Do you ever wonder what the US Government does behind the scenes to synchronize vulnerability management operations? In this panel, we will have CISA’s Vulnerability Management Associate Director, Sandy Radesky, lead a panel discussion with both government and industry leaders in this space. We’ll share the effort it takes to coordinate with partners, reasons why we continue to lead as a collaborative community. We’ll discuss major efforts, to include some new ones: Secure by Design, Coordinated Vulnerability Disclosure, KEV, Open Source Security, and some of our newly released vulnerability analysis.
Bob Lord is a Senior Technical Advisor at the Cybersecurity and Infrastructure Security Agency (CISA). Previously he was the Chief Security Officer at the Democratic National Committee where he brought more than 20 years of experience in the information security space to the Committee, state parties, and campaigns. Before that he was Yahoo’s Chief Information Security Officer, covering areas such as risk management, product security, security software development, e-crimes and APT programs. He was the Chief Information Security Officer in Residence at Rapid 7, and before that headed up Twitter’s information security program as its first security hire.
Chris Hughes is the Co-founder and President, Aquia, a Cybersecurity consulting firm. Chris brings nearly 20 years of IT and cybersecurity experience to his role as co-founder and President at Aquia. Chris also serves as a Cyber Innovation Fellow (CIF) at the Cybersecurity Infrastructure and Security Agency (CISA) focusing on software supply chain security. Additionally, Chris advises various tech startups, including serving as the Chief Security Advisor at Endor Labs.
As a United States Air Force veteran and former civil servant in the U.S. Navy and the General Services Administration’s FedRAMP program, Chris is passionate about making a lasting impact on his country and our global community at large.
In addition to his public service, Chris spent several years as a consultant within the private sector and currently serves as an adjunct professor for cybersecurity master’s programs at the University of Maryland Global Campus. Chris participates in industry working groups, such as the Cloud Security Alliance’s Incident Response and SaaS Security Working Group, and serves as the Membership Chair for Cloud Security Alliance D.C. He is the co-host of the Resilient Cyber Podcast and runs the Resilient Cyber Substack where he shares episodes as well as detailed articles on topics such as Cloud, Vulnerability Management, DevSecOps and more.
Lindsey Cerkovnik is the Chief of CISA’s Vulnerability Response & Coordination (VRC) Branch. Her team is responsible for CISA’s Coordinated Vulnerability Disclosure (CVD) process, the Known Exploited Vulnerabilities (KEV) catalog, and CISA’s Stakeholder Specific Vulnerability Categorization (SSVC) process. Lindsey and her team help to maintain, support, and advance the global vulnerability ecosystem by funding and overseeing the CVE and CVE Numbering Authority (CNA) programs, leading the production and dissemination of machine-readable vulnerability enrichment information, and engaging in valuable technical collaboration with the vulnerability research community.
Patrick Garrity is a security researcher at VulnCheck where he focuses on vulnerabilities, vulnerability exploitation and threat actors. Patrick Garrity is a seasoned cybersecurity professional with over 15 years of experience helping build high-growth SaaS cybersecurity companies including VulnCheck, Nucleus Security, Blumira, Censys and Duo Security.
Sandy J. Radesky serves as the Associate Director for Vulnerability Management at the Cybersecurity and Infrastructure Security Agency (CISA). Prior to this role, Ms. Radesky served as the Deputy Command Information Officer (CIO) for U.S. Fleet Cyber Command/ U.S. TENTH Fleet from December 2020 to February 2023. In this position she oversaw the cybersecurity, policy, design, and future plans for the Navy in order to support full spectrum Cyberspace Operations to enable FLTCYBERCOM as the central operating authority for Navy Networks. Her efforts continued to improve, integrate and directly support joint warfighters, national-level leaders, and other mission and coalition partners across the full spectrum of global operations.
