Paul's Security Weekly (Audio) Vulnerability Prioritization In The Real World - Andy Jaquith - PSW #858
Jan 23, 2025
Andy Jaquith, Managing Director at MarkerBench and seasoned CISO, dives into the challenges of vulnerability prioritization and real-world asset management. He shares insights on the complexities of navigating cybersecurity in large organizations, emphasizing the need for a risk-based approach. The discussion also touches on the political implications of cybersecurity policies, the struggles of hardware security detection, and the unexpected role of adult platforms in education. With humor and expertise, Jaquith paints a vivid picture of today’s cybersecurity landscape.
AI Snips
Chapters
Transcript
Episode notes
Emergency Patching Story
- Andy shared when Shadow Brokers released exploits, it triggered an emergency patch scramble over Easter weekend.
- Coordinating this in large firms disrupts normal rule of "don't touch what works."
Manage Assets Continuously
- Keep your asset management system as an evolving model compared against discovery tools to assess accuracy.
- Focus on finding unknown assets missing from your CMDB to reduce unknown risks.
Use Diverse Vulnerability Sources
- Rely on multiple vulnerability sources beyond Patch Tuesday, including vendor announcements and threat intelligence.
- Proactive monitoring and early threat chatter can dramatically improve vulnerability response speed.