Brian Markham
Chief Information Security Officer,
EAB
I Write Sins, Not Tragedies. Rethinking Vulnerability Management
Wednesday, April 29, 2026 | 1:30PM–2:15PM PT | California Ballroom D, Second Floor
Session Type:
Breakout Session
Delivery Format:
Presentation/Panel
Vulnerability management is a capability every organization needs—and one that nearly every organization struggles to execute consistently. Too often, programs oscillate between routine backlog and high-stress “fire drill” response, especially when major vulnerabilities emerge and expose gaps in ownership, visibility, and execution. In this session, two security leaders will share a practical, environment-agnostic approach to improving vulnerability management. The core message is simple: meaningful improvement is less about chasing a perfect report and more about changing the operating mindset—letting go of perfection, building healthier accountability, and creating incentives and feedback loops that encourage steady progress. Strong tools and reliable data help, but they only matter when paired with a culture and process that make action the default outcome. Attendees will learn what “good” looks like in a vulnerability management program, how to measure and visualize progress without blame, and how to establish accountability in the right places so IT teams can prioritize risk reduction effectively. We’ll also examine common trends and lessons highlighted by major vulnerabilities—and why organizations often miss the chance to learn from them when the urgency fades. Participants will leave with concrete, adaptable practices for improving visibility, prioritization, and execution—regardless of whether their environment is smaller, larger, more mature, or still evolving.
