Vulnerability Management vs. Exposure Management

In this episode, Brad Hibbert (COO & Chief Strategy Officer at Brinqa) joins Ashish to explain why traditional risk-based vulnerability management (RBVM) is no longer enough in a cloud-first world .

We explore the evolution from simple patch management to Exposure Management a holistic approach that sits above your security tools to connect infrastructure, code, and cloud risks to actual business impact . Brad breaks down the critical difference between a "Risk Owner" (the service owner) and a "Remediation Owner" (the team fixing the bug) and why this distinction solves the "who fixes this?" problem .

This conversation covers practical steps to uplift your VM program, how AI is helping prioritize the noise , and why compliance often just "proves activity" rather than reducing real risk . Whether you're drowning in Jira tickets or trying to automate remediation, this episode provides a roadmap for modernizing your security posture

Guest Socials - ⁠⁠⁠⁠⁠Brad's Linkedin

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

If you are interested in AI Security

, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security Podcast⁠

Questions asked:

(00:00) Introduction(02:50) Who is Brad Hibbert? (Brinqa)(04:55) The Evolution: From Scanning Servers to Cloud Complexity (06:50) What is Risk-Based Vulnerability Management? (08:50) Risk Owners vs. Remediation Owners: Who Fixes What? (12:00) How AI is Changing Vulnerability Management (15:20) Defining Exposure Management: Moving Beyond the Tools (18:30) The Challenge of "Data Inconsistency" Between Tools (22:30) Readiness Check: Are You Ready for Exposure Management? (25:10) Automated Remediation: Is "Zero Tickets" Possible? (28:40) Compliance vs. Risk: Why "Activity" isn't "Impact" (31:30) Maturity Milestones for Exposure Management (36:50) Fun Questions: Golf, Turkish Kebabs & Friendships

Det här avsnittet är hämtat från ett öppet RSS-flöde och publiceras inte av Podme. Det kan innehålla reklam.

Avsnitt(349)

How AI Agents Will Negotiate Your Vendor Contracts

Third-Party Risk Management (TPRM) has historically been a tedious, 200-page paper exercise that felt like being catapulted back to 1979. But AI is changing that.In this episode, Ashish sits down with...

27 Maj 37min

How Claude Mythos Changes Vulnerability Management: From CVSS to Exploitability

Is your vulnerability management program ready for something like Claude Mythos? The old days of treating vulnerabilities as temporal events (like Heartbleed or Log4J) and patching them on a leisurely...

5 Maj 44min

AISPM Isn't Enough: How to Apply Zero Trust to AI Agents

We are officially entering the "Multi-AI Era." Much like the multi-cloud times, organizations are no longer just using a single AI tool like Microsoft Copilot, they are building custom, agentic workfl...

29 Apr 54min

The Rise of Agentic Cloud Security: Code-to-Cloud Shrinks to 3 Days

Is your cloud security strategy ready for the "messy middle" of AI adoption? With developers pushing code from inception to production in under three days using "vibe coding," and adversaries capable ...

21 Apr 26min

Why EDR Fails at AI Security & The Rise of Endpoint Behavior Modeling

Is your EDR blinding you to insider threats? In this episode, Ashish is joined by Brandon Dixon (Co-Founder & CTO of Ent AI, and former Microsoft Security Copilot leader) to discuss why traditional en...

14 Apr 31min

Solving Prompt Injection & Shadow AI for AI Malware

Are AI agents functioning like adversarial malware inside your network? In this episode of the Cloud Security Podcast, Ashish sits down with Jasson Casey, Co-founder and CEO of Beyond Identity, to spe...

7 Apr 36min

Browser Security Explained: Consent Phishing, "Click Fix" Attacks & The Limits of EDR

Is your security team treating your Identity Provider (IDP) like a firewall? In this episode, Adam Bateman (CEO & Co-founder of Push Security) explains why that's a dangerous mistake and how modern at...

10 Mars 46min

Is AI Hallucinations a Myth and the Real Threat from AI

Are attackers really using AI to run end-to-end cyber campaigns? In this episode, Edward Wu (Founder and CEO, DropzoneAI) joins Ashish to separate the hype from reality when it comes to AI-driven atta...

6 Mars 40min