Guest:
- Caleb Hoch, Consulting Manager on Security Transformation Team, Mandiant, Google Cloud
Topics:
Topics covered:
- How has vulnerability management (VM) evolved beyond basic scanning and reporting, and what are the biggest gaps between modern practices and what organizations are actually doing?
- Why are so many organizations stuck with 1990s VM practices?
- Why mitigation planning is still hard for so many?
- Why do many organizations, including large ones, still rely on unauthenticated scans despite the known importance of authenticated scanning for accurate results?
- What constitutes a "gold standard" vulnerability prioritization process in 2025 that moves beyond CVSS scores to incorporate threat intelligence, asset criticality, and other contextual factors?
- What are the primary human and organizational challenges in vulnerability management, and how can issues like unclear governance, lack of accountability, and fear of system crashes be overcome?
- How is AI impacting vulnerability management, and does the shift to cloud environments fundamentally change VM practices?