Graham J. Westbrook (C|EH, Sec+) has experience across Defense, Healthcare and Commercial. Intelligence analyst by training, cybersecurity analyst by trade, Graham has spoken at OKC Innotech 2022, CU Intersect 2022, IASAP 2020, FIRST CTI 2020, ISF 2020, InfoSecWorld 2019, RMISC 2019, Toronto RiskSec 2017 & SANS Security Awareness Summit 2017. Graham holds a B.A. Intelligence Studies, and a M.S. in Criminal Justice & Forensic Psych.
Panic at the Disco(very): Real Talk on Critical Vulns Before you React Impulsively
Vulnerability management can often feel like some sort of panic industrial complex in which it’s difficult to discern what’s real amid the onslaught of new and next. But with the right tools and a thoughtful approach to prioritization, it’s more possible than ever to become a strong defender by learning from attackers, differentiating between what’s meaningful vs. myth and responding appropriately. The reality is, most people struggle to make better decisions when vulnerabilities emerge because they lack information or get it from incomplete sources.
In this session, we’ll be joined by two current practitioners and experts in their respective fields of vulnerability management and threat hunting who know exactly how to use trusted sources of intelligence to patch what matters and deprioritize the rest.
In this session, we’ll cover:
- How attackers think about exploiting vulnerabilities, even if they don’t have CVEs.
- How defenders better protect their organizations from new vulnerabilities, even if they can’t scan for them.
- Demonstrating how legacy vulnerabilities (e.g. BOA web servers) can threaten OT/ICS/SCADA organizations as well as Manufacturing/Industrial/Oil & Gas and supply chains across the globe, alongside mitigating controls.
- Debunking vulnerability myths (e.g. CVE 2021-33558) which have high CVSS scores when they should be zero.
- How to move from reactive, to proactive to predictive and use new metrics like exploit prediction scoring (EPSS) or ransomware likelihood (RL).
- Clear-eyed risk assessment tips and tricks within the vulnerability management lifecycle to make better decisions without panicking.
We look forward to seeing you there!
Meet The Speakers
Christopher Sundberg, GICSP is a Product Cybersecurity Engineer in the Corporate Technology Office for Woodward, Inc. Mr. Sundberg is responsible for security architecture, secure development lifecycle, and product security compliance across a wide variety of cyber-physical devices sold by Woodward, Inc.
Kyle has over 20 years of professional Cyber Security experience focusing on Offensive Security, Threat Intelligence, and Threat Detection and Response. Kyle has become a trusted adviser with customers and colleagues through teamwork, industry knowledge, and technical expertise.