Month: June 2025

Interview with Senior Security Engineer and Cybersecurity Expert Greg Witte of Palydin

About Greg Witte

As a Senior Security Engineer for Palydin, Greg Witte supports federal and commercial clients, primarily within the National Institute of Standards and Technology (NIST) IT Laboratory and  U.S. Department of Homeland Security (DHS) Continuous Diagnostics and Mitigation  Program (CDM). In more than 30 years in the Information Security arena, he has helped to build and improve multiple enterprise frameworks, including the NIST Cybersecurity, Privacy, and Workforce frameworks; ISACA’s COBIT model; and the Baldrige Cybersecurity Excellence builder. Drawing upon that expertise, he helps organizations to better integrate cybersecurity risk considerations into enterprise risk management activities.

Helpful Links:

IAITAM

Palydin

Greg Witte

TRANSCRIPT OF DISCUSSION: 

KURT: Good afternoon. Greg,  How are you?

GREG: :  I’m doing great, Kurt, other than a minor thunderstorm passing by. But things are good here.

KURT: All right. Well, glad you are safe. I heard there was a little bit of, hail. I understand that you’re a little bit south of the, Annapolis area, just outside of Washington, D.C.. Thanks for joining me today.

GREG: :  Oh, thanks for having me. Awesome.

KURT: So, for anybody who might not know me, my name is Kurt Greening. I work for a company called Securis, and we are in the business of helping government agencies, government contractors, also regulated industries like banks and health care, remove data from end of life electronics and then recycle them in an environmentally responsible way. So, I’m glad that I have GREG:  Witte here, joining me. He works for a company called Palydin, and Greg supports, a bunch of federal clients, but also has some commercial clients. Most people who have listened to us in the past would know about, National Institute of Standards and Technology or NIST. In the past, I’ve talked about standards like NIST 800-88. GREG:  has also worked with, DHS, a program called Continuous Diagnostics and Mitigation, or CDM, and actually been an information security for more than 30 years. Been a part of tons of cool projects. He’s, built some models and frameworks. We may talk a little bit more later about his work with a security organization, known as, ISACA. But, I will at the end of the show, maybe let people know how they can, reach out to you, Greg . Because yourself and your company, you know, you help people, at least my understanding is better integrate cybersecurity risk considerations, into enterprise risk management activities, which for me, I understand that, you know, the opportunities or the threats are growing and so it’s super important to have, people like you, keeping our way of life, safe and protecting us from cyber adversaries. So, Greg , again, thanks for joining us.

GREG:   Thank you. Yeah. Ready to help? Anytime.

KURT: Awesome. So, you and I. GREG: , we originally met, out in Las Vegas at a conference, known as ACE, which is the yearly conference from the International Association of IT Asset Managers. And I understand that you’re pretty active in that, organization. I think you may even, teach some classes besides, volunteering at their conference. Tell me what interested, you about that organization.

GREG:  Oh, thanks. Yes. Usually what’s what happens in Vegas stays there. But we’ve met in Henderson, so it’s a little bit outside the strip. We can talk about it. Yes, exactly. Now, I’ve been really fortunate to work with ITAM for going on a decade now. If you look at security controls, if you download any of the controls frameworks, you’ll see that they always start with asset management, and that’s for good reason. You know, we all know you can’t secure or even really manage your asset. The resources that companies depend on so heavily, unless you know what you have and where it is and what is being used for. So for that reason, IT asset management really is the hub, or at least from an IT and a OT perspective for the whole organization. So good security begins with good asset management. 

So I got to know, Dr. Barb and the team at ITAM long ago. And yes, as we talk more and more about security, and as I got to know their certification programs, particularly their camp C program that focuses on asset management, security. It really helps us to understand, you know, exactly where that asset management piece fits. And they also do a really good job of thinking about the total cost of ownership better than most organizations I’ve seen. If you think about, for example, you know, think about what you were saying Kurt, about Securis. 

You know, we know even when we first purchase a laptop, that there’s going to come a day when I’m going to need your team to help me to basically decommission that device and maybe even, do some work to make sure that you’ve disposition the drives correctly. We know there’s going to be a cost. So we should be thinking about that cost even when we first requisition it or when we, you know, have our moves and adds and changes. 

So we should be thinking about that in advance. And you should be thinking about the patching and the updates and the licenses and the training. You know, there’s a total cost to that, and ITAM does a good job of helping us to think about that, to make sure that, you know, both from a good business standpoint and from a risk management standpoint. We need to be thinking about, really, the total lifecycle of that ownership, including, of course, good disposition. So that’s that was how we got involved. And it’s, really exciting to be kind of looking at where that those circles of the security and IT Asset management really overlap quite heavily.

KURT: Yeah. So International Association of I.T. Asset Managers is, I think, a wonderful organization. Anybody that gets involved in asset management, I would recommend that they join. I’ll try to post a link in the in the show notes. But GREG: , you know, I talked about you being a cyber guy and being in cybersecurity for 30 years. We talked about IT asset management being one component of cybersecurity. But tell me, how did you get into cybersecurity?

GREG:   Yeah, it’s true. The gray beard is real. Yeah. I started out, even just straight out of high school, working in factories, building computer equipment and networking equipment. I’d always played with networks and, you know, amateur radio as a kid. So for a while I was working in factories, building networking equipment. And one of my customers in the federal government, they had one of our, you know, one of the early internet working routers. They called us up and said, hey, your router is broken. 

So we went out with our tool kit, and I went out there with my packet sniffer and said, my router is fine, your network’s broken. No, my networks on your routers broke, went back and forth a little bit, and it turned out to be one of the very early federal security bugs, on the the brand new, you know, shiny new thing called the internet. I think they were in the process of moving from Arpanet to internet. But at the time, the networking company that I was supporting was starting to go out of business. 

This little upstart company called Cisco was starting to come out, and, and they were obviously Ethernet was growing. And, you know, this security thing seemed kind of interesting. So I said, maybe I’ll try that for a while. Of course, that was 1993. And we’re we’re still going. But it was a good intersection of my networking and the Unix side of things. One of the things I love about security and cyber in general is that, you know, you can, you know, the things that we do, the things that you and I do, goes all the way back to George Washington. 

You know, you think about the Revolutionary War and some of the biggest battles were lost because somebody didn’t properly secure their their resources, and they didn’t have Securis at the time to shred their plans, their war plans. But, you know, you can have that solid foundation, and yet it’s always changing. 

I was at a meeting with, with Securis just yesterday talking about innovations in AI and how we can be doing that, you know, the next steps. We were talking, you know, about how do we better secure AI in our asset resources that are based on artificial intelligence. So it’s it’s always changing. And yet you’ve got that solid foundation. So it’s it’s always exciting. It’s not always. Well, it’s not always exciting, but it’s never boring. Let me put it that way.

KURT: Yeah. No, I mean, we’re seeing AI, drive a faster refresh cycle around hardware assets. Most agencies and a lot of, health care organizations that I work with are scrambling to get rid of devices that aren’t going to support Windows 11 and the AI resources. So that’s, you know, AI’s a big thing and all aspects. It’s a big thing for, you know, for businesses, for improving, citizen services and government. But also causes some challenges around, IT asset management. 

