The concept of finding and fixing software vulnerabilities is certainly nothing new. We all know that reducing our attack surfaces, by eliminating vulnerabilities, is a fundamental part of any 21st century cyber security strategy. However, many are still frustrated with their inability to actually identify and remediate critical risks, before the bad guys start taking advantage of them.
You’ve got the find part nailed down pretty good, but can’t seem to close the deal on fixing them. Or you feel overwhelmed by the sheer number of vulnerabilities you’re faced with and don’t know where to start. Well, if you’ve been using the same vulnerability management tactics for years, and hoping for different results – that’s right – you may be a little insane.
Over the past decade, your adversaries have certainly evolved their thinking when it comes to exploiting your vulnerabilities. In order to stay ahead of them, we too have to adapt and find new ways to improve the find and fix vulnerability management philosophy we’ve all subscribed to for more than twenty years. During my extended career as both a CISO and Info Security Consultant, I’ve been fortunate to have gotten the chance to roll up my sleeves and get my hands dirty on dozens of cyber security projects, both in the government and commercial sectors. And like most everything else in life, I’ve come to realize that better security comes from working smarter, not harder.
None of us ever have enough time, people or dollars to throw at all of the challenges we are faced with. We need to find creative and alternative strategies for getting more done with less and ultimately staying steps ahead of the bad guys.
You can’t continue to carry the weight of your company’s entire vulnerability management program solely on your shoulders. It will inevitably crush you. Instead, it’s time to enlist the help of others within your organization who are subject matter experts of their systems and applications. It’s also time to admit to yourself and your management team that trying to assess everything is a great recipe for disaster. And finally, it’s paramount that what your teams and senior leaders are getting the information they need, and more importantly, it’s critical that they sign off on the risk.
Want to stop the insanity? Join me as I share my tales from the trenches and provide you with new insights for running an effective and efficient vulnerability management program – for when you don’t have a well-oiled machine or an unlimited budget to bail you out.

Scott Lang, Sr. Director, Product Marketing at BeyondTrust
Scott Lang has nearly 20 years of experience in technology product marketing, currently guiding the product marketing strategy for BeyondTrust’s privileged account management solutions and vulnerability management solutions. Prior to joining BeyondTrust, Scott was director of security solution marketing at Dell, formerly Quest Software, where he was responsible for global security campaigns, product marketing for identity and access management and Windows server management.