EP254 Escaping 1990s Vulnerability Management: From Unauthenticated Scans to AI-Driven Mitigation
Update: 2025-12-01
Description
Guest:
- Caleb Hoch, Consulting Manager on Security Transformation Team, Mandiant, Google Cloud
Topics:
- How has vulnerability management (VM) evolved beyond basic scanning and reporting, and what are the biggest gaps between modern practices and what organizations are actually doing?
- Why are so many organizations stuck with 1990s VM practices?
- Why mitigation planning is still hard for so many?
- Why do many organizations, including large ones, still rely on unauthenticated scans despite the known importance of authenticated scanning for accurate results?
- What constitutes a "gold standard" vulnerability prioritization process in 2025 that moves beyond CVSS scores to incorporate threat intelligence, asset criticality, and other contextual factors?
- What are the primary human and organizational challenges in vulnerability management, and how can issues like unclear governance, lack of accountability, and fear of system crashes be overcome?
- How is AI impacting vulnerability management, and does the shift to cloud environments fundamentally change VM practices?
Resources:
- EP109 How Google Does Vulnerability Management: The Not So Secret Secrets!
- EP246 From Scanners to AI: 25 Years of Vulnerability Management with Qualys CEO Sumedh Thakar
- EP248 Cloud IR Tabletop Wins: How to Stop Playing Security Theater and Start Practicing
- How Low Can You Go? An Analysis of 2023 Time-to-Exploit Trends
- Mandiant M Trends 2025
- EP204 Beyond PCAST: Phil Venables on the Future of Resilience and Leading Indicators
- Mandiant Vulnerability Management
Comments
In Channel
Download from Google Play
Download from App Store
United States00:00
00:00
x
