S5E3: Patrick Garrity - Vulnerability Research, Management and Visualizations
Nikki - I wanted to ask you first what got you so passionate about vulnerability management - what was it that first sparked your curiousity and interest into security research? Nikki - You do a lot of awesome graphics and visualizations of vulnerability data from both CISA KEV and around types of CVE's - what kind of statistics do you think are most important for security practitioners to know - and on the other side, what is most important for executives to understand? Chris - You've now begun to even start to submit known exploited vulnerabilities to CISA to be added to the KEV, can you tell us about that experience, how you're identifying them and how the process has been?Chris - We talk a lot about the need for vulnerability context, going beyond CVSS and using things such as KEV and EPSS. In your work, how do you see organizations leveraging context to help vulnerability prioritization?Nikki - We know that organizations could have a backlog of up to 10k vulnerabilities - based on some recent statistics. Where do organizations start? How do they get a handle on vulnerability management? Chris - What are some other trends you see in Vulnerability Management that organizations can use to start to get a handle on things?Chris - You've made the transition from marketing to vulnerability research, visualization and some would say industry leader. Can you speak about the journey and advice for others looking to follow a similar path?Nikki - What's next for you - besides being the pre-eminent vulnerability researcher in this space?