I love vulnerability management as a core discipline of what makes an effective security operations program because it can help to both reduce risk and improve efficiency. However, I still find many organizations are still stuck after rolling out a scanning tool (and then stopping). I've seen the reason for this being one of three main reasons (but there are more).


1 - Conflicting information between patching processes and vulnerability scanning tools

2 - Lack of guidance or frameworks to prioritize the growing list of vulnerability

3 - Very manual process without a clear understanding how to automate activities

This talk is for anyone who is working as a security analyst or leader who directly performs vulnerability management activities (identify, assess, triage, and track). Additionally, this will be really informative for those who have process inputs (any pentesters out there?) or outputs (IT and critical process owners).

This talk will give you all the tools and processes that you'll need to level up your program TODAY, without having to go ask for more budget (again).