So I when I made the intro to you, I talked about this organization, called NIST, and, not everybody knows what NIST does, but, we’re not going to maybe share everything that they do because what they do is pretty broad. But yeah, focus a little bit on, you know, maybe you can tell, you know, generally what they do. But really, how does NIST help improve cyber security. And I understand it’s not just for government agencies but, you know, even you know, banks and hospitals look at NIST and say, hey, what is the best practice for securing my organization?

GREG: :  Oh, yeah, it’s a wonderful organization and I’m fortunate I’m a contractor there. So I can’t you know, I’m not a government employee, but I can speak about them since I’ve been working with them going on 15 years, which is a great place for me to be. NIST was actually born in 1901 as the National Bureau of Standards. It was their job to help kind of make sure that, you know, when you buy a pound of something that it actually was a pound and that same thing, lengths and measures, all kinds of things. 

But, the great example where they are today, you can go back to 1904. There is a large fire, just not far from where you and I are sitting up in Baltimore. There was a huge fire in downtown, and they had fire companies came from all over the East Coast to help put out the fire, but they found out that the hoses didn’t couple the hydrants, you know, didn’t work together. They had all the equipment, but it didn’t work together. And it ended up, you know, I think, you know, something like a thousand buildings burned down because they couldn’t respond quickly enough. 

So that kind of opened their eyes to the notion that in addition to making sure that we have consistent weights and measures, we absolutely had to better support interconnectivity. The stuff’s got to work together. And that’s where NIST really shines. Today they’re the National Institute of Standards and Technology, as you said, and much of their work has to do with making sure stuff works together. They’re not going to tell us what to do with, each second of our day, but you know that you can tune your clock to the National Bureau of Standards and the NIST clock, and you know what time it is. It’s the same way for information security.

You know, the conversation we’re having now is encrypted through encryption methodologies that NIST has reviewed and approved. And that way, we know that our tools can talk together. It’s the same thing with networking, and of course, that’s true with other elements of security. They don’t tell us what the security plan should do, but they’ll give us a catalog of security and privacy controls so that we can agree together on how we’re going to interoperate from a security standpoint.

And that’s really what we do. The main part of what I love working on is on the frameworks, as you said earlier, and the one that I’m mostly focused on is called the Cybersecurity Framework, which basically is just based on five simple functions. If you can identify what matters, then you can do what we need to do to protect it from the known knowns, hopefully very quickly detect what we need to detect in our monitoring role and then respond and recover quickly. So we released that framework in 2014 and in 2024, we just updated that to version 2.0. 

We added a whole governance function to kind of go around that, because we found that, you know, we can do all the protection and detection we want to, but we need a governance aspect of it to really drive our strategy to understand, you know, what do our stakeholders expect from a risk management perspective? How do we instantiate that through policies and oversight? And we also added a great deal of information there about supply chain. Your listeners, I’m sure are focusing heavily on supply chain risk management, especially for information and operational technology.

You know, we depend more than ever on external apps. The conversation we’re having is using, you know, something as a service everywhere. We’re depending on these external apps and partners. So we need to do even more than ever to manage the risk to and from those partners to make sure we’re doing the right things the right way. And again, that’s back to that interoperability. 

So, you know, you know from your work, Kurt, in the in the things that you’re doing, you know, some of the data that you can all you have to do is just format the drive and go on about your day. And there’s other data that’s stored like health care or other, you know, sensitive data where, you know, you want somebody to erase that drive and that’s smashing into pieces, and then toss those pieces into the volcano and Mordor. You know, there’s some information that’s just absolutely got to be well protected.

And part of our job in risk management is to understand, you know, which are the crown jewels, and how do we make sure the right things are well protected. So that kind of goes back to what we do at NIST, where we can’t tell you what to do. Much of what we, you know, would want to build into our plan kind of depends on different context and different factors. But we do provide a ton of frameworks and guidelines to help, you know, like the AI we were talking about, you know, our recent work in the AI risk management framework, combined with the cyber framework, that type of thing that that really helps us to work together with our colleagues to see, you know, how do we categorize it? What should we be doing next? How should that work?

One last piece I really love about the work at NIST is the Workforce Framework. So many of the controls and you go through the international standards, and they’d say that, you know, somebody should do these following activities, but they didn’t really focus on the who. And that meant it’s difficult to teach people to hire people to promote people, to understand where we may have some skills gaps. We weren’t so focused on workforce. And I know as a parent, if I say, hey, somebody should lock the door, who’s going to lock the door? Well, nobody, if it’s not actually assigned to a particular role. So, we’ve been working now for, I guess going on ten years about how do we better describe the workforce, the work roles and the tasks and the skills and the knowledge that the people have. And that’s turned out to be really helpful for helping people understand, you know, what they should learn, how they should apply it, and what tasks need to be done. So it’s been really exciting.

KURT:  Yeah, right. That’s helpful. In my house, my wife says somebody should do the dishes, and I think she’s just decided that somebody should be me. So I’m very helpful in making sure the right people will take care of. 

GREG: So that role has been defined and assigned and it’s overseen, I’m sure. 

KURT: Awesome. So we learned a little bit about NIST, which is great. I knew about the Baltimore Fire. But I didn’t know the history behind, why it was so bad. So that was, super helpful. So let’s talk a little bit more about a federal agency. The Department of Homeland Security, parts of Department of Homeland Security have been in the news, recently, more around, like Border Patrol and ICE that, you know, that’s been. But but other people might not be aware that, you know, besides securing our borders and, making sure that, we’re tracking who’s, in our country, DHS does a lot to secure, critical infrastructure. And I also understand that, they have a role through, the Congress and OMB to report back to Congress on how federal agencies are doing from a cybersecurity posture management perspective. So, yeah, I understand that this this CDM program or continuous diagnostics mitigation program helps with some of those things. Can can you tell me a little bit more about that?

GREG:  Sure. And that takes us right back to asset management. Yeah. As you said, in particular, I support the CISA, which is the Cybersecurity and Infrastructure Security Agency, which, as you said, is a component of DHS, the US Department of Homeland Security. It’s, you know, if you think about so much of our nation depends on critical infrastructure. You know, we saw just what happened in Europe just a few weeks ago, where whole sections of the country went down. Now, in that case, you know, you never know which is a cyber attack and which is just the nature of the the flexible power grid. But, you know, so much of our nation is very dependent on that critical infrastructure, our water sector, power, you know, making sure that, like you said, our health care and financial systems are sound and reliable. 

So CISA’s job is to help monitor those infrastructure components, including the government side, state, local and federal government agencies can get help from CISA. And CISA is there to help to provide advisories on new types of risks that are happening. They put out, lists of key vulnerabilities that the bad guys are exploiting. And part of our program there that that I support is the continuous continuous diagnostics and mitigation program CDM, which started out as an asset management program. 

Really… as you know from your work in ITAM, first thing you need to know is what’s on the network, right? So it started out as an opportunity for federal civilian agencies at least to be able to load agents and understand, you know, what are the devices, including IOT, operational technology, other cyber physical systems. What exactly is on the network? And they they’ve built a huge database that they use to do asset management, including, you know, they use with with new assets coming in as those, those move and add and change within the organization. 

