0      0

(ISC)2 Security Congress 2022

2101772 - Vulnerability Management is Dead! Long Live Vulnerability Management!

Oct 10, 2022 4:00pm ‐ Oct 10, 2022 5:00pm


You are Jane, the new security director of a company that has 1,000+ servers. You have just been handed an Excel spreadsheet of a report showing you have 15,692 vulnerabilities across your environment. We will discuss the impossible task of managing vulnerabilities. We will walk through the antiquated vulnerability management process that Jane and so many of us have to deal with: spreadsheets, outdated inventory, and no context to the vulnerabilities, assets or underlying business processes. We will explore key questions that challenge everything we know today about prioritization, centralization and automation with the hope of bringing sanity back to information security in our organizations.

Learning Objectives:
  • Understand the challenges of current vulnerability management systems spreadsheets, outdated inventory, no context to the vulnerabilities, assets or underlying business processes, and how the current practices can be inefficient, ineffective and, sometimes, give a false assurance of security.
  • Understand the importance of prioritization, centralization and automation of the vulnerability systems and ask questions about their organizations business objectives, cybersecurity posture and approach to vulnerability management.
  • Come up with a rational, logical and practical approach to vulnerability management that can be incorporated with the overall organizational cybersecurity risk strategy and plan with understanding of the key limitations and execute it with tune-ups and updates.


  • Dr. Sudesh Kannan, PhD, CISSP, CISM, CIPP(US), Adjunct Professor, University Of Maryland Global Campus
  • Ethan Wilder, M.S, CISSP, Sr Manager Product Security, Allstate Insurance Company

You must be logged in and own this session in order to post comments.