakeholders need to consider.

03

In today’s world, where a single security breach could spell catastrophe, how prepared are organizations to combat the intertwined threats looming over their digital and physical landscapes?

Can a proper convergence strategy mitigate IT security risk? It is something all business stakeholders need to consider.

In today’s world, where a single security breach could spell catastrophe, how prepared are organizations to combat the intertwined threats looming over their digital and physical landscapes?

As technological advancements evolve, the spectrum of security threats extends beyond the digital sphere, encroaching on physical infrastructures and core organizational operations. Info-Tech Research Group emphasizes the necessity of a unified security architecture, merging physical security, cybersecurity, and other administrative realms like HR, legal, and compliance. Its most recent research and analysis, its “Integrate Physical Security and Information Security” blueprint, offers a structured three-phase approach to reduce IT security risk: Plan, Enhance, Monitor, and optimize to navigate this convergence. Though intricate due to proprietary and diverse technological landscapes, this integration heralds a robust defense against modern threats, embodying a modular, incremental, and repeatable process.

What initial steps should firms undertake to ensure a seamless transition towards this integrated security model? The path towards converging these diverse security networks presents challenges; how should firms adeptly navigate these to bolster their security posture?

Carlos Rivera, a Principal Research Advisor of Security and Privacy Practice at Info-Tech Research Group, provides insights into Info-Tech’s published research, expanding on the nuances of harmonizing digital and physical security infrastructures for an enhanced organizational defense mechanism.

Carlos’ Thoughts

“Our methodology basically goes into three primary steps, and it’s, you know, basically you plan, you make an assessment based on the output. You know, you should focus really on the outcomes more than a lot of people that focus on capabilities, but outcomes really are what you want to focus on. But after you plan and you do the assessment, it’s enhancing what you currently have, right? So, that is a kind of standard methodology. I know this sounds kind of boilerplate, but really, it’s taking a good look at what you have based on, you know, our methodology or a good control set, right? Using different models like Purdue, et cetera, to really gauge where you’re at and where you want to be at the end of the journey, right? So, you know, security is a never-ending journey, but this is a really good way to make an assessment and figure out what areas to focus on.”

How can firms ensure the highest levels of success and safety while converging their technology platforms?

“It’s all driven by risk, right? And definitely, in OT settings, you know, one variable that most organizations don’t have to worry about is safety, safety concerns. Another risk that I would say is with OT or IoT, as it were, things that could, you know, impact somebody’s life. They can have like medical devices, et cetera. This is really the value of the convergence, right? If you have a mindset of, I’m going to publish policies; I have a governance framework for my organization that really is extended to your OT infrastructure, right? And you’re holistically looking at a program from an organizational top-down perspective.

That’s really the value of convergence. It’s not really flattening, as some would think, the infrastructure and creating risk. It’s minimizing risk by building on the synergies that you probably already envision with your IT security program.”

What key challenges do you see from firms trying to do this, and how can they navigate them?

“One of the most common ones, to be honest with you, it’s probably a no-brainer, but it’s really just bringing all the key stakeholders to the table to have a conversation, right, about what the objectives are. That’s before you do any kind of technical evaluation. Come up with a charter about what the convergence is about. We have pretty good documentation methodology on getting you started and having the right conversation. We also have a list of stakeholders that we recommend having as part of that conversation, but then have a methodical phased approach on what you feel are the biggest risks and how you feel like you’re going to solve those risks.

Our methodology encourages you to use business language. That’s the best way to talk to stakeholders. You’re not going to drive this change from the bottom up. You’re going to drive it from the top down. And we recommend using something like COBIT and align your strategic goals for that convergence with business language like COBIT to make it really easy to understand what your mission is.”

Article by James Kent

About the author

Carlos Rivera
Carlos RiveraPrincipal Research Advisor, Security & Privacy

Carlos Rivera is a Principal Research Advisor in the Security & Privacy practice. Carlos has 25 years of experience in IT and cybersecurity, primarily within the fintech industry. Prior to joining Info-Tech Research Group, Carlos spent 21 years as an information security officer for multi-billion-dollar business units dedicated to money movement in the P2P, B2C, and B2B space. Most recently, throughout his 21-year career with this Fortune 500 fintech, Carlos led global teams of security and network engineers, enterprise architects, risk managers and analysts that provided cybersecurity services to many global financial industry clients, and was responsible for information security governance, cyber risk management, vulnerability management, application security methodology and adoption focusing on shift-left fundamentals such as Static Analysis Security Testing (SAST), Dynamic Analysis Security Testing (DAST), Open Source Security Testing (OSST), and Manual Application Security Testing (MAST).