And in fact, we do track the disposition of those resources once they reach their end of life. And then, you know, besides just knowing what’s there, we also keep track of what vulnerabilities the vulnerability scanners have found. They’ve got a threat hunt team that keep track of what they see. You know, just provides a visibility capability for the federal government so that they can see what’s happening. They can inform, you know, the agencies have their dashboard, the ECS cyber team that I support, provides agency level dashboards, federal level dashboards, maybe someday even state and local dashboards for, for those entities. But we provide visibility into that IT asset management so that organizations can see what’s on the network, who’s on the network, what’s happening that supports continuous monitoring for any threats and vulnerabilities that seem to be emerging, and then it helps them to have a better understanding of that, that bigger picture.

You mentioned one of my loves as enterprise risk management. You know, a lot of organizations focus at the system level, and that’s vital. But we also sometimes need to take a step back and see, what does this mean about our whole organization. So, you know, this way we can do both. We can go all the way down to a device, we can look at it as a system, as an agency, and as an entire, federal civilian, executive branch, for example.

KURT:  Yeah. I mean, interesting. I think, Greg, you and I have a mutual friend, GREG:  Crabb, who you may have worked with, at CISA and, and other places. I have Greg , on and interviewed him around third party risk, a few months ago and IT asset disposal companies. He talked about, what has gone wrong in the past and the results and the fines, but he also talked about some of the best practices. And then, his company developed a risk assessment for vendors, like Securis in the IT asset disposition space, because it turns out, a lot of them could do better. When it comes to, following, best practices. So if anybody wants to check that out, they can.

GREG:  Yes, I in fact, I just saw Greg a few days ago. He and I first worked together. He and I were reminiscing that our first work together was at the Postal Service back in the late 90s. So. Yeah, it’s, like I said, it’s it’s exciting and in, in many ways, you know, in some ways it’s the same. And in some ways it’s always changing. We hadn’t even dreamed about what AI could be doing these days, but yeah, that’s part of the fun. It’s a very small town. And, he and his son, I enjoyed the interview that you did with them not long ago.

KURT:  Yeah. That’s great. So, Greg, what’s something you’re passionate about in terms of improving cybersecurity posture of government or even, you know, critical infrastructure that might be run by local governments or even, you know, power companies or, or financial institutions. What are some of the things if somebody, you know, executive team brings you in and say, hey, Greg, we’re worried about cybersecurity. You know, and talking to our CISO,, the the list is long. Well, what are things that you tend to look for early on and you’re passionate about trying to help people improve?

GREG: Well, one of the things that I’ve been doing a lot of work on, which is, risk measurement has been really challenging. One of my early mentors was a fellow named Jack Jones, who went on to create, for a methodology called FAIR, which many of your listeners may have seen. It, you know, we currently see in many of the places I go, even today, you know, I’ll ask to see, you know, do you have a risk chart? 

Do you have a register of your risks that you use to figure out what scenarios might happen and how likely they are, and for many of them, they still just rank their risk as low, moderate or high or red, yellow, green, or they use some sort of measure like that. That’s very qualitative and it’s really hard to not only is it hard to sort your risks just for cyber, but it makes it even harder when you’re trying to compare cyber risk with market risk and labor risk. And one of my customers is even, you know, dealing with Brexit risk. 

You know, there’s there’s so many different risks in the risk universe that an organization has to deal with. And it’s it’s not really always helpful when all you have to go on is low moderate, high at best. So what we’ve really been pressing is the fact that we can do a better job of quantifying the risk. You can come up with a range. We can say that I know, I know what it costs to go down for a minute or an hour or a day. You know, you can go back and calculate for a particular business system or application. 

This is what it would cost us if we didn’t have access to that. Or better yet, this is what we have to make sure we continue to have access to. This is what must go right, so you can figure out the value of your different resources and assets. And based on that, now we can go back and think about what are the threat sources that might jeopardize those. We can think about the factors. It’s not just, you know, threat or not threat. It’s not binary. But we can say, you know, just like we would with our house as well. 

You know, we’ve got a fence and that helps. We put up a sign in the front that might deter an adversary. We can think about, you know what? We have of value. That’s there within that house. So we can start to think about not just we have a threat or we don’t have a threat, but what’s the likelihood that a threat would occur? What would be the things that we could do to decrease the frequency of access by that threat actor? 

We can think about the vulnerabilities that they might exploit or the preexisting conditions. You know, right now with this thunderstorm, I’m about a block off the Chesapeake Bay. So I’m thinking about the flooding and the warnings that they’re giving me about the floods that may occur. You know, we can think about, a true range. We can start to think about percentages and I can say, all right, looks like there’s a 43% likelihood. 

Based on the past five years experience, we can actually calculate the likelihood that a flood would occur in my neighborhood. And based on that, I can think about what IT resources might be jeopardized by that flood. And we can actually start to go from, you know, red, yellow, green to an actual exposure, even a dollar sign exposure cost to say, all right, if this went down for an hour, it would cost me a million bucks. There’s a 13% chance it would happen. So now we can start to calculate real dollars and they can use that for a trade off. 

So really all I’m getting at is there’s so much more data that’s already available to us to do a better job of estimating and modeling the, the actual potential risk exposure that we have and the impact that would happen if a scenario were to take, take hold. And I think, you know, enterprises have an opportunity to kind of go from, yeah, it feels like moderate to me, to actually thinking about, a range of cost exposure that they have that will help them to do better for planning and executing a cybersecurity program for both their critical resources and in overall enterprise risk.

KURT:  Yeah. That’s great. Greg, so if somebody is listening out there and has heard, okay, great. So yeah I would like to better quantify my either cyber or my enterprise risk. And I’m thinking about these assets that, that, that I have, these IT assets and, and potential threats or vulnerabilities and they feel like, hey, I want help, Greg.  Sounds like, he he knows what he’s doing. What are ways people can can reach out to you? Would you recommend, you know, do you answer LinkedIn messages from people or your website? Or what can I put in the show notes if somebody says, hey, you know, I might benefit from talking to Greg and his company.

GREG:  Yeah, we’d love to help, and either one is great. I love meeting new people on LinkedIn. I’m getting new, new friends every day. Yes. Feel free to reach out at the site. It’s just www.palydin.com, and we’ll we’ll put that in the show notes or reach out through LinkedIn. And, of course, you know, love to talk to anybody about ITAM or security or, you know, any, any other topic. I’ve been around quite a bit. So happy to just share. We were having fun the other day, just kind of remembering some of the some of the old, good old days. One of the folks, you know, broke out an old RIP tech report from a long time ago. We were having fun flipping through that just it’s it’s a fun industry and it’s a very small town. So happy to make new acquaintances any time. 

KURT:  Awesome. Great. Well, hey, thank you again for, joining us. I know I learned some things and, I think, the rest of our listeners sort of learn some things and hopefully a bunch of new people will reach out to you and and benefit from your help.

GREG: Oh, I really appreciate you having me, Kurt. And thanks for having me here.

 

Degaussing Basics: What Is a Degausser?

