In this episode of Socializing Security, Steve Sims returns to discuss the fundamentals of cybersecurity, focusing on vulnerability management. The conversation covers the importance of understanding assets, the role of CVE in tracking vulnerabilities, prioritization strategies, and the necessity of having a robust vulnerability management plan. Steve emphasizes the significance of compensating controls, risk management, and the need for documentation and exceptions in the face of vulnerabilities. The episode concludes with insights on engaging consultants to build effective security plans and the importance of continuous adaptation in cybersecurity practices.

Steve's previous episode about Asset Management: https://www.socializingsecurity.com/e/e012-security-foundations-champions-of-asset-management

More from Steve at https://www.cruxialtech.com/

Chapters
00:00 Introduction and Reintroduction
04:08 Security Fundamentals Start with Asset Management
06:10 Vulnerability Management Essentials
08:58 The Role of CVEs in Vulnerability Tracking
11:54 Prioritizing Vulnerabilities in Your Environment
19:19 Compensating Controls and Risk Management
23:23 Prioritization and Hard Decisions
28:25 Building a Vulnerability Management Plan
32:37 Business Impact and Resource Allocation
34:27 Wrapping Up and the Future of Security Essentials
35:41 Reflections