ISSA-LA Security Summit 2025

Vulnerability Management can be seen as one of the basic tenants of a security function in any organization. While supposedly basic, given the ever increasing frequency of data breaches, managing vulnerabilities across an organization is far from being straightforward. How an organization approaches vulnerability management and penetration testing in the past simply does not work with todays technology stack and development methodologies.

From attack surfaces and figuring out what needs to be protected, to fixing vulnerabilities, we take a look at how vulnerability management has evolved over the years. Backed up by real world data, we will discuss topics such as risk prioritization, the dynamic nature of measuring vulnerabilities and how AI can also now help focus our resources. We delve into metric-driven success criteria to see how organizations measure their own programs. What does good look like and am I at least faring better than my peers!