The Known Exploited Vulnerability catalogue, aka the KEV – Tod Beardsley – BTS #35
Gain insights into the CISA KEV straight from one of the folks at CISA, Tod Beardsley. Learn how KEV was created, where the data comes from, and how you should use it in your environment.
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!
Resource: https://cisa.gov/kev
Tod Beardsley is VP of Security Research at runZero, where he “kicks assets and fakes frames.” Prior to 2025, he was the Section Chief for the Vulnerability Response section for CSD/VM/VRC at CISA, the Cybersecurity and Infrastructure Security Agency, part of the US government. He’s also a founder and CNA point of contact for AHA!. He spends much of his time involved in vulnerability research and coordinated vulnerability disclosure (CVD). He has over 30 years of hands-on security experience, stretching from in-band telephony switching to modern ICS/OT implementations. He has held IT ops, security, software engineering, and management positions in large organizations such as the Rapid7, 3Com, Dell, and Westinghouse, as both an offensive and defensive practitioner. Tod is a CVE Board member, has authored several research papers, and hosted Rapid7’s Security Nation podcast with Jen Ellis. He is also a former Travis County Election Judge in Texas, and is currently an internationally-tolerated horror fiction expert.
Below the surface listeners can learn more about Eclypsium by visiting eclypsium.com/go - there you will find the “Ultimate guide to supply chain security”, an on-demand webinar I presented called “Unraveling Digital Supply Chain Threats and Risk”, a paper on the relationship between ransomware and the supply chain, and a customer case study with Digital Ocean. If you are interested in seeing our product in action you can also sign up for a demo, you can get all that at eclypsium.com/go!
