BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
Content provided by CISO Tradecraft®. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by CISO Tradecraft® or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Similar to CISO Tradecraft®
The American healthcare system is one of the most innovative in the world. But it’s also riddled with complex challenges, such as access to affordable medications, inefficiency and administrative burdens, and communication barriers between providers. There’s clearly a better way—and at Surescripts, we have a unique sightline into what that may be. In this series, host Melanie Marcus, Chief Marketing Officer of Surescripts, sits down with today’s most inspiring and innovative leaders in healt ...
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Get ready for a weekly dose of all things Enterprise Software and Cloud Computing! Join us as we dive into topics including Kubernetes, DevOps, Serverless, Security and Coding. Plus, we’ll keep you entertained with plenty of off-topic banter and nonsense. Don’t worry if you miss the latest industry conference - we’ve got you covered with recaps of all the latest news from AWS, Microsoft Azure, Google Cloud Platform (GCP) and the Cloud Native Computing Foundation (CNCF).
…
continue reading
Investor Shayle Kann is asking big questions about how to decarbonize the planet: How cheap can clean energy get? Will artificial intelligence speed up climate solutions? Where is the smart money going into climate technologies? Every week on Catalyst, Shayle explains the world of climate tech with prominent experts, investors, researchers, and executives. Produced by Latitude Media.
…
continue reading
Join our weekly discussion about how to build top end Angular applications and become an Angular expert. Become a supporter of this podcast: https://www.spreaker.com/podcast/adventures-in-angular--6102018/support.
…
continue reading
Call them changemakers. Call them rule breakers. We call them Redefiners. And in this provocative podcast, we explore how daring leaders from across industries and around the globe are redefining their organizations—and themselves—to create extraordinary impact in today’s rapidly changing world. In each episode, Russell Reynolds Associates Leadership Advisor Hoda Tahoun and former CEO Clarke Murphy host engaging, purposeful conversations with leaders in and out of the business world who shar ...
…
continue reading
Developer Tea exists to help driven developers connect to their ultimate purpose and excel at their work so that they can positively impact the people they influence. With over 13 million downloads to date, Developer Tea is a short podcast hosted by Jonathan Cutrell (@jcutrell), co-founder of Spec and Director of Engineering at PBS. We hope you'll take the topics from this podcast and continue the conversation, either online or in person with your peers. Twitter: @developertea :: Email: deve ...
…
continue reading
Rachel Cooke is your guide to leadership and communication, helping you craft a workplace environment you can feel good about. She’ll share tips to help you balance your work and personal life, effectively invest your time, and be mindful about where you’re devoting your energy. Let Rachel help you navigate your path to success—however you define it.
…
continue reading
Discover a whole new take on Artificial Intelligence with Squirro's educational podcast! Join host Lauren Hawker Zafer, a top voice in Artificial Intelligence on LinkedIn, for insightful chats that unravel the fascinating world of tech innovation, use case exploration and AI knowledge. Dive into candid discussions with accomplished industry experts and established academics. With each episode, you'll expand your grasp of cutting-edge technologies and their incredible impact on society, and y ...
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
#173 - Mastering Vulnerability Management
Manage episode 407326215 series 2849492
Content provided by CISO Tradecraft®. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by CISO Tradecraft® or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
In this episode of CISO Tradecraft, host G Mark Hardy delves into the critical subject of vulnerability management for cybersecurity leaders. The discussion begins with defining the scope and importance of vulnerability management, referencing Park Foreman's comprehensive approach beyond mere patching, to include identification, classification, prioritization, remediation, and mitigation of software vulnerabilities. Hardy emphasizes the necessity of a strategic vulnerability management program to prevent exploitations by bad actors, illustrating how vulnerabilities are exploited using tools like ExploitDB, Metasploit, and Shodan. He advises on deploying a variety of scanning tools to uncover different types of vulnerabilities across operating systems, middleware applications, and application libraries. Highlighting the importance of prioritization, Hardy suggests focusing on internet-facing and high-severity vulnerabilities first and discusses establishing service level agreements for timely patching. He also covers optimizing the patching process, the significance of accurate metrics in measuring program effectiveness, and the power of gamification and executive buy-in to enhance security culture. To augment the listener's knowledge and toolkit, Hardy recommends further resources, including OWASP TASM and books on effective vulnerability management.
