Cloud Security Podcast by Google

EP246 From Scanners to AI: 25 Years of Vulnerability Management with Qualys CEO Sumedh Thakar

Oct 6, 2025
Sumedh Thakar, the President and CEO of Qualys, shares his extensive insights on the evolution of vulnerability management over the past 25 years. He discusses the need for prioritization beyond just CVSS scores, emphasizing the value of threat intelligence and business context in decision-making. Thakar highlights the transformative role of cloud in streamlining remediation and introduces the Risk Operations Center concept, which integrates data for informed prioritization. He also touches on practical AI applications, mitigating risks beyond patching, and the importance of communicating cyber risks to boards.
Ask episode
AI Snips
Chapters
Books
Transcript
Episode notes
INSIGHT

Volume And Speed Are The New Reality

  • Vulnerability management remains essential because exploit-driven breaches are rising fast.
  • There are far more CVEs and attackers exploit them much faster than before.
INSIGHT

Treat VM As A Financial Risk Decision

  • Security is a business risk problem where budgets limit what you can fix.
  • You must prioritize fixes to get the biggest risk reduction per dollar spent.
INSIGHT

CVSS Alone Doesn’t Cut It

  • Old prioritization methods like CVSS-only ranking no longer scale.
  • Prioritization must include exploitability and business context to be effective.
Get the Snipd Podcast app to discover more snips from this episode
Get the app