Making vulnerability management and incident response actually work. Also, the News! – Beck Norris, Ryan Fried, José Toledo – ESW #442
Segment 1 with Beck Norris - Making vulnerability management actually work
Vulnerability management is often treated as a tooling or patching problem, yet many organizations struggle to reduce real cyber risk despite heavy investment. In this episode, Beck Norris explains why effective vulnerability management starts with governance and risk context, depends on multiple interconnected security disciplines, and ultimately succeeds or fails based on accountability, metrics, and operational maturity.
Drawing from the aviation industry—one of the most regulated and safety-critical environments—Beck translates lessons that apply broadly across regulated and large-scale enterprises, including healthcare, financial services, and critical infrastructure.
Segment 2 with Ryan Fried and Jose Toledo - Making incident response actually work
Organizations statistically have decent to excellent spending on cybersecurity: they have what should be sufficient staff and some good tools. When they get hit with an attack, however, the response is often an unorganized, poorly communicated mess! What’s going on here, why does this happen???
Not to worry. Ryan and José join us in this segment to offer some insight into why this happens and how to ensure it never happens again!
Segment Resources:
- [Mandiant - Best practices for incident response planning]
Segment 3 - Weekly Enterprise News
Finally, in the enterprise security news,
- Almost no funding…
- Oops, all acquisitions!
- Changes in how the US handles financial crimes and international hacking
- Mass scans looking for exposed LLMs
- The state of Prompt injection
- be careful with Chrome extensions
- and home electronics from unknown brands
- Is China done with the West?
All that and more, on this episode of Enterprise Security Weekly.
Beck has seen 15+ years in IT and cyber security and is an enthusiastic, innovative, customer-focused leader with a history of creating, leading and maturing global technology-based teams, processes, and technology.
She has overseen program and platform development from the ground up to production, has a over a decade of experience in multiple compliance arenas, and experience managing technical personnel and consulting services strategies. She is familiar with a variety of business environments as both a client and as a consultant, from corporate to entrepreneurial settings which has provided her with a real-world understanding of the importance of professional services and organizational management to meet business objectives.
She is known for her cheerful pro-action in creating new and inventive solutions to resolve security and process gaps in order to initiate efficiency, progress and growth. She is passionate about supporting diversity and inclusion initiatives, having created and co-chaired several committees dedicated to bringing awareness to Neurodiversity as well as Women in Technology.
Ryan has 10+ years of experience in IT security ranging from compliance, analyst engineer, CISO and consultant. He also has taught cyber security at the community college level for the last 8 years. Ryan has most recently been leading initiatives such as SOAR, purple teaming, network segmentation, devsecops and cloud security posture management.
José has over a decade of experience across the IT and OT landscapes, with a background spanning enterprise network administration, security program development, and complex environmental assessments. He has most recently been leading strategic initiatives focused on bridging the gap between technical cybersecurity and business objectives. His work focuses on building and assessing comprehensive cybersecurity programs for global organizations, performing technical assessments across Active Directory and cloud environments, and conducting tabletop exercises.
Security Weekly listeners save $100 on their RSAC 2026 All Access Pass! RSAC 2026 Conference will take place March 23rd to March 26th in San Francisco. To register using our discount code, please visit securityweekly.com/rsac26 and use the code 56U5SECWEEKLY! We hope to see you there!
Adrian Sanabria
- FUNDING/M&A – courtesy of the Security, Funded newsletter #226 – The Privilege(d) Acquisition
Vibe Check
What metric should we finally stop tracking in 2026?
4/6 Number of vulnerabilities patched 6/6 Phishing test click rates 0/6 Tool/asset coverage 1/6 Cyber risk quantification
Quotes:
- “Most CVEs can’t be exploited. Worthless stat that wastes the time of most people involved. New stat should be exploitable vulns patched.”
- “Please stop the phishing simulation madness, I beg of you.”
- “Test ability to report phishing, and get that to 100%”
Funding
- Torq, a United States-based cybersecurity platform that provides advanced protection and threat detection capabilities, raised a $140.0M Series D from Merlin Ventures.
Acquisitions
- SGNL.AI, a United States-based privileged access management (PAM) platform focused on just-in-time (JIT) access, was acquired by CrowdStrike for $740.0M. SGNL.AI had previously raised $42.0M in funding.
- Seraphic Security, a browser runtime security provider, was acquired by Crowdstrike for a rumored $420M. Seraphic had previously raised $29M in funding.
- Bootstrapped Thinkst Canary acquires UK-based DeceptIQ
- Cisco in 'advanced talks' to acquire Axonius for a rumored $2B. (noooooo, everyone is saying behind the scenes)
- Palo Alto Networks in negotiations to acquire one-year-old Israeli startup Koi for a rumored $400M. (noooooo, everyone is saying behind the scenes)
- CRIMES: Money Laundering and Sanction Fines Fall 61% Amid US Deregulation
- FEDERAL: CISA loses key employee behind early ransomware warnings
- FEDERAL: Washington Wants to Get Tough on Nation-State Hackers. Are Infrastructure Operators Ready?
- TRENDS: Honeypots detect threat actors mass scanning LLM infrastructure
- TRENDS: Prompt Injection, End of 2025: Progress, Without the Self-Deception
- TRENDS: UL Solutions withdraws as lead admin for FCC cyber label program amid probe into China ties
- POLICIES: Beijing tells Chinese firms to stop using US and Israeli cybersecurity software, sources say
China is also reportedly turning away shipments of NVIDIA H200s. Are we nearing the end of China's dependency on the US? What does that mean for nation state hacking and cybersecurity?
