It’s a familiar dilemma: weighing the need for security against the need to "keep things running." At PDS Health, it's a tension that runs equally through strategy and day-to-day operations. For Vice President of IT and CISO Nemi George, that balancing act plays out every day. As he puts it: “There are lots of things I want to do with my sec hat on that I need to stop myself from doing when I put on my operations hat.” And thankfully, PDS has become proficient at walking that tightrope.
In a webinar with GYTPOL now available on demand, Nemi shared what he learned, digging into his success at PDS health. The main question at hand: how to strengthen security without slowing operations?
Despite an extensive security stack that included EDR, EPP, VA, and SIEM investments, PDS found that they lacked reliable configuration state visibility. They also lacked the ability to contextualize and validate configuration-level changes.
That fact didn't especially perturb PDS decision makers though. After all, that's how it had always been and they weren't aware of other organizations doing things differently. But that confidence was shaken after a vendor update knocked out 4,600 PCs as the result of a misconfiguration.
It was a wakeup call and stark reminder that misconfigurations, not just vulnerabilities, pose significant risks.
Like most organizations, PDS managed their configurations in a largely manual and reactive manner — chewing up valuable human resources and leaving plenty of room for error. It left IT and Security under constant pressure as they were stuck playing catch up. Forced to take a triage-like approach, compromises had to be made.
Patch management, for example, was limited strictly to Windows OS. Because the team didn't have capacity to handle other operating systems and essential third-party apps, they were not included in regular patch cycles.
And it wasn’t just about time. It was about the feasibility of acting decisively without breaking things. As often as not, they'd find themselves lacking the visibility needed to map out and disentangle operational interdependencies.
As Nemi explained in the webinar, “Ultimately, the fear that people always have is that you're going to break something. Well, you're going to break something regardless if you just kind of run blindly. What folks in my position have been looking for for years is the ability to make informed, risk-based, risk-aware, and context-aware decisions.”
Intent on making a change, Nemi began re-examining internal processes and procedures around configuration security and change management. And then he set out to find the right technology to help his team and give them a leg up.
For Nemi, something just clicked when he found GYTPOL. After a planning call and onboarding meeting, GYTPOL was up and running within hours. He found that the interface was intuitive and easy-to-use.
And the learning curve was accelerated by the fact that every change made in the system was reversible with a single click. This helped minimize risk, making the platform less intimidating and easing adoption.
Continuously evaluating the current state of every device (including servers), across Windows, macOS, Linux, and cloud instances, GYTPOL identifies and contextualizes configuration risks — flagging policy violations and enabling non-disruptive push-button remediation.
This more informed and more streamlined approach to monitoring naturally gave way to more context-aware, purpose-driven, and surgical management. It helped PDS Health take a more decisive and proactive approach, embracing a continuous improvement model that ultimately helped the organization drastically reduce their attack surface without introducing any operational or organizational friction.
That’s exactly what GYTPOL delivered — giving PDS the visibility to make confident decisions, with clarity and speed.
As a result, the organization was able to achieve massive efficiency and productivity gains, reinvesting time savings into strategic initiatives while raising the bar for existing workflows. For example, the team was able to expand patching beyond Windows OS to include Linux and MacOs along with Adobe services, browsers, and other critical third-party apps.
It's a small example, but it's also a representative one — showing how PDS Health gained the capacity to act on the to-do list items they always knew were important but never had time for.
Just as significant, GYTPOL played a pivotal role in PDS's Log4j and SMBv1 response efforts — identifying vulnerable components and validating the effectiveness and non-disruptiveness of remediations.
“I remember the Log4Shell vulnerability first broke," explained George. "Like many others, we woke up to the news and immediately had to ask: Where does this apply to us? What’s the impact? What’s the scope? How many devices? Do we need to act? Should we be worried?”
At the time, the answers weren’t easy to find. “We didn’t have tools that could clearly tell us where those issues were,” he says. “You’re sending emails to app owners, asking: Does this apply to your system? It’s not a place you want to be — relying on people and manual processes when every minute matters.”
That moment drove home the need for a centralized, context-rich console — a gap GYTPOL would ultimately fill.
These real-world use cases aren't just about disaster prevention; they're about reclaiming control. And for PDS Health, that has made a world of difference.
By redefining some of their normal processes and integrating new normal technologies, PDS was able to pave a new and better way forward.
Detecting and correcting configuration drift at its earliest expressions, GYTPOL helped the organization establish and enforce internal benchmarks, preventing problems and serving as a force multiplier.
As Nemi George puts it, "GYTPOL's given us the ability to build forward with clarity, speed, and confidence. We no longer are forced to slow down at every bump in the road. Instead, every moment of every day, things are being pushed forward.”
According to George, it's laid the foundation for a really positive organizational transformation. Now he wants to help other organizations achieve the same. Which is why he sat down with us. Check out the full webinar to learn:
How the PDS team reduced misconfigurations and improve operational resilience — without adding headcount
Real-world strategies to operationalize continuous hardening
How you to break the old paradigm of “security vs. operations” and replace it with a new one: security through operations.
PDS Health’s journey is proof that security and operations don’t have to be at odds. With the right mindset and the right tools, they can be mutually reinforcing — each strengthening the other. By embracing continuous, context-aware hardening, the team didn’t just reduce risk — they gained back time, agility, and control.
If you’re ready to move beyond reactive firefighting and toward a more resilient, streamlined, and aligned approach, this conversation is worth your time.
Watch the full webinar to hear Nemi George’s firsthand insights and learn how you can turn friction into forward momentum.