White Paper: Lessons Learned in Vulnerability Management

Share on facebook
Share on twitter
Share on linkedin
Share on email

Cybersecurity risk has taken over as the number one topic keeping CIOs and CISOs up at night. Whether it be because of user error, emerging zero-day threats, or persistent attacks against perimeter infrastructure, there is no doubt that agencies are under constant attack from foreign and domestic threats. Never before has it been so critical that agencies stay at the forefront of technology while maintaining patch management, configuration management, awareness programs, and overall vulnerability management in alignment like a finely tuned engine.

How do agencies outpace cyber threats? The answer is simple – Manage your vulnerabilities! Well, it’s easier said than done. Federal agencies are required to manage vulnerabilities on their network, but often are not
provided with all the necessary information on how to execute. Policies are sufficient for heavy brush strokes coming down from The Department, but more and more frequently the operational components of Vulnerability Management programs lead teams into peril. Having infinite options on when and how to run the program (and with what tools) can lead to a ‘paralysis by analysis’ effect, leaving SOPs in draft form for way longer than necessary.

Unfortunately, there is no one universal ‘silver bullet’ for the best way to structure the optimal Vulnerability Management program. Much of an effective program is more an art than a science, and requires constant tuning based on lessons learned. If you have been delegated responsibility for building out a program for your agency, hopefully these hard-earned lessons give you some ideas to think about in terms of preparedness and
technical capability.

Share on facebook
Share on twitter
Share on linkedin
Share on email

Jeremy Trinka

Jeremy Trinka is a passionate Cybersecurity practitioner with experience spearheading projects in Information Security, Infrastructure Technology, Incident Response, Vulnerability Management, and Penetration Testing. Among his accomplishments, Jeremy has worked with organizations both proactively and re-actively to implement objectives which refine IT Security while maintaining productivity and efficiency. He has worked with Fortune 500 companies, the Federal Government, high-profile financial institutions, and healthcare organizations leading Information Security programs. Jeremy maintains a diverse set of certifications (CISSP, CEH, CCNA R&S, CCNA Security, ITILv3, Linux+, Project+, Security+, Network+, A+) and is an alumnus of Western Governors University with a Masters of Science in Cybersecurity and Information Assurance. He is a Solutions Architect and Sr. Security Engineer with InquisIT, and resides in Washington, DC Metro Area.

More Perspectives

Disrupting the Norm

In Other News....

Want to be in the know? Subscribe to our White Paper mailing list!

Don't worry, we also hate Spammers. We'll only contact you when we have something meaningful to share.