Future of Exposure Management

In this episode, we talk with Hussein Syed, CISO of RWJBarnabas Health. Hussein has a wealth of experience in computer science, information systems management, regulatory compliance, and more. To him, the security community’s strength is the people, who come from almost any background imaginable. That diverse background has helped Hussein understand and excel in his role in the healthcare industry – being willing to learn new things is his key to success.
Other topics discussed:
Understanding how data is stored and shared in the healthcare industry
How to ensure security helps protect the progress and development of healthcare innovations
How to prioritize risks according to potential cascading impacts from a breach
The maturity progression of attitudes and tools over time
Ways to collaborate with peers to further understand the needs of each stakeholder
What the future holds and how we can predict the next threats

In this episode, we speak with Jason Loomis, CISO of Freshworks. Jason has been in tech for over 20 years, working with various companies in fashion, health, finance, and banking. He is passionate about leadership and team-building, which influences how he approaches vulnerability risk management. Hear him discuss why people and the process are at the root of vulnerability risks and how configurations can help address them, plus more.
Other topics discussed:
How system shortcomings from 20 years ago are still creating problems and challenges 
Understanding that patches are only one solution to preventing exploitation
How not to get distracted by “celebrity vulnerabilities” and stay focused on the risks that are causing the big problems
Methods to calculate your metrics to determine accountability and ownership of risks
What it means to be mature or immature in corporate policies, processes, and reporting
The importance of CISOs physically talking to people and avoiding screen-only interacting
How to make the best of your tools and understand how they work (or don’t work)

In this episode we speak with Sailaja Kotra-Turner, who is the Global CISO at Brown-Forman. Sailaja became a leader in IT by a series of “happy accidents” – she landed in the industry unexpectedly, thanks to a manager who saw her as a leader and mentors who have supported her along the way. We get into how vulnerability management spans across multiple industries, while having some common work tools such as computers and IT systems: tools that all have vulnerabilities and different risk footprints.
Other topics discussed:
Most common cyber mistakes that companies make and what we need to take more seriously
Importance of people in vulnerability management and reducing risk
Why education and awareness among employees are key to cybersecurity
How to engage stakeholders so they understand why it’s not just about compliance
Worries and concerns about the future of the industry
Learning from mistakes and using teamwork

In this episode we speak with Ed Covert, who is the Head of Cyber Risk Engineering at Bowhead Specialty Underwriters. Ed started in the mid-1990s working for the US military in IT support work, eventually evolving into a cyber role. We get into how he “made the jump” into the cyber vulnerability world by leaving the safety of the federal government, the professional industry that he had always known. 
Other topics discussed:
How his wealth of experience has prepared him well for his current role
Importance of asking why your company may need a particular security tool or technology
Why reducing a risk in the first place is a better strategy than constantly patching previous vulnerabilities
Where to place cyber vulnerabilities on the list of priorities
Understanding your data and how that determines what tools you need
How to match the skill sets of employees and what your company needs, and whether degrees are a must
Knowing how your business makes money and cybersecurity enables profits
Where the world of security fixes and patches is headed

In this episode, Ed Harris, Director of Global Information Security at Mauser Packaging, discusses how his 32 years of experience have taught him how to lead cyber security teams and zero in on the what, why, and how of cyber risks. We hash out how you can enter and thrive in the infosec industry, as well as ways to use all your observational skills to provide top-notch vulnerability management services.
Other topics discussed:
The relationship between vulnerability management and knowing your environment
Understanding how vulnerable your data is to identify weaknesses
Identifying vulnerabilities and how they change over time
Determining when to install patches with the least disruption and risk
Communicating and negotiating with businesses about when to apply security patches
Building relationships and trust with clients
Managing external exposure when providing security services
Whether vulnerabilities will ever go away

In this episode we speak with Jim Scott, Manager of Information Security at Insurance Auto Auction (IAA). Jim has more than 15 years of diverse experience leading security projects and corporate information initiatives. We get into his early days of working in cybersecurity, how it has evolved into a passion, and how we can succeed if we see security as more than just a technology problem. 
Other topics discussed:
The pushback and challenges of making security a priority
The long-term value a company can realize by prioritizing security
How application security and vulnerability management is constantly changing
Relationships between the business and security, and how to bridge the differences
Overcoming the perception that security is not a “revenue generator,”
How to speak to clients in relatable and non-technical terms
Respecting failure and using it as a tool for learning
Whether we have enough people working in vulnerability management
How to measure the ROI of vulnerability management (and whether it is even measurable)

