Entering the Age of Enlightenment in Vulnerability Management
January 16 @ 5:30 PM – 8:30 PM
Great talk on remediation techniques and statistical evaluation of the validity of different techniques. I walked away with the belief that companies should focus on vulnerabilities observed on their systems for which there were existing exploits in the wild vice just looking at CVE scores of vulnerabilities. Wade’s presentation is here.
OLD MEETING ANNOUNCEMENT TEXT BELOW.
Our January speaker will be Dr. Wade Baker, a Co-Founder of the Cyentia Institute, which focuses on improving cybersecurity knowledge and practice through data-driven research. He’s also a professor in Virginia Tech’s College of Business, teaching courses for the MBA and MS of IT programs. Prior to this, Wade held positions as the VP of Strategy at ThreatConnect and was the CTO of Security Solutions at Verizon,
where he had the great privilege of leading Verizon’s annual Data Breach
Investigations Report (DBIR) for 8 years.
Vulnerability management is one of the oldest domains in the cybersecurity field. But anyone who’s worked in it knows that this old dog would benefit from learning some new tricks. And it could be argued there’s no area where that’s more true than prioritizing vulnerability remediation efforts to minimize risk to the organization. For some, that process boils down to little more than gut instinct. Others follow the prevailing wisdom, which is usually instantiated in scoring systems like CVSS. Approaches like the latter sound more scientific, but empirical data shows few perform any better than random chance. Clearly, we need a better way forward for making more rational remediation decisions.
For the last year and a half, we’ve analyzed a huge amount of data with the goal of finding that better way. We’ve examined over 100,000 published vulnerabilities, exploits developed against those vulnerabilities, and the remediation practices of hundreds of real organizations to understand the principles at work. We learned a ton of important, practical lessons from that research including insights on why only 1 in 3 firms manage to gain positive ground on remediating security vulnerabilities in their environment. We will share those key lessons in this presentation to support security leaders in guiding their vulnerability management programs into a new age of enlightenment and effectiveness.
Marymount University Ballston Center, 1000 N Glebe Rd, Arlington, VA 22201
We are in the second floor conference room. Parking available in the building. Garage entrance is at the back on N. Wakefield.