The Future of Vulnerability Management podcast is dedicated to helping security professionals tackle real issues in the vulnerability management space. In each episode, NopSec’s CEO Lisa Xu will interview industry experts and leading practitioners about what can be done to prepare for the future of vulnerability management. This show is brought to you by NopSec.com
Kyle McNulty on How to Reinvigorate the Vulnerability Management Category
In today’s episode, NopeSec's CEO, Lisa Xu, speaks with Kyle McNulty, entrepreneur and host of Secure Ventures podcast, a platform for security founders to tell their stories. Kyle is a security consultant and advisor, helping startups balance and implement security amidst competing priorities.
On the Secure Ventures podcast, Kyle McNulty interviews founders, executives, visionaries, and creators in the cybersecurity industry. The conversations include deep dives into fascinating backgrounds, explanations of transitions into cybersecurity, and the challenges and successes that have shaped their careers.
How Kyle kicked off his consulting and podcasting career through cold outreach.
The most common challenges Kyle hears from vulnerability management managers.
The downside of only addressing the critical and high priority vulnerabilities.
The fundamental root causes of vulnerability overload.
The multi-dimensional challenges of balancing innovation and managing the vulnerability landscape.
How security can be a true enabler to an organization and improve overall business processes.
How the industry can invigorate the vulnerability management category to better engage security practitioners.
What surprises Kyle about centralization.
The importance of automation in vulnerability management to create more stimulus and provide more valuable insights.
Kyle’s practical advice for vulnerability management managers to succeed in the future.
Leslie Forbes: Why it’s Important for Security Practitioners to Understand Business Logic to Prioritize Vulnerabilities
In today’s episode, NopeSec's CEO, Lisa Xu, speaks with Leslie Forbes, Vulnerability Management SME, at Axonius, a cybersecurity asset management platform. Leslie is a technologist at heart, committed to bridging the gap between commercial and technological sides. At Axonius, he helps technical account managers and sales engineers teams engage with customers to provide the best expertise in each of the verticals the company supports.
How Leslie sees vulnerability management challenges across different customers and industry verticals
Leslie’s interpretation of risk-based prioritization
Data overload across all sources and how to triage assets to better focus on crown jewel assets
Why it’s important for security practitioners to understand business logic to better prioritize vulnerabilities
Breaking down the fundamental hygiene problem many vulnerability management teams face
Measuring the risk of a vulnerability in contrast to the impact of the vulnerability
The areas in vulnerability management that need automation the most
Life cycle management and how to reach the end goal
Leslie's predictions on the future of vulnerability management
Tunde Oni-Daniel: How Organizational Culture Affects Consensus about the Criticality of Assets
In this episode, NopeSec's CEO, Lisa Xu, speaks with Tunde Oni-Daniel, Head of Technology Operations and Engineering at OneMain Financial. OneMain Financial is the leader in offering nonprime customers responsible access to credit and has been dedicated to improving the financial well-being of hardworking Americans since 1912.
During the episode, Tunde brings his considerable experience in technology operations and engineering to provide a unique perspective on vulnerability management and other critical security concepts.
Tunde shares how early in his life, being vulnerable enough to recognize what he didn't know but finding creative ways to attain the knowledge he needed helped shape his career.
Based on his experience working in various industries, Tunde talks about his observed differences and similarities in operational risk management.
Tunde explores some of the challenges organizations experience as they struggle to establish and communicate the criticality of data and other digital assets across their enterprise.
Lisa and Tunde dive into the idea that security leaders must continually focus on what is most important to the organization and build resiliency for those assets in their systems.
The conversation examines the idea that organizational culture affects how well leaders can achieve consensus about the criticality of assets.
Tunde emphasizes the importance of understanding the language of the board to effectively communicate with executives or stakeholders who are not coming from technology or cyberspace.
Lisa and Tunde touch on how vulnerability management can affect cyber insurance.
Yabing Wang on How Practitioners Can Use Vulnerability Management to Improve Business Objectives
In this episode, we are joined by Yabing Wang, the CISO at Justworks. Justworks takes the busyness out of growing a business and alleviates the unknown. NopSec's Lisa Xu talks with Yabing about her multifaceted cross-discipline journey to become a leader in the field of cybersecurity.
In this interview, Yabing shares her insights into best practices for vulnerability management today, her vision of future security, and how practitioners can use it to improve security for businesses.
Yabing shares some vulnerable moments that helped shape her career as a leader in the security industry.
Yabing talks about how her education in philosophy brings value to her as a CISO looking at vulnerability management.
Lisa and Yabing explore some of the commonalities in vulnerability management across different industries and market segments.
They discuss prioritizing vulnerabilities and the need for bidirectional automation.
Some best practices for vulnerability management metrics to mitigate risk are highlighted.
Yabing shares her perspective on security at a company with a traditional legacy infrastructure versus a cloud-based business-centric approach.
Yabing and Lisa talk about how cybersecurity is more and more tied to business objectives.
Yabing explains her leadership style as a woman in a security leadership role.
Tim Brown, CISO at SolarWinds, on the Role Vulnerability Management Plays in Proper Cyber Hygiene
In this episode, Lisa talks with Tim Brown is CISO at SolarWinds. Tim has held many roles in the cybersecurity space, including Fellow, chief architect, distinguished engineer and board advisor. Tim drives the creation, architecture, strategy and external visibility for products and solutions.
He has helped develop solutions in a number of security related areas including, vulnerability management, identity management, GRC, Antivirus, intrusion detection, encryption, security event management, cloud security, forensics, insider threat, IOT, analytic and managed security services. Tim has 15 issued patents and has developed and enhanced the patent programs.
Tim’s most vulnerable moment that shaped his career as a professional
What makes good cyber hygiene and the role VM plays
Why hygiene is not black and white, but something that should be measured consistently
Why just tooling without a VM program in place is ineffective
What it’s like to go through such a high profile, high visibility event
His takeaways and recommendations for practitioners and defenders
How defenders think in lists, attackers think in graphs
Tim’s practical advice for practitioners
Matt Sharp: How to Bridge the Gap Between Risk Management and Core Business Outcomes
Matt Sharp is the CISO at LogicWorks, a leading provider of platform driven cloud operations for AWS and Azure. Before LogicWorks, Matt was head of global information security at Crocs and spent more than a decade with cyber consulting firms like Optiv and Coalfire. Matt is also an author and recently published The CISO Evolution.
In this episode, Lisa and Matt discuss bridging the gap between security and business units, breaking down silos, and more!
How future economies built on the backs of digital platforms and in dynamic cloud environments will shape challenges in vulnerability management
Matt’s perspective on silos in SecOps teams how he breaks them down
How he engages multiple stakeholders to improve the maturity
How Matt sees the balance of soft and hard skills required to be successful in vulnerability management space
How to make relevant risk decisions about assets and how to tie them to core business outcomes
Why starting a business, automated learning, and finding meaningful ways to augment your programs and perspectives will help vulnerability management managers succeed in the future
The CISO Evolution