February 10, 2021

Vulnerability Management w/ Anne Marie Zettlemoyer

by Cyber Ranch

Listen Now


Show Notes

Allan Alford interviews Anne Marie Zettlemoyer about the topic of vulnerability management. Anne Marie is a visiting fellow with the National Security Institute at George Mason University, and one of the all-around sharpest minds Allan knows in information security! Anne Marie is deeply entrenched in the world of information security, and she loves her work. She began her career in accounting and finance, but by serendipity was introduced to security through a position updating a company’s payment system. From there, she was recruited into the Secret Service, where she developed a passion for the information security field - a field she hasn’t left since! Anne Marie is driven by the energy and nobility of her profession, and she values work as a protector and defender. At the same time, she feels a high level of responsibility to her company and her customers to navigate information security well. The baseline for security work, Anne Marie says, is the fundamentals. The first line of a security officer’s responsibility is to maintain this sort of system hygiene; this is why Anne Marie is passionate about vulnerability management. In a changing threat landscape, vulnerability management is a basic necessity to keep products and clients safe. Of course, this does not make vulnerability management an easy task. Practitioners of vulnerability management must also attend to a variety of factors, from issues of regulation and compliance, to CVSS scores and tooling for contextualization, to determining the way in which vulnerability management should be situated within their broader security program (often as a key driver). Within the world of information security, vulnerability management is one of many complex pieces to juggle together, and people like Anne Marie stand at the center of the balancing act. Anne Marie leaves listeners with an idea of how best to approach information security today, but she also leaves them with the prospect of exciting changes on the horizon in the areas of data governance and bridging the gap between speed and security. Key Takeaways 0:17 - Listeners are introduced to Allan Alford and his guest, Anne Marie Zettlemoyer. 1:12 - Allan asks Anne Marie to walk through her day job. 1:56 - Why is vulnerability management important to Anne Marie? 4:13 - Allan shifts to the subject of motivating people to fix vulnerabilities. 6:26 - Anne Marie’s broad experience gives her a unique experience. 8:41 - Remediations must be obtainable. 10:27 - Overall, fundamentals, partnership, and understanding are needed. 11:27 - Allan and Anne Marie turn to metrics, tooling, and context. 14:38 - Within the security program, where does vulnerability management fit? 18:00 - How did Anne Marie get into vulnerability management? 20:15 - Her job and its responsibilities require certain things. 20:56 - What keeps Anne Marie in the game? 22:20 - What is she looking forward to in the field? Learn more about Anne Marie Zettlemoyer and connect with her on Twitter and LinkedIn. Learn more about Allan Alford and connect with him on Twitter and LinkedIn. Learn more about The Cyber Ranch Podcast, part of the Hacker Valley Studio family. Learn more about podcast sponsor Axonius. Support Hacker Valley Studio on Patreon. Follow Hacker Valley Studio on Twitter.
Read more

Recent Episodes

February 1, 2023
by Cyber Ranch

Joining Allan today are two folks who are passionate about leadership – not just practicing good leadership, but instilling good leadership in future generations.  Joey Rachid is CISO in the ecommerce and financial services industry, is on advisory b...

January 25, 2023
by Cyber Ranch

This week Allan is joined by Nipun Gupta, and industry veteran who has been a consultant, practitioner, vendor, advisor and investor. The topic is "What are we really protecting in cyber?" and the nuances of that question are explored in depth - as w...

January 18, 2023
by Cyber Ranch

This week, Allan is joined by Peter Schawacker, CEO @ Nearshore Cyber, former CISO, advisor to MSPs, etc.  Another one of Allan's illustrious guests with 25 years in cyber.  (https://www.linkedin.com/in/schawacker/).  The topic started as all that th...

January 11, 2023
by Cyber Ranch

This episode is jam-packed with wisdom that is delivered at a rapid pace.  Some folks will find themselves rewinding and taking notes.  Luis Valenzuela, Director of Data Loss Prevention and Data Governance at InComm Payments, joins Allan Alford to ta...

January 4, 2023
by Cyber Ranch

To celebrate the 100th episode, Allan decided to let the audience participate in the show.  21 people called in and answered a wide variety of questions about cybersecurity.  It is a fantastic show and it is very fun to hear all the different perspec...

December 14, 2022
by Cyber Ranch

This is another "'E' for explicit" show as this one is another LIVE! show from the CISO XC conference in Dallas-Fort Worth. Why the 'E'?  Because halfway through Allan Alford's conversation with Andy Ellis (CISO at Orca, Operating Partner at YL Ventu...

December 7, 2022
by Cyber Ranch

In this episode, Allan Alford plays Devil's advocate - challenging the practitioner community to refute the idea that we should quit trying to make the organization care and simply make suggestions and accept the organization's level of risk toleranc...

November 30, 2022
by Cyber Ranch

Scott Schindler, veteran CISO, vCISO, and adjunct professor joins Allan at the ranch to talk about how to build, strengthen, participate in, contribute to and benefit from a cybersecurity community. Allan chose Scott for this show because of his incr...

November 16, 2022
by Cyber Ranch

Dan Holden, a 20+ year industry veteran, former vendor, and current CISO at Big Commerce joins Allan Alford at the ranch to talk about the BIG picture.  Join them on this wild trail ride that goes as far back as the Monroe Doctrine of 1823, the pre-c...

November 9, 2022
by Cyber Ranch

This week Allan Alford is joined by Duane Gran, Director of Information Security at Converge Technology Solutions to discuss three different aspects of the CISO craft -- and to offer practical, concrete guidance on how to achieve the right outcomes: ...