This discussion covers all the necessary pieces for creating and distributing remediation plans, tracking remediation, and creating meaningful metrics for demonstrating success in vulnerability management. Current vulnerability management programs often stop at vulnerability identification (scan all the things!) and most organizations struggle to poise risk information in a way that is heard, understood, prioritized, and acted upon.

Jesika has been an active member of the infosec community since the late 90's. She is currently a Sr. Security Consultant for Rapid7 in Enterprise Deployments. She spent several years in the trenches at various organizations building out vulnerability management programs, leading her to quickly realize there is a huge gap between vulnerability assessment and vulnerability management, and that those giving remediation advice don't have enough insight into the realities of corporate structure to help make sense of it all. She's now bringing back her experiences working ‰ÛÏdeep cover‰Û to help security managers and assessors alike gain traction with remediation efforts.

@octalpus

Back to Derbycon 2015 video list