Future of Exposure Management

In this episode, we are joined by Yabing Wang, the CISO at Justworks. Justworks takes the busyness out of growing a business and alleviates the unknown. NopSec's Lisa Xu talks with Yabing about her multifaceted cross-discipline journey to become a leader in the field of cybersecurity. 
In this interview, Yabing shares her insights into best practices for vulnerability management today, her vision of future security, and how practitioners can use it to improve security for businesses.
Topics discussed:
Yabing shares some vulnerable moments that helped shape her career as a leader in the security industry.
Yabing talks about how her education in philosophy brings value to her as a CISO looking at vulnerability management.
Lisa and Yabing explore some of the commonalities in vulnerability management across different industries and market segments.
They discuss prioritizing vulnerabilities and the need for bidirectional automation.
Some best practices for vulnerability management metrics to mitigate risk are highlighted.
Yabing shares her perspective on security at a company with a traditional legacy infrastructure versus a cloud-based business-centric approach.
Yabing and Lisa talk about how cybersecurity is more and more tied to business objectives.
Yabing explains her leadership style as a woman in a security leadership role.

In this episode, Lisa talks with Tim Brown is CISO at SolarWinds. Tim has held many roles in the cybersecurity space, including Fellow, chief architect, distinguished engineer and board advisor. Tim drives the creation, architecture, strategy and external visibility for products and solutions. 
He has helped develop solutions in a number of security related areas including, vulnerability management, identity management, GRC, Antivirus, intrusion detection, encryption, security event management, cloud security, forensics, insider threat, IOT, analytic and managed security services. Tim has 15 issued patents and has developed and enhanced the patent programs. 
Topics discussed: 
Tim’s most vulnerable moment that shaped his career as a professional 
What makes good cyber hygiene and the role VM plays 
Why hygiene is not black and white, but something that should be measured consistently 
Why just tooling without a VM program in place is ineffective 
What it’s like to go through such a high profile, high visibility event 
His takeaways and recommendations for practitioners and defenders 
How defenders think in lists, attackers think in graphs 
Tim’s practical advice for practitioners

Matt Sharp is the CISO at LogicWorks, a leading provider of platform driven cloud operations for AWS and Azure. Before LogicWorks, Matt was head of global information security at Crocs and spent more than a decade with cyber consulting firms like Optiv and Coalfire. Matt is also an author and recently published The CISO Evolution.  
In this episode, Lisa and Matt discuss bridging the gap between security and business units, breaking down silos, and more! 
Topics include: 
How future economies built on the backs of digital platforms and in dynamic cloud environments will shape challenges in vulnerability management 
Matt’s perspective on silos in SecOps teams how he breaks them down 
How he engages multiple stakeholders to improve the maturity
How Matt sees the balance of soft and hard skills required to be successful in vulnerability management space
How to make relevant risk decisions about assets and how to tie them to core business outcomes 
Why starting a business, automated learning, and finding meaningful ways to augment your programs and perspectives will help vulnerability management managers succeed in the future 
Resources mentioned: 
The CISO Evolution

David Kroening is the Director of Global Security Governance and Compliance at Grey Group, the world's top advertising and marketing organizations that has been around for 105 years. He has been in security for over 30 years, starting with Dos 3.3, and involved in information security for the last 15 years. 
In today’s episode, Lisa and David discuss the challenges he sees clients struggle with in vulnerability management, how organizations should think of security to protect brand secrets, and how the future of vulnerability management will be stronger, faster, and more resilient. 
Topics discussed:
The number one challenge David sees organizations struggle with in vulnerability management 
What must happen before vulnerability management can be effective 
Best practices around protecting not only your most critical assets, but the other assets that can still have massive business impact, such as media access or file sharing systems 
How email can be a tool to help monitor third-party assets 
David’s philosophies to get above the ‘whack-a-mole’ strategy to vulnerability management 
How David’s advertising agency collaborates with organizations to keep their trade secrets safe 
Why it’s important for vulnerability management managers to have a regular reporting cadence of vulnerabilities uncovered 
David’s top 3 actionable tips for vulnerability management managers 

Betsy Lundsten is the Vulnerability Management Manager at Cisco, and she has decades of experience with vulnerability management in the tech space. 
In the episode today, Betsy discusses the kinds of skills that are critical for professionals in the vulnerability management field and developments that will shape the industry in the next few years. 
Topics discussed:
About Betsy and her background  
What you really need in order to have a successful career working with computers 
About the groundbreaking work Betsy does at Cisco 
The number one problem in the vulnerability management field today 
Soft skills that are critical for vulnerability management professionals 
Automation that will enhance vulnerability management systems 
What vulnerability management will look like in 5 years
Practical advice that vulnerability management professionals need to hear 

Jermaine is the director of Threat and Vulnerability Management at OneMain Financial. Jermain is an 11-year US Navy Veteran and a senior cybersecurity manager that has 18 years of extensive experience in cyber threats, attack surface reduction to include vulnerability management, penetration testing, web application scanning, and purple team activities in support of government and military leaders, commercial and private sectors. On the show today, he discusses the current state of vulnerability management and the weaknesses that exist within the field. 
 
Topics discussed:
Jermaine’s role and responsibilities at OneMain Financial 
The current state of the vulnerability management field 
Fundamentals of cyber hygiene for organizations 
Automation and workflows for vulnerability management 
What vulnerability management will look like in 5 years
Practical advice that vulnerability management professionals need to hear

In this first episode, VP, Chief Information Security Officer at Cox Enterprises, David McLeod, discusses how we might fall short in the future of vulnerability management. 
David reflects on how the vulnerability management field is in its infancy and speculates on some of the top challenges faced by VM professionals today, and the best way to collaborate with the organization’s IT security to address them. 
This episode gives vulnerability management professionals the essential tools to anticipate and address some of the primary challenges in their jobs today. David shares how an organization can build a fully mature VM program. 
Topics include: 
- Ways that VM isn’t scaling
- Unexpected lessons from the car industry 
- Why vulnerability management field is only in its infancy 
- Top challenges facing VM professionals today 
- Collaborating with the IT security team as VM professionals
- Producing a fully mature VM program at an organization 
- How to not just survive each patch cycle, but to thrive in VM 
- David’s predictions on the future of VM 
- Why repeatable process is integral and how to get there 
- David’s advice for security practitioners