In this episode we speak with Jason Thelen, Director of Information Systems at Reinhart Boerner Van Deuren s. c. Jason discusses with us how to offer services geared towards vulnerability management and deal with the unique challenges of the industry. He also touches on how to keep learning and developing the skills required to move forward. This episode will show you how taking a holistic approach to your vulnerability management is far better in the long term, rather than simply adding patch after patch.
Other topics discussed:
The importance of testing your code and tools prior to release
Organizations’ understanding, awareness, and planning of vulnerability management
Developing skill sets through mentors, colleagues and training – and putting lessons into practice
Learning through failures and breaches
Understanding and predicting the vulnerabilities that may come your way
Removing friction to processes to enhance collaboration and cooperation
Importance of transparency and trust within your organization

In today’s episode, NopeSec's CEO, Lisa Xu, speaks with Kyle McNulty, entrepreneur and host of Secure Ventures podcast, a platform for security founders to tell their stories. Kyle is a security consultant and advisor, helping startups balance and implement security amidst competing priorities. 
On the Secure Ventures podcast, Kyle McNulty interviews founders, executives, visionaries, and creators in the cybersecurity industry. The conversations include deep dives into fascinating backgrounds, explanations of transitions into cybersecurity, and the challenges and successes that have shaped their careers.
Topics discussed: 
How Kyle kicked off his consulting and podcasting career through cold outreach. 
The most common challenges Kyle hears from vulnerability management managers. 
The downside of only addressing the critical and high priority vulnerabilities. 
The fundamental root causes of vulnerability overload. 
The multi-dimensional challenges of balancing innovation and managing the vulnerability landscape. 
How security can be a true enabler to an organization and improve overall business processes.
How the industry can invigorate the vulnerability management category to better engage security practitioners.
What surprises Kyle about centralization.
The importance of automation in vulnerability management to create more stimulus and provide more valuable insights. 
Kyle’s practical advice for vulnerability management managers to succeed in the future. 

In today’s episode, NopeSec's CEO, Lisa Xu, speaks with Leslie Forbes, Vulnerability Management SME, at Axonius, a cybersecurity asset management platform. Leslie is a technologist at heart, committed to bridging the gap between commercial and technological sides. At Axonius, he helps technical account managers and sales engineers teams engage with customers to provide the best expertise in each of the verticals the company supports. 
Topics discussed:
How Leslie sees vulnerability management challenges across different customers and industry verticals 
Leslie’s interpretation of risk-based prioritization 
Data overload across all sources and how to triage assets to better focus on crown jewel assets 
Why it’s important for security practitioners to understand business logic to better prioritize vulnerabilities 
Breaking down the fundamental hygiene problem many vulnerability management teams face 
Measuring the risk of a vulnerability in contrast to the impact of the vulnerability
The areas in vulnerability management that need automation the most 
Life cycle management and how to reach the end goal
Leslie's predictions on the future of vulnerability management

In this episode, NopeSec's CEO, Lisa Xu, speaks with Tunde Oni-Daniel, Head of Technology Operations and Engineering at OneMain Financial. OneMain Financial is the leader in offering nonprime customers responsible access to credit and has been dedicated to improving the financial well-being of hardworking Americans since 1912.
During the episode, Tunde brings his considerable experience in technology operations and engineering to provide a unique perspective on vulnerability management and other critical security concepts. 
Topics discussed:
Tunde shares how early in his life, being vulnerable enough to recognize what he didn't know but finding creative ways to attain the knowledge he needed helped shape his career. 
Based on his experience working in various industries, Tunde talks about his observed differences and similarities in operational risk management.
Tunde explores some of the challenges organizations experience as they struggle to establish and communicate the criticality of data and other digital assets across their enterprise. 
 Lisa and Tunde dive into the idea that security leaders must continually focus on what is most important to the organization and build resiliency for those assets in their systems. 
The conversation examines the idea that organizational culture affects how well leaders can achieve consensus about the criticality of assets.
Tunde emphasizes the importance of understanding the language of the board to effectively communicate with executives or stakeholders who are not coming from technology or cyberspace.
Lisa and Tunde touch on how vulnerability management can affect cyber insurance.