NinjaOne Chief Product Officer Rahul Hirani published an opinion piece arguing that IT and security operations need to converge, and that organizations still running them as separate functions are accepting unnecessary risk. The argument centers on the speed mismatch between how quickly attackers act on newly disclosed vulnerabilities and how slowly most organizations remediate them.
The numbers Hirani cites put the pressure in concrete terms. Somewhere between 49 and 61 percent of newly disclosed vulnerabilities are being weaponized within 48 hours. Most enterprise patching cycles operate on weekly or monthly schedules. That gap is not a configuration problem or a tooling gap in isolation. It reflects an organizational design that made sense when threat timelines were longer.
The traditional IT and security split assigns vulnerability identification to security teams and remediation to IT operations. The handoff between those two functions introduces latency, and that latency has become a liability. Hirani's core argument is that eliminating the handoff, or at minimum tightening it significantly, requires giving IT operations teams real-time risk context rather than periodic scan outputs.
In practice, this means patching decisions informed by live exposure data rather than scheduled scan results. It also means automation doing more of the sequencing work, identifying which vulnerabilities are most critical, applying updates in the correct order, and verifying installation, without requiring manual coordination across teams.
NinjaOne, as an IT management company, has a direct commercial interest in that consolidation, and Hirani is making an argument that maps cleanly onto the category of tooling his company sells. That said, the underlying diagnosis is well-supported: the handoff latency problem is real, widely documented, and not obviously solvable by better tooling on either side of the divide in isolation.
For network teams, the more durable question is whether convergence is primarily a tooling problem or an organizational one. The piece leans toward tooling and automation as the primary levers, but IT and security teams frequently operate under different reporting lines, different incentive structures, and different compliance obligations. Workflow integration can reduce handoff friction, though it does not necessarily resolve the structural reasons those handoffs exist in the first place.
