January 11, 2021 • RBS

Categories: Videos

Deana Shick, PSIRT Engineer at Intel Corporation, joins Jake Kouns, CEO and CISO at RBS to talk about how Risk Based Vulnerability Management and Vulnerability Coordination works in the “real world.”

Deana specializes in vulnerability management, vulnerability response & threat intelligence. Prior to her role she was PSIRT Lead at Rockwell Automation and was a member of the technical staff at the CERT Division at the Software Engineering Institute. She has also coordinated and developed responses to Information Security standards such as CVE and CVSS.

Deana has been involved in a number of important projects including:

  • Department of Defense Vulnerability Disclosure Program (VDP)
  • The Coordinated Vulnerability Disclosure guide for DOD

Check out this episode of The Right Security for key insights of how vulnerabilities work in the real world.

Show Notes

0:00 – Welcome and speaker introduction
2:25 – Vulnerability disclosures in 2021 & year-end 2020 quick-view
3:08 – CVSS v2 vs. CVSS and use for vulnerability prioritization
5:10 – CVSS awareness amongst enterprise security teams
10:16 – Real risk-based vulnerability management 
11:43 – CVSS v4 involvement
13:04 – SSVC use in a PSIRT role
18:00 – CVD and its value in vulnerability coordination
21:17 – Learnings from work on Coordinated Vulnerability Disclosure guide
23:40 – Researcher frustration with vulnerability coordination 
26:08 – Difference between VDP and CVD 
29:40 – Vendors piggybacking on MS patch Tuesday
33:26 –  Recommendations for continuing virtual learning in cybersecurity
37:00 – Figuring out what area of cybersecurity to get into

Further Reading

The Right Security

This is the latest in our video series The Right Security, in which we talk with leaders and veterans in the security industry, tackling the biggest issues impacting organizations today.

Check out The Right Security series on YouTube, and subscribe to the Risk Based Security channel to see new episodes in your feed.

Our products
The Platform
Risk Based Intelligence
Learn more
Vulnerability Intelligence
Learn more
Cyber Risk Analytics
Threat Intelligence
Learn more
Risk Management
Learn more