A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Putting the Management into Vulnerability Management (or - YOU'VE GOT BEARS!!!) - Jesika McEvoy Derbycon 2015 (Hacking Illustrated Series InfoSec Tutorial Videos)

Putting the Management into Vulnerability Management (or - YOU'VE GOT BEARS!!!)
Jesika McEvoy
Derbycon 2015

This discussion covers all the necessary pieces for creating and distributing remediation plans, tracking remediation, and creating meaningful metrics for demonstrating success in vulnerability management. Current vulnerability management programs often stop at vulnerability identification (scan all the things!) and most organizations struggle to poise risk information in a way that is heard, understood, prioritized, and acted upon.

Jesika has been an active member of the infosec community since the late 90's. She is currently a Sr. Security Consultant for Rapid7 in Enterprise Deployments. She spent several years in the trenches at various organizations building out vulnerability management programs, leading her to quickly realize there is a huge gap between vulnerability assessment and vulnerability management, and that those giving remediation advice don't have enough insight into the realities of corporate structure to help make sense of it all. She's now bringing back her experiences working ‰ÛÏdeep cover‰Û to help security managers and assessors alike gain traction with remediation efforts.

@octalpus

Back to Derbycon 2015 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast