

Rethinking risk based vulnerability management, Black Hat expo insights, and the news - Snehal Antani - ESW #420
21 snips Aug 18, 2025
Snehal Antani, CEO of Horizon 3 AI and former CIO at GE Capital, tackles the pitfalls of vulnerability management in organizations. He argues that traditional methods often lead to ineffective lists, suggesting a need for a more robust approach. The discussion also highlights insights from the recent Black Hat conference, focusing on innovative security tools and engagement strategies. Additionally, they touch on the role of AI in evolving cybersecurity, the skepticism around marketing claims, and the importance of risk-based management for better defenses.
AI Snips
Chapters
Books
Transcript
Episode notes
Prioritize The Attacker's View
- Attackers' perspective is the only one that truly matters for prioritization and defense.
- Autonomous pen testing removes the pen-test bottleneck and exposes remediation as the new constraint.
Make Pen Tests Remediation-Focused
- Focus pen tests on rapid remediation, not just discovery.
- Use integrated workflows and guardrails so fixes happen fast and safely.
Five-Minute Compromise Example
- An autonomous pen test gained access to an engineering firm's share with CAD drawings for aircraft carriers and submarines in five minutes.
- The incident showed midsize suppliers often lack expertise despite holding critical secrets.