Transcripts: https://docs.google.com/document/d/13P8KsbTOZ6b7A7HDngk9Ek9FcS1JpQij
OWASP Threat and Safeguard Matrix - https://owasp.org/www-project-threat-and-safeguard-matrix/
Effective Vulnerability Management - https://www.amazon.com/Effective-Vulnerability-Management-Vulnerable-Ecosystem/dp/1394221207
Chapters
- 00:00 Introduction
- 00:56 Understanding Vulnerability Management
- 02:15 How Bad Actors Exploit Vulnerabilities
- 04:26 Building a Comprehensive Vulnerability Management Program
- 08:10 Prioritizing and Remediation of Vulnerabilities
- 13:09 Optimizing the Patching Process
- 15:28 Measuring and Improving Vulnerability Management Effectiveness
- 18:28 Gamifying Vulnerability Management for Better Results
- 20:38 Securing Executive Buy-In for Enhanced Security
- 21:15 Conclusion and Further Resources
189 episodes
Share
Manage episode 407326215 series 2849492
Content provided by CISO Tradecraft®. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by CISO Tradecraft® or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
In this episode of CISO Tradecraft, host G Mark Hardy delves into the critical subject of vulnerability management for cybersecurity leaders. The discussion begins with defining the scope and importance of vulnerability management, referencing Park Foreman's comprehensive approach beyond mere patching, to include identification, classification, prioritization, remediation, and mitigation of software vulnerabilities. Hardy emphasizes the necessity of a strategic vulnerability management program to prevent exploitations by bad actors, illustrating how vulnerabilities are exploited using tools like ExploitDB, Metasploit, and Shodan. He advises on deploying a variety of scanning tools to uncover different types of vulnerabilities across operating systems, middleware applications, and application libraries. Highlighting the importance of prioritization, Hardy suggests focusing on internet-facing and high-severity vulnerabilities first and discusses establishing service level agreements for timely patching. He also covers optimizing the patching process, the significance of accurate metrics in measuring program effectiveness, and the power of gamification and executive buy-in to enhance security culture. To augment the listener's knowledge and toolkit, Hardy recommends further resources, including OWASP TASM and books on effective vulnerability management.
Transcripts: https://docs.google.com/document/d/13P8KsbTOZ6b7A7HDngk9Ek9FcS1JpQij
OWASP Threat and Safeguard Matrix - https://owasp.org/www-project-threat-and-safeguard-matrix/
Effective Vulnerability Management - https://www.amazon.com/Effective-Vulnerability-Management-Vulnerable-Ecosystem/dp/1394221207
Chapters
- 00:00 Introduction
- 00:56 Understanding Vulnerability Management
- 02:15 How Bad Actors Exploit Vulnerabilities
- 04:26 Building a Comprehensive Vulnerability Management Program
- 08:10 Prioritizing and Remediation of Vulnerabilities
- 13:09 Optimizing the Patching Process
- 15:28 Measuring and Improving Vulnerability Management Effectiveness
- 18:28 Gamifying Vulnerability Management for Better Results
- 20:38 Securing Executive Buy-In for Enhanced Security
- 21:15 Conclusion and Further Resources
189 episodes
All episodes
×
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Similar to CISO Tradecraft®
BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
The American healthcare system is one of the most innovative in the world. But it’s also riddled with complex challenges, such as access to affordable medications, inefficiency and administrative burdens, and communication barriers between providers. There’s clearly a better way—and at Surescripts, we have a unique sightline into what that may be. In this series, host Melanie Marcus, Chief Marketing Officer of Surescripts, sits down with today’s most inspiring and innovative leaders in healt ...
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Get ready for a weekly dose of all things Enterprise Software and Cloud Computing! Join us as we dive into topics including Kubernetes, DevOps, Serverless, Security and Coding. Plus, we’ll keep you entertained with plenty of off-topic banter and nonsense. Don’t worry if you miss the latest industry conference - we’ve got you covered with recaps of all the latest news from AWS, Microsoft Azure, Google Cloud Platform (GCP) and the Cloud Native Computing Foundation (CNCF).
…
continue reading
Investor Shayle Kann is asking big questions about how to decarbonize the planet: How cheap can clean energy get? Will artificial intelligence speed up climate solutions? Where is the smart money going into climate technologies? Every week on Catalyst, Shayle explains the world of climate tech with prominent experts, investors, researchers, and executives. Produced by Latitude Media.
…
continue reading
Join our weekly discussion about how to build top end Angular applications and become an Angular expert. Become a supporter of this podcast: https://www.spreaker.com/podcast/adventures-in-angular--6102018/support.
…
continue reading
Call them changemakers. Call them rule breakers. We call them Redefiners. And in this provocative podcast, we explore how daring leaders from across industries and around the globe are redefining their organizations—and themselves—to create extraordinary impact in today’s rapidly changing world. In each episode, Russell Reynolds Associates Leadership Advisor Hoda Tahoun and former CEO Clarke Murphy host engaging, purposeful conversations with leaders in and out of the business world who shar ...
…
continue reading
Developer Tea exists to help driven developers connect to their ultimate purpose and excel at their work so that they can positively impact the people they influence. With over 13 million downloads to date, Developer Tea is a short podcast hosted by Jonathan Cutrell (@jcutrell), co-founder of Spec and Director of Engineering at PBS. We hope you'll take the topics from this podcast and continue the conversation, either online or in person with your peers. Twitter: @developertea :: Email: deve ...
…
continue reading
Rachel Cooke is your guide to leadership and communication, helping you craft a workplace environment you can feel good about. She’ll share tips to help you balance your work and personal life, effectively invest your time, and be mindful about where you’re devoting your energy. Let Rachel help you navigate your path to success—however you define it.
…
continue reading
Discover a whole new take on Artificial Intelligence with Squirro's educational podcast! Join host Lauren Hawker Zafer, a top voice in Artificial Intelligence on LinkedIn, for insightful chats that unravel the fascinating world of tech innovation, use case exploration and AI knowledge. Dive into candid discussions with accomplished industry experts and established academics. With each episode, you'll expand your grasp of cutting-edge technologies and their incredible impact on society, and y ...
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
