CISO Tradecraft® #250 - Understanding Vulnerabilities, Exploits, and Cybersecurity
Sep 15, 2025
In this discussion, Patrick Garrity, a security researcher at VulnCheck, and Tod Beardsley, VP of Security Research at RunZero, dive into the complex world of cybersecurity vulnerabilities. They explore the challenges of CVE numbering, the nuances of cyber attribution, and the ever-evolving threat landscape driven by state actors. The duo offers practical advice for CISOs on effective communication strategies to secure executive buy-in, along with insights into the critical need for strong defenses against ransomware and social engineering attacks.
AI Snips
Chapters
Books
Transcript
Episode notes
Researcher Background And Skateboarding
- Patrick Garrity describes his long security career starting at Duo and his daily skateboarding habit.
- He uses tinkering and skateboarding as personal context for how he approaches research and problem solving.
Hacker Origins To Metasploit Leadership
- Tod Beardsley recounts starting hacking as a teenager, running BBSs and managing Metasploit.
- He links that history to his current role and long-term interest in networks and exploits.
Vulnerabilities Mirror Early Auto Safety
- Vulnerabilities are design oversights like missing seatbelts in early cars and require cultural and regulatory responses.
- Patrick and Tod emphasize that software will remain unsafe without deliberate engineering and cultural change.