Software & Technology: are you visible to AI?

Before they reach out, Software & Technology buyers ask AI engines which vendors to trust. See how AI describes your company today, and where competitors show up instead.

Free workspace

You just read one expert. Imagine publishing your whole team.

This article was produced through MarketScale. Create a free workspace and turn your own team's expertise into articles, video, and social posts. No credit card, no demo required.

NPS +73 · 1,000+ creators · 38+ countries

What you get, free

Your own MarketScale Studio workspace
One video edit a month, on us
AI writing, editing, and publishing tools
In-platform coaching to learn the system

More Software & Technology Insights

OpenAI, Anthropic, and Google are racing to lock in startups with credits worth millions

OpenAI, Anthropic, and Google are racing to lock in startups with credits worth millions

AI model providers like OpenAI, Anthropic, and Google are offering early-stage startups substantial credit packages to secure long-term enterprise contracts. These credits, which can exceed $3 million, are part of a strategy to establish dominance in the competitive AI market. The move underscores the importance of early adoption and partnership in the rapidly evolving AI industry.

  • 01AI model providers are offering startups credit packages exceeding $3 million.
  • 02The credits aim to win long-term enterprise contracts before competitors do.
  • 03The strategy highlights the importance of early adoption in the AI sector.

Jul 16, 2026

Anduril CEO signals no IPO urgency as new funding round targets $28 billion valuation

Anduril CEO signals no IPO urgency as new funding round targets $28 billion valuation

Anduril CEO Brian Schimpf announced that the company plans to target a $28 billion valuation in its new funding round. Schimpf indicated that Anduril is in no rush to go public and can remain privately held indefinitely.

  • 01Anduril targets a $28 billion valuation in its upcoming funding round.
  • 02CEO Brian Schimpf suggests Anduril can remain private indefinitely.
  • 03The company focuses on strategic growth without the immediate need for an IPO.

Jul 16, 2026

Microsoft launches Frontier Company with $2.5B investment to embed AI engineers inside enterprise customers

Microsoft launches Frontier Company with $2.5B investment to embed AI engineers inside enterprise customers

Microsoft has launched a new initiative called Frontier Company, investing $2.5 billion and deploying 6,000 engineers to work directly with enterprise customers. The goal is to co-build AI systems on-site while ensuring the protection of intellectual property. This move underscores Microsoft's commitment to advancing AI integration into businesses.

  • 01Microsoft has invested $2.5 billion in Frontier Company to enhance AI capabilities within enterprises.
  • 02The initiative includes deploying 6,000 engineers to collaborate directly with customers on AI projects.
  • 03Microsoft guarantees intellectual property protection for co-built AI systems with enterprise customers.

Jul 16, 2026

Explore More Software & Technology Insights

Read more expert perspectives from across Software & Technology.

Browse Software & Technology Hub

About the Expert

Carlos Rivera
Carlos Rivera

Principal Research Advisor, Security & Privacy

Carlos Rivera is a Principal Research Advisor in the Security & Privacy practice. Carlos has 25 years of experience in IT and cybersecurity, primarily within the fintech industry. Prior to joining Info-Tech Research Group, Carlos spent 21 years as an information security officer for multi-billion-dollar business units dedicated to money movement in the P2P, B2C, and B2B space. Most recently, throughout his 21-year career with this Fortune 500 fintech, Carlos led global teams of security and network engineers, enterprise architects, risk managers and analysts that provided cybersecurity services to many global financial industry clients, and was responsible for information security governance, cyber risk management, vulnerability management, application security methodology and adoption focusing on shift-left fundamentals such as Static Analysis Security Testing (SAST), Dynamic Analysis Security Testing (DAST), Open Source Security Testing (OSST), and Manual Application Security Testing (MAST).

For B2B teams

Your experts could be publishing here

Stories like this one run on content MarketScale captures from real practitioners. See how your team's expertise becomes coverage in Software & Technology and beyond.

Book a 15-minute demo

Or call us. No forms required. We pick up. 214-945-2512