Building a Vulnerability Management Program

Date: 09/16/2024
Start Time: 1:30pm
End Time: 2:30pm
Room: Pavilion 2
Track: Cybersecurity
Speakers: Chad Cornelssen, Phillip Collins, Eric Pyle

An overview of how Choctaw Nation Information Security created a comprehensive Vulnerability Management Program. Over the course of 18 months CNO Information Security transformed how the tribe identifies, tracks, and remediates vulnerabilities. We moved from simply scanning assets every month and emailing reports to system owners, to identifying and scanning assets, tracking vulnerabilities, automating ITSM tickets for remediation, measuring remediation efforts and reporting progress to leadership. We successfully created a VMP working group that meets monthly to discuss challenges, share tips and tricks, identify emerging threats, and celebrate successes.