Building a Vulnerability Management Program - Avoiding Pitfalls, Managing Risk, and Mastering CYA

Presented at Kernelcon 2020 Virtual, March 28, 2020, 10:30 a.m. (60 minutes).

Building a vulnerability management program often feels like eating an elephant that’s guarded by sharks — every time you try to take a bite, you’re dodging someone that’s trying to take a bite out of you. I am going to walk you through building an effective vulnerability management program: avoiding and mitigating common problems, navigating the organizational waters, and getting the most bang for your buck when it comes to reducing your risk. Vulnerability management is more than just running a scan and putting in tickets for remediation — it’s about managing the people involved in the scanning and remediation processes and finding a middle ground that reduces your risk and makes operations happy.

Presenters:

• Megan Benoit
  Megan Benoit has spent most of the last 20 years building vulnerability management and incident response programs, architecting and deploying security solutions, and asking people if they’ve tried turning it off and on again. Megan currently works as a Senior Network Security Engineer and has worked for the DoD, healthcare, and retail industries. Her hobbies include chasing pokemon, denying firewall change requests, and yoga, recently completing a 200 hour yoga teacher training course.

Links:

• https://www.youtube.com/watch?v=UuLxACx3MEM
• https://2020.kernelcon.org/cfp/K2020_mbenoit.pdf

Similar Presentations:

• AppSec USA 2015 / Training (1 day): Risk Management Like a Boss: Making Your Risks Work for You
• SOURCE Seattle 2017 / Minimum Viable Risk Management Program
• ShellCon 2018 / How NOT to suck at Vulnerability Management