A degausser (also known as a demagnetizer) is a machine that disrupts and eliminates magnetic fields stored on tapes, disks, and hard drives. The process of degaussing changes the magnetic domain where data is stored, making it unreadable and unable to be recovered. Degaussing neutralizes the magnetic field on the media, permanently erasing all data and formatting by randomizing magnetic domains. 

In other words, when you degauss a hard drive, you’re not just deleting files—you’re erasing the magnetic blueprint that makes data retrievable in the first place.

Degaussing services are a vital step in secure IT asset disposition, especially in industries where data privacy is non-negotiable.

How a Degaussing Machine Works 

A degaussing machine—sometimes called a demagnetizer, generates a strong, controlled magnetic field that overwhelms the existing magnetization of your storage media. Whether it’s an LTO backup tape or a spinning HDD, the degausser magnet inside the machine alters the alignment of magnetic particles, making previously stored data unreadable and impossible to recover.

The strength of the magnetic field is measured in Oersteds (Oe), which helps determine which type of degausser is needed. For example, most modern hard drives require 5,000 Oe or more for successful hard disk degaussing.

Degaussing is effective only on magnetic media such as hard disk drives (HDDs), VHS tapes, audio cassettes, and magnetic backup tapes like LTO and DLT. They are ineffective on non-magnetic media such as solid-state drives (SSDs), optical discs (CD/DVD/Blu-ray), or USB flash drives. Degaussing is one of the best steps to take before destroying or shredding hard drives. It gives you extra protection against someone gaining unauthorized access to your data.  

Degaussing Terms to Know

When exploring degaussing services, it helps to understand a few key terms:

• Oersted (Oe): A unit of magnetic field strength. You’ll find Oe ratings of about 1800 or higher for current tapes, while hard drives can easily reach 5,000 Oe. These energy level ratings tell you how strong of a degausser you’ll need to destroy the data stored on the device.  Higher values mean you’ll need a stronger degausser magnet to degauss a hard drive successfully.
• Coercivity: You’ll see coercivity used interchangeably with Oersted in many instances because Coercivity is the amount of magnetic field strength required to reduce a material’s magnetization to zero after it has been magnetized. Essentially, this is a rating of how easy or difficult it will be to demagnetize your magnetic media. Like Oersteds, higher coercivity means you need a more powerful hard drive degausser.

In short: the denser or more resistant your magnetic media, the more robust your degaussing hard drive process must be.

Why Degaussing Efficiency Depends on Design

The design of a degausser plays a crucial role in determining how effectively it can erase data from magnetic media. At the core of its functionality is the ability to generate a substantial magnetic field, which is vital for erasing data.

Magnetic Field Dynamics

A powerful magnetic field is essential for altering the polarity of the particles in magnetic media, thereby erasing the data. The effectiveness of this magnetic field is primarily influenced by the design of the degausser. Specifically, the coils within the device are fundamental—they generate the magnetic field required for data erasure.

• Strength of Coils: To ensure complete data removal, the strength of these coils must be two to three times that of the media’s magnetic properties. Even stronger fields are necessary for highly sensitive data, such as those classified as Restricted or Top Secret.
• Measurement: This magnetic strength is often measured in Oersteds, honoring Hans Christian Oersted’s contribution to understanding electromagnetic interactions.

Efficiency Enhancements in Design

To further enhance efficiency, degaussers are designed with various features:

• Multi-Axial Coil Orientation: Utilizing multiple coils in different orientations creates a more comprehensive magnetic field, ensuring thorough data erasure.
• Rotation Mechanism: Some designs incorporate the coils’ rotation or the media itself. This movement allows the magnetic field to interact with all media parts, enhancing the degaussing process.

Media Transport Mechanism

How media is transported through the magnetic field also impacts efficiency. Degausser designs may include:

• Belt Conveyors: Automatically transport media at a consistent speed, ensuring uniform exposure to the magnetic field.
• Motorized Spindles: Rotate the media, optimizing the field’s interaction with its entire surface.

In summary, the degausser’s efficiency hinges on its ability to produce a dynamic and powerful magnetic field and its media handling mechanisms. These devices maximize data erasure through thoughtful design, catering to varying security requirements and media types. At Securis, our NSA-approved LM4 degausser includes all these design efficiencies and more, making our hard drive degaussing service one of the most effective available. 

How Magnetic Media Density Influences the Degaussing Process

The density of magnetic media plays a crucial role in determining the effectiveness of the degaussing process. In high-density media, data is stored in closer proximity, making it more challenging to erase thoroughly. Consequently, a more powerful degausser is essential to ensure complete data removal.

Key Considerations:

• Density Levels: Denser media, like modern hard drives, require a degausser capable of generating a stronger magnetic field. This ensures every bit is reset, wiping all traces of information.
• Degaussing Power: Selecting a degausser with adequate power is critical. Not all degaussers are created equal; some might fall short when dealing with high-density media. Using equipment on the approved list for the NSA can ensure you have sufficient power.  Using an underpowered degausser on dense media can lead to incomplete data erasure, posing a security risk.

Understanding and considering the density of your magnetic media is key to selecting the right degaussing tool. Working with a vendor like Securis, which uses NSA-approved Degaussing equipment, can ensure the tools used are the right match and ensure data is irretrievably erased, maintaining your security and allowing for peace of mind.

Can a Degaussed Hard Drive be Reused?

This is a common question: can a degaussed hard drive be reused?

In most cases, the answer is no. While some older magnetic media like VHS tapes or reel-to-reel audio tapes might still function post-degaussing, modern hard drives become unusable. Once the magnetic domains are randomized, the drive’s firmware and calibration are wiped out. For secure hard drive data destruction, that’s exactly what you want.

Why Degaussing Is Still Relevant

You might be wondering: what does a degausser do that other data destruction methods don’t?

Unlike software overwrites or formatting, degaussing offers:

• Complete Data Erasure: Nothing can be recovered, even with advanced forensic tools.
• Hardware-Neutral Destruction: Works on failed or non-functioning drives.
• Fast & Scalable: Ideal for large volumes of retired IT assets.

Secure data erasure is also often required by regulations in healthcare, government, and finance. It’s not optional—it’s part of compliance.

Can a Degausser Destroy an SSD?  (Solid State Drive)

Solid-state drives are not magnetic media, so they can’t be erased using a degausser. Because SSDs store data electronically on NAND flash chips (not magnetically), degaussing is ineffective. SSDs should be shredded to particles no larger than 2mm for secure disposal, following NSA/CSS SSD destruction standards. 

It’s important to know that solid-state drives (SSDs), optical discs (CD/DVD/Blu-ray), or USB flash drives cannot be degaussed. Why? These types of data storage devices do not store data magnetically, so degaussing magnets are useless here. Instead, these devices must be physically shredded to particles no larger than 2mm for secure disposal, following NSA/CSS SSD destruction standards. This is why Securis includes hard drive shredding as a redundancy step, especially for environments that mix drive types.

Do You Need Degaussing Services?

If your old equipment contains personally identifiable information (PII), financial records, or health data, the answer is clear: yes. Degaussing hard drives is one of the most secure ways to ensure your data won’t fall into the wrong hands.

Whether you’re handling classified data, managing a healthcare network, or decommissioning hundreds of legacy devices, degaussing should be a part of your IT asset disposition services.

