This presentation is a detailed how-to for assessing, implementing, and maintaining a Vulnerability Management Program. It will also touch a bit on patch and configuration management as they are both remediation's that typically result from running Vulnerability Management efforts. This presentation is not based on theory. It is based on experience in literally dozens of environments, some that were scanning over 90,000 live hosts per month. The presentation will also cover methods for working with systems administrators and application owners to get processes in place that are sustainable and will produce results. In addition, metrics and score-carding will be discussed with a focus on measuring what needs to be done and what work has been done.

Derek Milroy is a corporate security professional that has been implementing strategy and solutions in various environments, as both an internal employee and as a consultant, for the past fifteen plus years. He is currently a Security Architect focusing on ensuring that all solutions provided by his team has the proper levels of security in place. His main areas of focus include Windows Hardening, Vulnerability Management (including Emerging Threat/Vulnerability Research and Analysis), Cloud, Risk Assessments and Incident Response. Derek is also a recovering QSA and has experience performing FISMA and ISO assessments.

Back to Circle City Con 2018 Videos list