How NOT to suck at Vulnerability Management

In the current cyber landscape several vulnerabilities are discovered every day. The volume and multiple sources from which to consume this information creates interesting challenges for any security team. Poor vulnerability management has become a serious fundamental problem and a common factor in most data breaches in the past months.

Vulnerability management is often disregarded, improperly staffed, and rarely discussed in some circles of the infosec community. Badly implemented programs are the source of nightmares for blue teams and the joy of red teams, pentesters, and bad guys alike. Under these circumstances, are you prepared to deal with vulnerabilities accordingly?

In this talk, we'll share our experiences building a program to address and deal with vulnerabilities at scale. What works, what does not and why. More importantly, what actions you should consider to improve or build your Vulnerability program. In addition, we'll be releasing a vulnerability management tool and show how it can be use in your own program. Whether you are a seasoned infosec professional or new to the field, there is something for you to take away.

Plug is currently a Paranoids FIRE member at Oath. He started his journey in computer security back in 1996 when he discovered a 2600 magazine that eventually lead him to...

Chris is currently a Sr. Security Engineer at Verizon Digital Media Services (formerly EdgeCast). He started working with computers in High School, and having older slower computers quickly made the...

Back to talks..