Member Spotlight

Art Manion and Jay Jacobs have been driving forces within the FIRST cybersecurity organization, particularly through their leadership in Special Interest Groups (SIGs) focused on vulnerability management.

Jay Jacobs serves as co-Chair of the EPSS SIG and Art Manion serves as Chair of both the Vulnerability Reporting and Data eXchange SIG (VRDX-SIG) and the Vulnerability Coordination SIG.

In recent years, their pivotal contributions to the Common Vulnerability Scoring System (CVSS) and Exploit Prediction Scoring System (EPSS) SIGs have provided the global community with essential frameworks for vulnerability assessment and prioritization. Beyond standards development, both have been instrumental in organizing and participating in the VULNCON conference, the premier event for vulnerability management professionals.

In recent years, their pivotal contributions to the Common Vulnerability Scoring System (CVSS) and Exploit Prediction Scoring System (EPSS) SIGs have provided the global community with essential frameworks for vulnerability assessment and prioritization. Beyond standards development, both have been instrumental in organizing and participating in the VULCON conference, the premier event for vulnerability management professionals.

At the most recent edition in Scottsdale, Arizona (April 2026), they jointly led a live discussion titled "A Paradigm Shift in Vulnerability Identity: Why Vulnerability Databases Struggle", further demonstrating their commitment to fostering collaboration and knowledge exchange.

Through their work in SIGs, CVSS, EPSS, VULNCON, and other initiatives, they have significantly elevated the field’s technical rigor and community engagement. Their efforts have not only shaped best practices but also strengthened FIRST’s role as a leader in incident response. The dedication of Art Manion and Jay Jacobs has already had a lasting impact on cybersecurity worldwide.

Excerpt from the VulnCon 26 page

Art Manion spends a lot of time working on various aspects of technical cybersecurity vulnerabilities including coordinated disclosure, measurement, management, information systems, risk assessment, and public policy. Art has led and contributed to vulnerability-related efforts the Forum of Incident Response and Security Teams (FIRST), the CVE Program, ISO/IEC JTC 1/SC 27, the Open Source Security Foundation (OpenSSF), and the National Telecommunications and Information Administration (NTIA, US). Art is the Deputy Director of Tharros Labs and previously managed vulnerability analysis at the CERT Coordination Center (CERT/CC).

Jay Jacobs is a Co-founder and Data Scientist at Empirical Security and Data Scientist Emeritus at Cyentia Institute. Jay is also the lead data scientist for the Exploit Prediction Scoring System (EPSS) and co-chair of the EPSS special interest group at FIRST. He also serves as the chair of the Consumer Working Group within the CVE program. Prior to his current roles, he was the Chief Data Scientist at Cyentia for several years and produced dozens of data-driven industry reports. He also served as the lead data scientist at Verizon working on the Data Breach Investigations report from 2010-2015 and he also served on the board of directors for the Society of Information Risks Analysts (SIRA) where he co-founded the non-profit dedicated to advancing risk management practices.

Published on FIRST POST: Apr-Jun 2026