Welcome to VulnWise – your guide to conquering the chaos of vulnerability management. Hosted by two tech startup co-founders in the cybersecurity space, our bi-...
Patching and Bug Bounty Programs with Rishika Hooda
In this episode of the VulnWise Podcast, Scott Kuffer and Steve Carter talk to Rishika Hooda, a senior technical program manager at Google, who shares her extensive experience in cybersecurity, particularly in managing Android's patching and bug bounty programs. The conversation delves into the complexities of vulnerability management at scale, the importance of prioritization, and the challenges faced by large organizations in maintaining security. Rishika emphasizes the need for transparency, context, and effective communication within teams to enhance vulnerability management processes.Key Moments00:00 Introduction to Cybersecurity and Vulnerability Management02:23 Understanding Android's Patching and Bug Bounty Programs08:14 Challenges in Scaling Security Programs14:27 Best Practices in Vulnerability Prioritization19:32 The Complexity of Patching in a Global Ecosystem20:03 The Process of CVE Publication and Transparency22:42 Measuring Effectiveness of Vulnerability Management Programs#patching #securityprogram #bugbounty #podcast
--------
32:00
The Intersection of Threat and Vulnerability Intelligence with Eli Woodward
In this episode of the VulnWise show, Steve Carter and Scott Kuffer engage with Eli Woodward, a seasoned cyber threat analyst, to explore the intricate relationship between threat intelligence and vulnerability management. They discuss the evolving role of SOC teams, the discrepancies in vulnerability exploitation reports, and the importance of prioritization in vulnerability management. Eli shares insights on evaluating CVEs, the impact of AI on security operations, and his experiences at the National Intelligence History Conference, emphasizing the need for continuous learning and adaptation in the cybersecurity landscape.Key Moments00:00 Introduction to Cybersecurity and Vulnerability Management03:11 Understanding Threat Intelligence vs. Vulnerability Intelligence06:00 The Evolution of Security Operations08:58 Discrepancies in Vulnerability Exploitation Reports12:09 The Role of Initial Access in Breaches15:09 Prioritization of Vulnerabilities in Organizations17:58 Evaluating and Classifying CVEs21:05 The Impact of AI on Cybersecurity23:50 Future Trends in Vulnerability Management26:59 Insights from Bletchley Park Conference29:54 Final Thoughts and Key Takeaways#VulnerabilityIntelligence #ThreatIntelligence #AIinSecurity #CybersecurityTrends
--------
41:32
VulnWise: Compensating Controls in Vulnerability Management with Caleb Hoch
In this episode of the VulnWise Show, hosts Scott Kuffer and Steve Carter dive into the nuanced world of compensating controls with cybersecurity expert Caleb Hoch, Principal Security Consultant at Google Mandiant. Caleb shares his insights on effectively leveraging compensating controls in vulnerability management, balancing risk, and addressing challenges in complex environments. From proactive strategies to validation techniques, this episode explores how compensating controls can help secure even the most intricate systems.
Key moments:
00:00 Introduction to Vulnerability Management and Compensating Controls
01:38 Defining Compensating Controls in Cybersecurity
03:56 The Role of Compensating Controls in Vulnerability Management
08:02 Challenges in Implementing Compensating Controls
12:03 Validating Compensating Controls Effectiveness
15:55 The Intersection of GRC and Vulnerability Management
19:57 Compliance vs. Security: The Role of Controls
23:54 Prioritizing Vulnerabilities with Compensating Controls
27:51 Starting with Compensating Controls: Where to Begin
32:04 The Future of Attack Path Mapping and Compensating Controls
--------
35:19
Mastering CTEM - From Vulnerability Management to Exposure Management with Chris Peltz
Welcome to the VulnWise Show! In this episode, we dive deep into the world of Continuous Threat and Exposure Management (CTEM) with Chris Peltz from GuidePoint Security. Join hosts Steve Carter and Scott Kuffer as they explore CTEM’s transformative potential in exposure management. Chris shares insights on differentiating vulnerabilities from exposures, implementing CTEM frameworks, and the future of security operations. Whether you’re new to CTEM or an experienced practitioner, this episode offers valuable perspectives to help you conquer vulnerability chaos.
Welcome to VulnWise – your guide to conquering the chaos of vulnerability management. Hosted by two tech startup co-founders in the cybersecurity space, our bi-weekly podcast features best in class cybersecurity experts from top organizations to discuss strategies, insights, and trends in vulnerability management and cybersecurity. From managing risks to staying ahead of emerging threats, we tackle the topics that matter most. Whether you're a seasoned professional or just starting out, join us every other week for actionable advice and inspiring conversations.
UK