Vulnerability-Management

I recently had the opportunity to meet with a few aspiring cybersecurity students and talk to them about the virtues of IDSes, IPSes, Firewalls, Honey Pots, and compensating controls. It was a blast, and it’s clear that the future is in good hands with these professionals at the wheel. After my little talk, I told them about a tool that would help them learn how to hack WiFi even if they didn’t have equipment. I had gotten the knowledge from Black Hill’s Security Blog. I asked if any of the students had heard of Black Hills, and they said. “No”. I responded that Black Hills was one of my favorite blogs that came across my RSS feed. I saw some puzzled looks. ...

Did you know that on average a CISO, the executive in an organization that focuses on cybersecurity, has a shelf life of 18 - 26 months? This number has been estimated to be as low as 17 months by other groups. Why do you suppose that is? Easy, because no general can win a war on multiple fronts. I have no numbers to back these claims up, only anecodatal experience: Vulnerabilities are discovered and found on systems faster than Remediation Teams can fix them. ...

A Great Interview I recently just watched a great interview by the VulnWise team talking to my personal mentor and friend, Johnny Shaieb. They were discussing the history of vulnerability management databases and covered a lot of interesting topics like: The history of vulnerability databases The value of having an unbounded score Why clients need to focus on the quality over quantity of vulns The history of the fiber backbone that runs the country Etc There was one topic though that I felt I’d like to take a crack at. At the 33:42 minute mark of the video, Steve Carter asked the question: ...

I used to work for a wonderful company called X-Force Red. It’s a cybersecurity firm that has some of the world’s most talented hackers, and I count myself as supremely lucky to have had the privilege to work there. I spent a lot of time with the Vulnerability Management consultants, and their toys were really top notch. Advanced APIs, daemons, and cron jobs, and data science stuff that I couldn’t begin to tell you about. ...