Enterprise Vulnerability Management - Back to Basics

Presented at BSides Austin 2016, April 1, 2016, 9:30 a.m. (60 minutes)

Vulnerability Management is the lifecycle of identifying and remediating vulnerabilities in an organization's enterprise. A number of companies are starting to do this well, but in some cases, focus on advanced and emerging threats has had the unintended consequence of leaving Vulnerability Management unattended. Defense is actually hard work and people aren't doing it as well as they should! Considered in the context of asymmetric warfare, Blue Teaming is more difficult than Red Teaming. Coupled with the fact that most vulnerabilities do not actually suffer from advanced attacks and 0-days, Vulnerability Management must be the cornerstone of any Information Assurance Program. The speakers, Kevin Dunn and Damon Small, will describe the key elements of a mature Vulnerability Management Program (VMP) and the pitfalls encountered by many organizations as they try to implement it. Dunn and Small will include detailed examples of why purchasing the scanner should be one of the last decisions made in this process, and what the attendee must do to ensure the successful defense of company assets and data. This session will cover: - Vulnerability Management: What is it good for? - What is it not good for? - How do I make a real difference?

Presenters:

• Damon J. Small   as Damon Small
  Damon Small began his career studying music at Louisiana State University. Pursuing the changing job market, he took advantage of computer skills learned in the LSU recording studio to become a systems administrator in the mid 1990s. Following the dotcom bust in the early 2000s, Small began focusing on cyber security. This has remained his passion, and over the past 15 years as a security professional he has supported infosec initiatives in the healthcare, defense, and oil and gas industries. In addition to his Bachelor of Arts in Music, Small completed the Master of Science in Information Assurance degree from Norwich University in 2005. His role as Technical Project Manager at NCC Group includes working closely with NCC consultants and clients in delivering complex security assessments that meet varied business requirements.
• Kevin Dunn
  Kevin Dunn is Technical Vice President for NCC Group in Austin, TX. Kevin has been a professional security consultant for over 14 years, working on diverse projects and challenging technologies for the world's largest and most demanding companies. He has delivered technical training and spoken at security conferences all over the USA and Europe across the majority of his career. His current responsibilities include active delivery of security projects, while managing a talented highly technical team of Pentesters. Kevin works closely with Fortune 100 companies, covering Oil & Gas, Finance and Software sectors, developing strategic security assessment and advisory services for NCC Group from his office base of operations in Austin.

Links:

• https://bsidesaustin2016.sched.com/event/6Dt2/enterprise-vulnerability-management-back-to-basics

Similar Presentations:

• BSidesLV 2023 / Towards Effective & Scalable Vulnerability Management
• GrrCON 2013 / Enterprise Vulnerability Management
• ShellCon 2018 / How NOT to suck at Vulnerability Management