Securis offers both on-site data destruction (from our 26’ box truck) and off-site degaussing at our NAID-certified facility. Our team verifies and recertifies every degausser machine annually, and we track each device processed with an audit-ready inventory report and certificate of destruction.

Securis Degaussing Services for the Ultimate in Secure Data Destruction

Degaussing provides the most reliable, efficient, and hardware-independent solution for complete data erasure, ensuring that sensitive information is fully protected from unauthorized recovery. If you are looking for hard drive degaussing services, look no further. 

• Securis provides compliant on-site and off-site degaussing services for hard drives, backup LTO and DLT tapes.
• The degausser is internally mounted and powered by our 26’ box truck so that mobile hard drive degaussing services can be completed at your site, allowing you to witness the process. However, we can also complete the degaussing services off-site at our secure, NAID-certified facility.
• Our NSA-approved LM4 degausser is used for optimum data destruction.
• Our hard drive and tape degaussing service options are fully compliant with all National Institute of Standards and Technology (NIST) Special Publication Series 800-88 and National Industrial Security Program (NISP) Operating Manual 32 CRF Part 117 (which replaced DOD 5220.22-M).
• Monitoring of the magnetic fields is done via a program called FieldCheckR. Our degausser is verified before every degaussing process to ensure it properly functions. Our degausser is recertified annually by the manufacturer.
• Securis offers hard drive shredding as an added redundancy to ensure absolute data destruction. Because a degaussed drive and a non-degaussed drive physically do not look different, it is a best practice to shred drives after they are degaussed.

Ready to Protect Your Data?

Don’t leave secure data disposal to chance. Trust Securis for NSA degaussing compliance, magnetic media destruction, and full-spectrum IT asset disposition services.

👉 Request a Quote for Degaussing Services Today

Transcript from Video :

Kurt: Good afternoon, Dan Mattock How are you? 

Dan: Hey good afternoon Kurt. I am doing awesome. How are you doing? 

Kurt: I’m doing great. Yeah, it’s wonderful to talk to you, Dan. Today. today, I’d love to, talk to all our YouTube fans about, electronics OEMs or original equipment manufacturers and how they are investing in the circular economy. So thanks for joining me today. 

Dan: Thanks so much for having me. This is this is great. I’m excited here. 

Kurt: Awesome, So for those of you who may not know, Dan Maddock, Dan Maddock is Vice President with Securis He’s actually been with the company for, more than 15 years. he holds a number of certifications. one is a CSDS, which stands for certified secure data destruction specialist. Dan also holds a certification, in LEED, which is the Leadership in Energy and Environmental design certification. many people know Dan from his role as the president of the Northern Virginia chapter of the National Property Managers Association. which is pretty cool. But, today, really I’m interested in talking to Dan because of his experience consulting with some of Securis’ largest customers on the topic of data security, the circular economy, as well as IT asset disposition, best practices. So Dan, I’m super excited to learn from you today. 

Yeah, this is great. Thanks, Kurt 

Kurt: All right. Dan. So not everybody listening to this podcast is going to understand the term, circular economy. So can you help just and maybe in layman’s terms, give me an idea of what that means. And especially as, as it, you know, with respect to, electronics manufacturers. 

Yeah, sure. Absolutely. So, yeah, the term circular economy came on the scene. let’s say I’ve heard it used more and more often from maybe about 5 to 10 years ago, is when it really started. But the gist of it is that it’s basically an economic system. It refers to an economic system designed to minimize waste, make the most efficient use of resources by really keeping products, materials, resources, as long as possible. And maybe that’s through the design of the product initially, or it’s during its full lifecycle towards the end of the lifecycle, trying to find ways to reuse the product, even repairing or refurbishing, and then even towards the end, recycling the product in a way where all those raw materials can go back into new products. 

And so, yeah, in regards to electronics, what’s interesting, one example where we see of this is so the EPA, they’ve published some calculators that just show how much better it is for the environment. first of all,  first of all, if you can recycle the electronics, but even more dramatically is if you can reuse the products and extend their life, it’s actually dramatically better for the environment in terms of not having to tap into some of the virgin materials that are so costly, to, to mine and so forth. 

Kurt: Yeah. that’s an incredibly, big deal. Thanks for, helping us understand the circular economy. You know, electronics obviously is your expertise, but I saw a segment on PBS news where, clothes were ending up on a beach, in Africa. super, super disappointing. but we also heard the stories, you know, electronics or electronics components, going overseas where they were supposed to be recycled and, ended up in landfill. So I think, I really applaud the efforts, many of the vendors that we work with, you know, people like HP and Dell all have initiatives around, circular economy. And then, of course, we’ll talk later about, contract manufacturers, meaning that people that manufacture everything from iPhones to, to, to servers, but, you know, sometimes people, people buy things and for whatever reason, whether there’s an issue with it or maybe it was the wrong item. sometimes we have to return those items. So, I’ve, I’ve recently learned more about a feature called reverse, logistics So can you help me understand that a little bit more Dan? 

Dan: Yeah, absolutely. So yeah, reverse logistics really refers to the process of of managing the flow of products and materials that go from the customer back to the seller or manufacturer, or we’re used to the logistics right, of products going from the manufacturer to the consumer. But just play that in rewind. And that’s really what reverse logistics is all about. So it’s with, you know, some of the activities that would be involved in reverse logistics would be transportation, it’s returns of of products. You know, repairs and refurbishment could be included. It’s same with recycling and disposition. And so what’s interesting is that I think most people aren’t aware of how enormous this industry is. If you look globally, I think the reverse logistics industry for all products is approaching close to $1 trillion dollars 

Kurt: Oh, wow. 

Dan: And yeah, it’s it’s enormous. And in the US the US is maybe it’s closer to about 20% of that. It’s I mean maybe a little less. I’ve seen statistics where it’s maybe $150 billion to $180 billion a year. The components that I focus on are on the electronics side. That’s a that’s a subsection of the total reverse logistics market that’s closer to, you know, anywhere from 20 to 30 billion a year. But you can just see the magnitude of that when these manufacturers are tasked with getting returns and equipment back to them after they’ve already sold them to, to customers. 

Kurt: Okay, great. another term that I think it’s important for our listeners to understand is RMA I think I first learned about this term, all the way back when I worked at, NetApp in the early 2000’s I know that, eBay, excuse me, that, Securus has a, thriving eBay, store where we actually remarket, equipment on behalf of our customers. So I know that this is occasionally, but not often. based on what I’m looking in terms of our satisfaction rating, part of our process. But what is the term RMA mean 

Dan: Yeah, sure, and it’s funny you mentioned this, Kurt, because I was just meeting with one of our clients a couple days ago, a municipality, and he was talking about, the RMA policy of one of his vendors. So what RMA stands for is return material authorization. And the way to think about this, it’s basically the process of where a manufacturer or a supplier, grants the customer the right to return a product for a refund or maybe a replacement or even a repair. You know, you typically see this when there’s a defect with the product, whether it’s, you know, and a lot of times these are covered by the warranty, of the vendor. So it’s basically another way to think of it. It’s basically a permission slip for a customer to return, return their product. 

