What happens when the pen testers are done testing your websites? How do you track discovered vulnerabilities and weak controls once the auditors leave? How do you ensure that your organization tracks, monitors, and remediates all the discovered findings once the dust settles and things are back to day-to-day operations? For many organizations, this is a real concern. Tracking five findings may only require the use of a spreadsheet, but how do you track the weaknesses if your organization has 250, 1000 or even more identified vulnerabilities? I will provide the audience with a real-life process example for tracking and documenting mitigation and remediation efforts of identified vulnerabilities.
CISOs, ISSOs, Cyber Security Analysts, Supervisors, Auditors; anyone who is involved with vulnerability identification/management and is looking for ways to build a efficient, repeatable and sustainable program to monitor the remediation process of their organization’s identified vulnerabilities.
Sr Cyber Security Analyst, Deputy Program Manager | Department of the Army
Terri is a senior IT Professional with 35 years of experience working for the Department of the Army, both as a government employee and now as a contractor. She is employed by Exeter Government Services as a Deputy Program Manager/Sr Cybersecurity Analyst. In 2017, Terri received her Master of Science in Information Assurance and Computer Security from Dakota State University. She holds certifications for EC-Council’s Certified Ethical Hacking, ISACA’s Certified Information System Auditor and ISC2’s Certified Information Systems Security Professional. In addition to her Deputy PM responsibilities, Terri leads a team of auditors conducting assessments of the organization’s servers, workstations, devices, applications, etc., found on the network. The team works directly with system, network and database administrators, application developers, and many others to remediate discovered findings.