Episode 9: Teen Hackers, Billion-Dollar Damage — Zafran’s Yonatan Keller & Nate Rollings on AI Threats Rising

In this episode of THREATCON1, hosts Tom Bain and Patrick Garrity sit down with Nathan Rollings, Field CISO at Zafran, and Yonatan Keller, Analyst Team Lead at Zafran, for a deep, practitioner-focused conversation on the realities of modern vulnerability management.

Together, they explore why patching alone can’t keep up with today’s threat landscape — and how security teams can dramatically reduce risk by prioritizing what actually matters.

🔍 Key Topics Covered

Why patching is too slow

The average enterprise takes ~49 days to patch — while attackers weaponize vulnerabilities in days (or minutes).

Mitigating controls vs. patching

How firewalls, EDRs, WAFs, segmentation, and configuration changes can meaningfully reduce exploitability — even when patching isn’t possible.

The “1 in 50,000” insight

Why only a tiny fraction of vulnerabilities are truly critical when you factor in runtime, reachability, exploitability, and existing controls.

Zero-days without CVEs

How agentic workflows can assess exposure, identify impacted assets, and recommend mitigations before scanners, signatures, or CVE IDs exist.

CTEM as a maturity journey

Moving from noisy vulnerability lists to operationalized, risk-driven exposure management — without creating shelfware.

Threat enablement is the real danger

Why loosely organized groups and even teenagers are now capable of causing enterprise-level disruption.

Edge devices, legacy software, and OT risk

Why internet-facing systems and unpatchable environments (manufacturing, healthcare, critical infrastructure) demand a mitigation-first mindset.

AI vulnerabilities: the next frontier

No CVEs, no standards, rapid adoption — and a growing attack surface most organizations aren’t tracking yet.

AI as a force multiplier for defenders

How agentic AI can shorten exposure windows, automate analysis, and upskill under-resourced security teams.

🎯 Why This Episode Matters

If you’re overwhelmed by vulnerability volume, constrained by patching windows, or struggling to align security priorities with business reality, this episode offers a grounded, experience-driven perspective on how modern teams are adapting — and where the industry is heading next.

THREATCON1 is created by VulnCheck and focuses on emerging threats, real-world security operations, and conversations with practitioners shaping the future of cybersecurity.

🔔 Subscribe for more episodes exploring vulnerabilities, threat intelligence, and exposure management with the people who matter most.