2025-08-04 –, Florentine F
When does a risk not exist? What is a risk to your employer? Many people overlook the largest risks to their organization and mistakenly focus on the most interesting CVSS, Headline, Zero Day, ect. Understanding when risks can be closed out, and prioritizing which ones to tackle and mitigate first is a struggle for many teams, but why is that? Could the key to prioritization be in changing how you view risks and building a vulnerability management program around this new focus?
In this talk I discuss how little the latest zero day or the biggest CVSS’ are exploited, highlighting the largest cybersecurity incidents of the past year which are often rooted in simple misconfigurations, lack of MFA, or other supposedly minor uninteresting issues.
Focus on how to build a quick threat model of a company, how attacks originate, pivot, and affect companies. Highlighting how attackers typically have a goal rather than just wanting to exploit a specific weakness: extortion (ransomware), data exfiltration, defacement, ect.
I build on that by demonstrating how to take a new CVSS and threat model its applicability to your organization based on your larger scale threat model. For example do you use this vulnerable software but there are already protections in place? If so you might want to prioritize updating this software below your rollout of MFA, or a minor vulnerability that doesn’t have protections in place.
Sean Juroviesky is a dedicated security and risk management expert with extensive experience navigating complex environments. Sean excels at developing a comprehensive understanding of intricate systems and crafting strategic roadmaps to revitalize security programs. By identifying high-risk areas and optimizing the use of existing resources, Sean removes barriers between teams to enhance communication and coordination, driving effective security outcomes. Beyond their professional pursuits, Sean finds joy in backpacking through the mountains with their adventurous Australian Shepherd and twins, embracing the serenity of nature and the thrill of exploration.