Addressing Industry Challenges around Vulnerability Management

Fall 2023

In today’s extremely fast-paced world of continuous and persistent cyber threats by mature cyber-criminal organizations and state-sponsored entities, the topic of Vulnerability Management is frequently top of mind not just within CISO organizations, but up to and including Boards of Directors. As enterprises seek to accelerate their Vulnerability Management capabilities and maturity, they encounter significant roadblocks to making progress both internally and externally.

From an external market perspective, the landscape covering Vulnerability, Threat and Exposure identification and disposition is highly fragmented. Whether consolidation and a clear market winner is in sight remains to be seen.

From an internal view, the challenge remains of efficiently managing long and fragmented toolchains that enterprises have assimilated over time – let alone making sense of the numerous tools in the realm of “identify/detect/protect/prevent,” including software scanning, software supply chain, infrastructure scanning, baseline security configuration, IAM/PAM exposures, and over-privilege management.

As dashboard fatigue and conflicting views of prioritizing Vulnerabilities, Threats and Exposures have contributed to inertia in the space, security executives need to rethink how they provide centralized governance and a consistent set of objectives over fragmented domains that moves from IT Risk to Business context aware risk management.

Please join our panel discussion with Michael Clark, Alex Moss, Chris Zanelli, and Richard Julian to hear about their views on end-to-end Vulnerability Management and actionable strategies to avoid common pitfalls.


Chris has worked across multiple tier 1 global banks to establish maturity in Continuous Risk Assurance, DevSecOps capabilities, Risk Assessment Automation, and practical implementations of Zero Trust principles at scale. He joins us as a speaker for his 3rd ONUG event as a hands-on practitioner and evangelist in mature practices in the IT Risk Automation and Analytics space.

Richard Julian is a principal consultant in cloud and Kubernetes security, primarily focused on security engineering automation and incident response preparation.

Related events