On-Demand Webcast|1 hour

Archived: Fixing a Broken System: Why Legacy Vuln Management Tools Can’t Keep Up

Attendees will learn

  • Why coverage gaps persist — how todays vulnerability management tools fall short, leaving 25–40% of enterprise assets effectively invisible.
  • The limits of legacy scanning — why authenticated scans, agents, and CAASM aggregation each miss critical parts of the attack surface.
  • Whats next for exposure management — strategies to rebuild vulnerability management around real-world attacker perspectives, continuous visibility, and timely remediation.
Sponsored by:

Registration Closed

This event is no longer accepting registrations, but there’s plenty more to explore! Check out all our upcoming and available events.

Browse Events

For decades, vulnerability management has been the backbone of enterprise security. But as networks have grown more complex and adversaries more creative, traditional scanning approaches are showing their age. Today, most organizations face a sobering reality: despite investing in leading tools, as much as a quarter of their environment remains unscanned or misrepresented, creating dangerous blind spots.

In this SC panelcast, HD Moore and Tod Beardsley from runZero will explore the shortcomings of legacy scanners and the pitfalls of over-relying on authenticated scans, agents, or siloed asset data.

Attendees will hear why slow scan cycles and partial coverage leave organizations vulnerable to the very products meant to protect them — from firewalls to VPN appliances — and how attackers are exploiting those gaps.

Most importantly, the discussion will highlight emerging practices and technologies reshaping vulnerability management, including continuous exposure assessment, smarter aggregation, and attacker-informed prioritization.

Event Speakers

Tod Beardsley
Vice president of security research at runZero, Inc.

Tod Beardsley is VP of Security Research at runZero, where he “kicks assets and fakes frames.” Prior to 2025, he was the Section Chief for the Vulnerability Response section for CSD/VM/VRC at CISA, the Cybersecurity and Infrastructure Security Agency, part of the US government. He’s also a founder and CNA point of contact for AHA!. He spends much of his time involved in vulnerability research and coordinated vulnerability disclosure (CVD). He has over 30 years of hands-on security experience, stretching from in-band telephony switching to modern ICS/OT implementations. He has held IT ops, security, software engineering, and management positions in large organizations such as the Rapid7, 3Com, Dell, and Westinghouse, as both an offensive and defensive practitioner. Tod is a CVE Board member, has authored several research papers, and hosted Rapid7’s Security Nation podcast with Jen Ellis. He is also a former Travis County Election Judge in Texas, and is currently an internationally-tolerated horror fiction expert.

HD Moore
CEO and Founder at runZero

HD Moore is a pioneer of the cybersecurity industry who has dedicated his career to vulnerability research, network discovery, and software development since the 1990s. He is most recognized for creating Metasploit and is a passionate advocate for open-source software and vulnerability disclosure.

HD serves as the CEO and founder of runZero, which provides a single source of truth for exposure management across your total attack surface. Delivering in-depth visibility into every asset and exposure, runZero helps you mitigate risks faster, meet compliance requirements, and ensure you continuously discover critical insights that others miss — including unknown and unmanageable devices and elusive exposures that evade traditional tools.

Prior to founding runZero, HD held leadership positions at Atredis Partners, Rapid7, and BreakingPoint. HD has also been a frequent speaker at industry events such as Black Hat and DEF CON. HD’s professional journey began with exploring telephone networks, developing exploits for the Department of Defense, and hacking into financial institution networks.

Adrian Sanabria
Principal Researcher at The Defenders Initiative

Adrian is an outspoken researcher that doesn’t shy away from uncomfortable truths. He loves to write about the security industry, tell stories, and still sees the glass as half full.