Business Security Weekly (Audio) Vulnerability Prioritization Can Produce Better Business Outcomes - Steve Lodin, Greg Fitzgerald - BSW #389
10 snips
Apr 2, 2025 
Greg Fitzgerald, co-founder of Sevco Security, and Steve Lodin, VP of Information Security at Sallie Mae, dive deep into the nuances of vulnerability prioritization. They emphasize that it’s not just about data; context matters—think asset inventory and configuration management. The duo tackles the challenges of navigating vulnerability management amidst overwhelming reports and shares personal experiences. They discuss integrating security tools for better visibility and risk management, proving that effective prioritization can lead to improved business outcomes.
AI Snips
Chapters
Transcript
Episode notes
Early Vulnerability Scanning Story
- Steve Loden started vulnerability scanning in 1995 using the tool Satan, testing it at General Motors.
- Early vulnerability scanning sometimes caused production outages, illustrating initial tool impact and challenges.
Context is Key in Prioritization
- Vulnerability scanning alone generates overwhelming alerts which are impossible to fix without context.
- Prioritization requires understanding if a vulnerability is relevant based on actual user and device usage.
Automate Asset Management
- Connect and integrate all security tools and inventories to automate asset and agent tracking.
- Use tools like Sevco to reduce manual, spreadsheet-heavy processes and improve operational efficiency.