Most large companies have some sort of vulnerability management program in effect. Current practice is to perform penetration tests once or twice a year and perform vulnerability scans on a monthly basis. The more advanced companies are adding Web Application Firewalls and are performing scans on new software as it is developed. Yet with all these security activities breaches continue to occur. Activity does not always translate into results. In fact, performing the same activities over and over and expecting different results is the definition of insanity. This discussion is intended to hit on the main problem areas which contribute to security breaches and will also encourage contribution from the audience who attend.

Back to Louisville InfoSec 2019 video list