VulnWise S1E6: Into the Minds of CISOs, Analysts, and VM Practitioners with Jon Oltsik

Vulnerabilities, AI, and the Human Factor with Dr. Nikki Robinson

In this episode of the VulnWise show, Steve Carter and Scott Kuffer engage with Dr. Nikki Robinson to discuss the evolving landscape of vulnerability management. They explore the significance of the CVE program, the impact of human factors on cybersecurity, the role of AI, and the importance of automation in vulnerability management. The conversation also delves into the future of vulnerability chaining and attack path mapping, highlighting the need for organizations to adapt to these changes in the cybersecurity landscape.

VulnWise S1E6: Into the Minds of CISOs, Analysts, and VM Practitioners with Jon Oltsik

In this episode of the VulnWise Show, hosts Steve Carter and Scott Kuffer engage with cybersecurity expert and semi-retired analyst Jon Oltsik to discuss the evolving landscape of vulnerability and exposure management. They explore best practices derived from conversations with CISOs, the role of AI in vulnerability management, and the persistent challenges of prioritization. The discussion also delves into incident response processes, the significance of threat modeling, and the implications of SLAs in managing vulnerabilities. Jon shares insights on the analyst perspective in cybersecurity and the relevance of frameworks like CTEM, emphasizing the need for continuous education in the field.

VulnWise S1E5: Vulnerability and Exposure Management with Johnny Shaieb

In this episode of the VulnWise Show, hosts Steve Carter and Scott Kuffer engage with Johnny Shaieb, Chief Architect of Exposure Management at IBM. The conversation delves into the evolution of vulnerability management, the shift towards exposure management, and the importance of asset management in cybersecurity. Johnny shares insights from his extensive experience in the field, discusses the concept of a Risk Operations Center, and highlights the significance of normalizing data for effective vulnerability management. Additionally, he reflects on his academic journey and ongoing research into the history of vulnerability databases and scoring systems.

Patching and Bug Bounty Programs with Rishika Hooda

In this episode of the VulnWise Podcast, Scott Kuffer and Steve Carter talk to Rishika Hooda, a senior technical program manager at Google, who shares her extensive experience in cybersecurity, particularly in managing Android's patching and bug bounty programs. The conversation delves into the complexities of vulnerability management at scale, the importance of prioritization, and the challenges faced by large organizations in maintaining security. Rishika emphasizes the need for transparency, context, and effective communication within teams to enhance vulnerability management processes.Key Moments00:00 Introduction to Cybersecurity and Vulnerability Management02:23 Understanding Android's Patching and Bug Bounty Programs08:14 Challenges in Scaling Security Programs14:27 Best Practices in Vulnerability Prioritization19:32 The Complexity of Patching in a Global Ecosystem20:03 The Process of CVE Publication and Transparency22:42 Measuring Effectiveness of Vulnerability Management Programs#patching #securityprogram #bugbounty #podcast

The Intersection of Threat and Vulnerability Intelligence with Eli Woodward

In this episode of the VulnWise show, Steve Carter and Scott Kuffer engage with Eli Woodward, a seasoned cyber threat analyst, to explore the intricate relationship between threat intelligence and vulnerability management. They discuss the evolving role of SOC teams, the discrepancies in vulnerability exploitation reports, and the importance of prioritization in vulnerability management. Eli shares insights on evaluating CVEs, the impact of AI on security operations, and his experiences at the National Intelligence History Conference, emphasizing the need for continuous learning and adaptation in the cybersecurity landscape. Key Moments00:00 Introduction to Cybersecurity and Vulnerability Management 03:11 Understanding Threat Intelligence vs. Vulnerability Intelligence 06:00 The Evolution of Security Operations 08:58 Discrepancies in Vulnerability Exploitation Reports 12:09 The Role of Initial Access in Breaches 15:09 Prioritization of Vulnerabilities in Organizations 17:58 Evaluating and Classifying CVEs 21:05 The Impact of AI on Cybersecurity 23:50 Future Trends in Vulnerability Management 26:59 Insights from Bletchley Park Conference 29:54 Final Thoughts and Key Takeaways#VulnerabilityIntelligence #ThreatIntelligence #AIinSecurity #CybersecurityTrends