Resilient Cyber

S5E3: Patrick Garrity - Vulnerability Research, Management and Visualizations

Sep 24, 2023

The podcast discusses the importance of visualizations in vulnerability management and how they help non-technical individuals understand the need for vulnerability management. It also explores the process of selecting vulnerabilities for the CAV list and the challenges faced by CISA. The significance of leveraging commercial threat intelligence, prioritizing vulnerabilities, and managing vulnerability backlogs is highlighted. The speaker shares their journey in the cybersecurity field and emphasizes the importance of addressing cyber resilience.

35:19

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Aligning stakeholders and creating a plan are crucial in developing cyber resilience.

Starting small, networking with practitioners, and gaining hands-on experience with data visualization can lead to meaningful insights in vulnerability research.

Deep dives

The Importance of Alignment and Planning in Cyber Resilience

Aligning stakeholders and creating a plan are crucial in developing cyber resilience. It is important for organizations to prioritize security and take it more seriously due to the national security implications. Organizations should focus on hardening and sustaining security measures to protect against cyber threats.

Introduction

5min

The Importance of Visualizations in Vulnerability Management

7min

Determining Vulnerabilities for the CAV List and Community Building

2min

The Importance of Commercial Threat Intelligence and Prioritizing Vulnerabilities

14min

Journey towards driving secure products and software development

8min

Nikki - I wanted to ask you first what got you so passionate about vulnerability management - what was it that first sparked your curiousity and interest into security research?

Nikki - You do a lot of awesome graphics and visualizations of vulnerability data from both CISA KEV and around types of CVE's - what kind of statistics do you think are most important for security practitioners to know - and on the other side, what is most important for executives to understand?

Chris - You've now begun to even start to submit known exploited vulnerabilities to CISA to be added to the KEV, can you tell us about that experience, how you're identifying them and how the process has been?

Chris - We talk a lot about the need for vulnerability context, going beyond CVSS and using things such as KEV and EPSS. In your work, how do you see organizations leveraging context to help vulnerability prioritization?

Nikki - We know that organizations could have a backlog of up to 10k vulnerabilities - based on some recent statistics. Where do organizations start? How do they get a handle on vulnerability management?

Chris - What are some other trends you see in Vulnerability Management that organizations can use to start to get a handle on things?

Chris - You've made the transition from marketing to vulnerability research, visualization and some would say industry leader. Can you speak about the journey and advice for others looking to follow a similar path?

Nikki - What's next for you - besides being the pre-eminent vulnerability researcher in this space?

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Resilient Cyber

S5E3: Patrick Garrity - Vulnerability Research, Management and Visualizations

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

The Importance of Alignment and Planning in Cyber Resilience

Getting Started in Vulnerability Research and Data Visualization

The Need for Secure by Design and Secure by Default Products

Addressing the Vulnerability Management Challenge

Remember Everything You Learn from Podcasts