Kurt: Perfect. That’s that’s helpful. So now I know what, reverse logistics is. I understand the circular economy and RMA, Dan, help me understand. you know, we’re going to talk about contract manufacturers, but why might one of these OEMs outsource this process of reverse logistics? 

Dan: Yeah. So so we see a lot of this in our industry where OEMs are experts, a lot of times at designing their products, whether that’s that’s computers or other electronic devices. They’re experts at the design. A lot of times they’re experts at the the supply chain management of it, but where they’re not as, as well versed is just the idiosyncrasies of the reverse logistics game. And, on the surface, it may look simple. you just need to get the equipment back to the manufacturer. But a lot of times there’s a lot of, operational complexities involved here. You’re not sure how the equipment, what what state it’s going to be when it’s returned. if you’re looking to do repairs, it’s a whole. It’s really a different business. And so with a lot of these OEMs elect to do is they’re they want to be the best at the design and the supply chain management. but they want to outsource the core competencies of the reverse logistics game, because that’s just really not who they are, and that’s not what they do. And there’s going to be others who are more efficient and and more cost effective at doing it. 

Kurt: So, okay, so, give me an idea. And who are some of those companies? I know that Securis has worked with a number of them. You worked with, some of them personally, what are some examples of companies, you know, if I want to start, you know, Kurt’s Computer tomorrow, right? Maybe, maybe I would hire you. And we’re probably not going to do our own delivery. So we just assume, can we, if we talk to, if we want to hire somebody to help us out. 

Dan: Yeah. So so probably some of the most prominent names in the reverse logistics space are companies that a lot of us have heard of. Right. The Fedex’s, the UPS’s, you know, DHL is a pretty popular one, but those that may not be quite as as popular, that you have companies like Flex, they do a lot in this space. There’s GXO that’s a reputable reverse logistics company. And then there’s  Reconnect. Which is also one where, again, a lot of them are involved in helping these OEMs get equipment back. And then sometimes they’ll even add more value by doing some of the work. when it comes to refurbishing or repurposing some of the equipment and returns as well. 

Kurt: Okay. great. That’s that’s super helpful. So here’s something that might just surprise some of our listeners. I come to find out that sometimes inspection, sorting, repackaging, you know, testing and then trying to resell that equipment that came back in the RMA process, it’s actually way more expensive than, re remanufacturing. So, why is that Dan? Do you have any any guesses based on your expertise in the industry? 

Dan: Yeah. You know, it’s interesting, I, I like to think of it this way. So if you’re if you’re talking about remanufacturing, I mean picture a warehouse where, you know, you have equipment being assembled and it’s usually it’s very easy to manage because it’s it’s streamlined. It’s standardized. They, you know, engineers get paid to just make that process so much more efficient, whether there’s all types of techniques. Right. There’s Six Sigma and and all those ways of making that manufacturing really efficient. And so when it comes to remanufacturing, you’re able to benefit from some of those streamlined processes. And that standardization. But but when it comes to inspections and repackaging and really kind of more and the reverse logistics side of it, it’s not as streamlined. It’s a lot of times the returns, they may be in extremely different condition than when you first sent them. Sent them out. And and some of them may need a unique type of repair that’s, that’s different from from the others being returned. So you really need that individualized attention. And so that that makes for higher costs and, and more difficulties. 

And the other thing is, you know, there’s there’s an infrastructure component to this as well, because as you’re getting all these returns, you have to store these returns somewhere. You need warehouse space. You need workstations to to work and operate on the equipment. And so that makes it challenging to in addition, you know, it gets very hard because a lot of times you’ll have these unpredictable volumes. You’re you’ll be getting returns. But it’s very hard to predict at which rate. And that makes it hard for managers to manage through that, that, that process. So that’s why a lot of these OEMs, it’s in their best interest to outsource some of this work because, it’s just easier for them. It’s more cost effective. And then in addition, they don’t have to train the staff. There’s a lot of training that goes in to out to to the companies that are repurposing and sorting and repackaging. So so those are costs that they can shed when they when they outsource it. 

Kurt: Yeah. I mean, I think the other thing we should probably talk about is most of these OEMs actually outsource their manufacturing and they outsource it to companies that are incredibly good at manufacturing. They are highly automated. there may be a scenario where they manufacture equipment for multiple different product lines, multiple different companies, and they may have a factory that, you know, two weeks out of the month is manufacturing in one line and then switches to, to another line. But I think because of that high degree of automation, they’re able to manufacture things really cheaply. And then when you compare that to things that come back from RMA and are typically one offs, there’s a lot of human element with the inspection, the testing, kind of one off manual repairs and it becomes difficult to to match that. And so, you know, what I found is that for lower value items, maybe like computer peripherals, it may make more sense to completely break down and recycle that and then manufacture. That is new, from a cost perspective versus trying to, you know, repair individual items. or maybe you’re talking about something that’s super expensive, like a storage array or maybe a high end server. that might be a little different. but, you know, some of these, you know, some of these lower end things, I think it’s it’s cheaper to manufacturers. So, talk to me, Dan, about this whole outsourcing industry known as, contract electronics manufacturers. Can you give me some examples of what you’re seeing in the electronics industry of that? 

Dan: Yeah, absolutely. So you’re dead on Kurt in that a lot of companies are starting to outsource their manufacturing. I can think of a couple of examples. the big one is Apple. you know, they design their equipment typically in California, but a lot of it is, manufactured, over in China. I know that’s switching, you know, to India and I know Trump has, you know, I think reprimanded Apple for that but but yeah, you see this with some of the, the OEMs and on the networking side and server side as well. They’re using companies like, you know, Jabil and Flextronics and interesting, you know, Foxconn, which originally was working with Apple quite a bit on their phones and still are, but they are doing a lot of server manufacturing now for some of the hyperscalers out there. we’re also seeing companies like Nutanix now. They’re using Supermicro to manufacture and support some of the branded servers and so, yeah, I mean, an interesting case study too, is just to look at, Taiwan’s the Taiwan Semiconductor Company. I mean, that’s how they started. And just really ate the lunch of Intel because all of these designers for the chips was completely outsourced to Taiwan Semiconductor. And now Taiwan Semiconductor is, you know, it’s it’s I think it’s over $1 trillion business now. So, yeah, a lot of times it makes sense to to outsource this because the manufacturers just can benefit from economies of scale and expertise and, and different, different process improvements that, you know, sometimes it’s harder to be able to do the design all the way through the whole product lifecycle and stack, as well as if that piece of it is outsourced. 

Kurt: So, yeah, no, thank you for that, Dan. So let’s maybe change gears a little bit. obviously OEMs are trying to, you know, be innovative. They’re trying to sell more of their products to consumers. Obviously AI with everything is super hot. Right? So these OEMs are trying to balance their need, you know, for innovation with the circular economy. goals. I mean, you know, I’m working with many customers today that are in the process of replacing all of their laptops and desktops because the older ones don’t support, Windows 11 and some of the new AI stacks are out there. So talk to me, Dan. What’s what’s the balancing act between innovation and the circular economy? Because sometimes they can be a little bit at odds with each other, right? 

