Get five technology executives in a room to discuss technology trends and you'll get a healthy dose of reality, sans vendor hyperbole.In the first 2006 meeting of the Network World Advisory Board (members hail from large companies in the Boston area), we discussed everything from IT management frameworks to security. The members prefer to remain nameless, but their opinions are worth sharing.One of the things all of the members share an interest in is the IT Infrastructure Library (ITIL), a framework for IT service management. All five are working with ITIL, and most seem to agree with the approach that Gartner advocates: Use just enough. "We're implementing the parts we think we need," one board member said.Why ITIL? To do anything today the first step is always "find the guy," said one board member. Find the guy who knows how this was crafted and why and what the dependencies are. She is looking to use ITIL to introduce more formality to the IT process and define business services. "We want to shift so we're business-focused and less technology-focused.""ITIL helps eliminate finger-pointing," said another board member. What's more, she said, it can facilitate outsourcing because many outsourcers use ITIL frameworks.Most of the board members are outsourcing something. One member uses two companies in India for application support, primarily PeopleSoft, SAP and Siebel. He has a full-time resource manager on staff to support the relationships.Another member outsources infrastructure support. All mainframes were turned over, as well as many servers, but the company kept desktop support and is looking at bringing network monitoring back in-house because of a dispute about who is responsible for what. The lesson: Triple-check contract wording.When asked about service-oriented architectures (SOA), the top buzzword of the day, one of the members said he keeps asking his team, "What problem are we trying to solve?" If the answer is application integration, the next question is, how can the legacy stuff play?The only member who has an SOA service running said he expects SOA will arrive as the major application vendors build it in. "We'll migrate as they migrate."On the security front, the board members agreed that security isn't hard; meeting compliance regulations is. Even interpreting the rules is complicated. "It is easy to over-interpret, and then costs go through the roof," said one member.Companies that deal with consumer information, for example, have to comply with internal firewall requirements. You can't, for example, use real data in test environments. "It is at least an order of magnitude more complex than issues surrounding perimeter firewalls," one member said.