Making vulnerability management and incident response actually work. Also, the News! - Ryan Fried, Beck Norris, José Toledo - ESW #442

14 snips

Jan 19, 2026

Guest

Beck Norris, Manager of Vulnerability Management at JetBlue and a pilot, shares insights on how effective vulnerability management requires governance and risk context rather than mere tool reliance. He emphasizes the need for accountability and operational maturity. Ryan Fried and José Toledo from Mandiant dive into why incident responses often fail despite good resources, highlighting the importance of muscle memory through tabletop exercises and solid incident response plans. They discuss the need for clear communication strategies during breaches to maintain trust.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

Context Beats Raw CVE Counts

Vulnerability management fails when treated as just tooling or patching; context and governance matter more.
Prioritize by understanding assets, compensating controls, exposure, and business impact.

ADVICE

Build Asset Ownership First

Maintain accurate asset and ownership inventories before scanning; you cannot protect what you cannot see.
Use granular context (connectivity, firewall rules, app dependencies) to calculate real risk scores.

ADVICE

Keep Humans In The Loop With AI

Use AI as a sanity-check and additional vantage point, not a final decision-maker.
Keep humans in the loop for deep context, tuning, and final prioritization.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Segment 1 with Beck Norris - Making vulnerability management actually work

Vulnerability management is often treated as a tooling or patching problem, yet many organizations struggle to reduce real cyber risk despite heavy investment. In this episode, Beck Norris explains why effective vulnerability management starts with governance and risk context, depends on multiple interconnected security disciplines, and ultimately succeeds or fails based on accountability, metrics, and operational maturity.

Drawing from the aviation industry—one of the most regulated and safety-critical environments—Beck translates lessons that apply broadly across regulated and large-scale enterprises, including healthcare, financial services, and critical infrastructure.

Segment 2 with Ryan Fried and Jose Toledo - Making incident response actually work

Organizations statistically have decent to excellent spending on cybersecurity: they have what should be sufficient staff and some good tools. When they get hit with an attack, however, the response is often an unorganized, poorly communicated mess! What's going on here, why does this happen???

Not to worry. Ryan and José join us in this segment to offer some insight into why this happens and how to ensure it never happens again!

Segment Resources:

[Mandiant - Best practices for incident response planning]

(https://services.google.com/fh/files/misc/mandiantincidentresponsebestpractices_2025.pdf?linkId=19287933)

Beyond Cyberattacks: Evolution of Incident Response in 2026

Segment 3 - Weekly Enterprise News

Finally, in the enterprise security news,

Almost no funding…
Oops, all acquisitions!
Changes in how the US handles financial crimes and international hacking
Mass scans looking for exposed LLMs
The state of Prompt injection
be careful with Chrome extensions
and home electronics from unknown brands
Is China done with the West?

All that and more, on this episode of Enterprise Security Weekly.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-442