CISO/Security Vendor Relationship Podcast
Discussions, tips, and debates from security practitioners and vendors on how to work better together to improve security for themselves and everyone else.

Categories

Hacking Media Production Podcast
podcast

Archives

2019
December
November
October
September
August
July
June
May
April
March
February
January

2018
December
November
October
September
August
July
June

2014
February

2013
June
May
April
March
February
January

December 2019
S M T W T F S
     
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31

Syndication

This is a special episode of Defense in Depth being shared on this feed. Find the full post with links and images on the CISO Series site here (https://cisoseries.com/defense-in-depth-vulnerability-management/)

So many breaches happen through ports of known vulnerabilities. What is the organizational vulnerability in vulnerability management?

Check out this post and discussion and this one for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our guest is Justin Berman (@justinmberman), CISO for Zenefits.

Vulcan Cyber

Vulcan’s vulnerability response automation platform allows enterprises to automate their TVM programs. Vulcan integrates to existing IT DevOps and security tools to fuse enterprise data with propriety intelligence which allows to accurately and subjectively priorities and remediate vulnerabilities - either using a patch workaround or compensating control.

On this episode of Defense in Depth, you'll learn:

  • As the CIS 20 concurs, vulnerability management is the first security measure you should take right after asset inventory.
  • Vulnerability management needs to be everyone's issue and managed by all departments.
  • Lots of discussion around vulnerability management being driven by culture which is a very hard concept to define. To get a "vulnerability management culture" look to a combination of awareness and risk management.
  • Vulnerabilities don't get patched and managed without someone taking on ownership. Without that, people are just talking and not doing.
  • Increased visibility across the life cycle of a vulnerability will allow all departments to see the associated risk.
  • Who are the risk owners? Once you can answer that questions you'll be able to assign accountability and responsibility.

Direct download: Defense_in_Depth_VM_with_intro_FINAL.mp3
Category:podcast -- posted at: 8:51pm PST