Dan: yeah. I agree with that. I mean, there is a real tension there, you know, between the product companies, you know, they’re incentivized to churn out new products and innovate. And, you know, just just look at Apple, right? It’s I mean, the wave of revenue that’s driven each time a new phone comes out, you know, and that and that does that conflicts with some of the sustainability expectations that clients may have, because, you know, what is going to happen to those old phones? Are they going to end up, you know, a lot of times there may be, whether it’s phones or in other electronics, there could be hazardous materials. And, so what is that going to do for the environment? So it’s interesting, you know, the best companies, I think they’re taking that to heart. And they realize that the consumer these days, they do care about, the environment and, and sustainability. 

And so, the best companies that I’m seeing, I don’t think that they’re necessarily forced between choosing innovation or circularity. They’re they’re doing what, you know, Jim Collins talks So he talks about in his books, you know, Built to Last and Good to Great. He talks about the tyranny of the or and and the great companies are taken of you to the. And they want to be both innovative and focused on the sustainability. And so a lot of times when these OEMs, if they are designing the product with the end in mind, I think of, as Steve Covey said, begin with the end of mind. If they’re thinking about what will happen at the end of the lifecycle, are the materials made from more recyclable materials? Is it easier to recycle at the end? Is it easier to repair at the end? I’m seeing a trend towards that, and I think ultimately that can be a great thing. But you’re right there. In the past, there’s been that natural tension between spitting out new products and the sustainability. But we’re starting to see some some more awareness on the OEM side with that. But we’re starting to see some some more awareness on the OEM side with that. 

Kurt: Yeah. I mean, I know HP’s got some investment there. I think there are some models with less plastic with easier to recycle plastic, maybe a little bit more aluminum and metals versus, plastics. So I’m definitely seeing, something there. So when we were talking about iPhones, I mean, I personally was part of a class action lawsuit where, this goes back a few years where, Apple was accused of, purposely making, iPhones obsolete and the very short lifespan. So I think that’s gotten consumers interested. You know, you talked about the environmental, impact, but there’s also potentially a cybersecurity impact. of these upgrades and end of life, equipment, you know, on our, you know, on our website, you know, Securis.com, we do have a, article that talks, you know, answers the question whether or not doing a factory reset on your phone, protects your data, but what types of products, then do you require data sanitization? before recycling? 

Dan: Sure. Yeah. So, yeah, I would say in terms of what products required to do sanitization, I really lump that into two categories. There’s there’s your traditional IT assets that we’re all familiar with right. There’s your your desktop computers and your laptop computers and your phones and your servers. and those types of devices. And what’s interesting about that, that segment is that, you know, that that has evolved in terms of the difficulty with which, you know, the resources and difficulty in terms of data destruction and sanitization. I think back, I think it was basically, you know, back in the mainframe era where, you know, you had these huge, huge rooms just and that was basically the mainframe. And while maybe physically, it was a lot harder to destroy it because it’s so big, you knew where it was, you knew how to secure it. 

But now with, you know, the form factor getting so small where terabytes of data can be on basically a chip the size of your thumb, you can just imagine for IT directors and CIOs and security officers, just that challenge of now managing all that data that could be all over the place. And so, you know, that’s the again, one segment is the traditional it’s that’s that’s again becoming harder to manage given, you know, the different form factors. But then the second set of items that really require data santization is, has really exploded ever since the Internet of Things took off. And so there’s a lot more consumer devices that you see that require disposition securely. You know, a couple that come to mind would be, you know, the health monitoring wearables or smart home devices, even think of automobiles. Now, you know, 40 years ago, I don’t know if there were any computer. I don’t think there were any computers in cars, now, I mean, it’s basically a car is, a rolling computer. So you’re seeing that even with, you know, consumer appliances, even some children’s toys there, there’s data being collected and about usage and streaming back to the internet. And so those are some of the things. Now, you know, the smartwatches and smart rings even can contain financial data. All those types of devices, are in that second segment that, you know, consumers really need to pay attention to in terms of proper sanitization. 

Kurt: So, yeah, I mean, I think I saw a product announcement recently and that might not be wrong. Exactly right. But I think it was, Pure Storage has over a 41 terabyte individual drive now. Wow. Yeah. Which is pretty crazy. yeah. You know, you you also, brought up, wearables. That’s not something that I consider that a security concern until recently. I know at Securis one of the pieces of software that we used to make sure that all data is removed from things like, computers and servers and phones. is a company called, Blancco which, is software that we have found to be, really great and do a good job. It helps us with our workflows and gets all the data off. But there’s a gentleman that left Blancco recently, and maybe I’ll provide a link to this, in, in the show notes or the transcript, but he actually, now has a company that removes data from smartwatches. So we haven’t got a ton of them. yet at Securis. but I expect that we will. And if we get a scenario where customers are asking us to give them value or re-market those or reuse those, I think that’s something that’s going to eventually come up for us. 

Dan: Yeah. No, that’s that’s interesting. you bring that up and I’m probably the most dramatic case I recall of the importance of securing the data on the smartwatches. This happened a couple of years ago. There were Marines who were stationed at a basically an undersea closed military base overseas in Syria, and they would do their their morning jogs and running around. They’d run around the perimeter of the base and things, and that data was getting streamed onto an app. And then it was just being published on the internet. And so it just tells you you’ve you’ve really got to think through these devices, not only the data that’s stored on them, but the risk it can put, various organizations if they’re not controlling it carefully. 

Kurt: Awesome. All right, now switch gears again one more time. so we talked about data sanitization and why that’s important for both consumers and companies and even the US military. But some products really don’t contain their data bearing devices. And so they’re not going to require sanitation. But, I’ve learned that the OEMs might, want those, destroyed even I think Securis has experience with, a brand that manufactures speakers and headsets that I really like to use. Why would a company like that say, hey, I want these devices destroyed? 

Dan: Yeah. So again, if you take away the data piece of it, I can think of a couple other reasons that manufacturers and OEMs would still want their their products destroyed. So the the first reason is brand protection. So if you have, if an OEM has a product that’s either defective or outdated, they want to make sure that those quality standards are kept extremely high. So they’re going to want to make sure that that product doesn’t get re-released out onto the market. So I can see them really as a way of brand protection. We see that often where, OEMs need destruction provided. The other other idea is limited liability. So if, if a product is defective or it’s if it’s recalled and maybe it has, you know, there’s potential for it to be, do harm, you know, it’s important that that gets taken off the market and destroyed. 

I can think of a lot of times you may see, a battery that has either, you know, we call them bulging batteries. If there’s, you know, hazardous materials. The OEM doesn’t want their name associated with any risk to the consumer. If there’s there’s been some issue with with the product. The other the other reason that OEMs, you know, would want to products destroyed again, if you take out the data piece of it is just from, regulatory compliance perspective. Again, if if there are if the goods have expired a lot of times failure to sometimes manage and and and remove those items properly can can result in regulatory penalties. 

And then lastly, just from, you know, if, if a product becomes obsolete or outdated, a lot of times, you know, the the OEM wants to make sure that they’re managing demand for their most recent product. And so if you have some of these older generation products, if they can remove those from the marketplace, that’s going to ideally drive more demand for their latest generation products. And so those are just some of some of the reasons that we see OEMs who, you know, want to make sure that their legacy products are destroyed properly in a in an environmental way, as well. 

Kurt: Awesome, great. So we’re going to continue in the trend we’ve talked about OEM’s and you know what they outsource. And you know, specialization of different different vendors. And so we talked about OEM’s outsourcing manufacturing. We talked about them outsourcing reverse logistics. So either of those reverse logistics companies or their OEMs, many times they outsource, you know, this recycling or end of life destruction process to somebody called an IT asset disposition. company people like Securis. We do that for a number of OEMs. what kind of services are they looking for and why were they outsourced versus just trying to do that themselves? 

Dan: You know, so a lot of times you’ll see OEMs or reverse logistics companies even, they’ll outsource the very end piece of the the product lifecycle, to a company like an IT asset disposition company, a company like Securis because there’s, there’s, you know, a couple couple components to it. First is just from the data security perspective. We talked about that. There’s depending on the type of device or the way the media is stored, you really do have to be an expert in it to make sure that the data is destroyed properly. And so you know what’s interesting. And, you know, especially like I’m thinking some of these laptops these days and, you know, these, these small solid state drives that are included in them, you know, there are there are it’s almost like, you have to be a forensic, expert to be able to look through all these. 

There’s almost like there’s little hidden component or compartments in the laptops that if you’re not just very, very careful and an expert in it, we’ve seen many cases where a small, small, solid state drive can slip through the cracks. So it’s that’s one reason OEMs know that they’re not necessarily the experts in reverse logistics companies know  they’re not experts. But there are companies out there that are experts like the ITAD providers. And so that’s that’s that’s a reason that they want to tap into that expertise. that’s more on the data security side. on the environmental side too, a lot of the the best ITAD companies, have to have certain environmental certifications. The most prominent, is one called R2, r2, and it’s R2v3 is where it’s the third version out right now. 

And they are doing, The organization that runs that is called SERI, and they are auditing ITAD companies to make sure that they’re complying with all the different regular environmental regulations. they’re making sure that the equipment is handled properly, that things aren’t ending up in landfills. They’re also making sure they’re auditing all the downstream potential vendors of the ITAD companies, too. So it’s a it’s a big deal. And that gives the OEMs a lot of comfort. And it goes again, it goes back to brand protection that the marketplace will see that they’re handling things appropriately. and then lastly, just there’s there’s a value recovery component to this. So a lot of times the ITAD companies, they’re they’re experts at maximizing the value of whether it’s, if they have permission to resell the equipment as is and refurbish it, or whether it’s just the broken down raw materials. 

They they specialize in this. And a lot of times that they’re driving that value and then they’re giving some of that sometimes back to to the companies that they service. And so those are just a couple of the reasons that you’d see these OEMs and reverse logistics companies want to engage in ITAD And, you know, again, it comes down to that expertise protecting from the data security side and then also the environmental side and and the value recovery of it. So yeah. 

Kurt: So Dan, you mostly have answered my my next and close to last question. Appreciate you bearing with me, through this learning session here. so obviously, you know, you mentioned R2, you mentioned, NAID AAA, which is a security, designation I had previously mentioned, you know, your individual certification and what, you have –  a certified secure data destruction, specialist. but, I guess, you know, I’ve been told that one another reason that, these various logistics companies, other than the ones you’ve stated so far, looking to, to outsource, the the recycling or the data destruction to an ITAD company is because the, the, the OEM that they’re contracted with is looking for a legal document known as a certificate of destruction. so that’s an example of one type of reporting or auditing. But what other types of reporting or auditing might the OEM require? from both the ITAD and, you know, if it’s, you know, subcontracting relationship, but with the reverse logistics company, what are they looking for typically? 

Dan: yeah, so it’s it’s interesting because it’s one thing to actually recycle the equipment or destroy the equipment that the OEM or reverse logistics company provides, but it’s another to prove that it was destroyed or recycled. And so a lot of these companies do get audited. And so it’s important that they have that evidence. So some of the, the, the methods that we’ve seen or some of the deliverables are anything from serial number capture. So a lot of times a company, may want to just see basically a list of all the serial numbers or even an asset tag of all the devices that have been recycled, and that can come in the form of a, an Excel file or a CSV file, something like that. We’ve also seen just weight reporting. 

There’s some cases where they want to see the actual weight, because a lot of times they’re tracking for their sustainability goals, the the pounds of equipment that they have recycled. We’ve also seen cases where they’ll want to see photo evidence. So whether it’s we’re capturing with a photo the device right before it was destroyed or a picture of it afterwards. And then this comes also in the forms of, of inventory reports. And as you mentioned, that certificate of destruction and recycling. And so one thing that we found also really helpful is if a client is getting audited and they need to refer back, say, to a specific individual item that we’ve developed. And other companies in our industry have developed portals where they can go online, log into their the portal, and basically search for an individual asset by serial number or, or asset tag. And it saves them a ton of time. 

I’ve, I’ve seen companies, God bless them where, you know, they were recording all of these items on a, on an Excel spreadsheet. And, you know, it was basically a 50,000 line spreadsheet. And so you can imagine the time it takes. Whereas now with, portals that we have, you can just type into the search bar and quickly pull up an asset and prove that it’s been dispositioned properly

Kurt: Microsoft Excel Dan, the most used database in the world. 1000  items starts to be a lot. last question. Thank you so much. So, there may be some OEMs or, reverse logistics companies listening to this and, wanting to reach out to Securis, but curious about our experience and our, our past performance. can you, can you share a couple that that might be relevant without, you know, providing any information that would be subject to non-disclosure? 

Dan: Yeah. Yeah, absolutely. So yeah, outside, you know, traditional electronics companies that we work with, we work with companies that produce audio peripherals. So speakers and headsets and those types of products, we also work with companies that produces produce alarms. So they’re they’re producing the alarm systems at buildings and homes. And they need that those eventually to be dispositioned and destroyed and recycled properly. And then also, you know, here’s a neat one. Drone manufacturers. So they’re producing drones. And once they’ve reached their end of life, those need to be destroyed properly. So those are just some of the the OEM types of OEMs we work with, among others as well. 

Kurt: Yeah, I mean, I know, Securis does a lot of work with the, the US, DoD and defense, industrial base and, and I, I think the term Dan is called de-militarization, at the, at the end of life, what I’ve learned is in some cases, you know, there’s these items, they might be concerned that there’s classified data on them. in other cases, they’re more concerned about, enemies of the United States trying to copy, whether it’s a radar system or a weapons system or the drone, technology. So many of those companies have reached out to us for kind of a use case. We haven’t talked about it yet, but really just that, demilitarization. use case. But, yeah.I really appreciate you joining. tons of insights, about electronics OEMs and and how they’re investing in the circular economy.

Dan:  thank you so much. And have a wonderful day. All right. Thanks so much for having me. I appreciate it.

BIOS:

Dan Mattock is a VP with Securis and has been with the company for 15 years.   He is a CSDS (Certified Secure Data Destruction Specialist) and LEED (Leadership in Energy and Environmental Design) Certified.   He has served as the president of the Northern Virginia Chapter of the National Property Managers Association.  He has consulted with some of our largest customers on the topics of data security, the circular economy, and IT Asset Disposition best practices.

Learn more about how Securis ITAD Services – Contact Us today!