Vulnerability Management: Myths and Solutions

Tuesday, May 14 | 2:45PM–3:45PM CT | Vevey 3, Second Floor Event Centre
Session Type: Breakout Session
Vulnerability management: a never-ending slog or a mainstay of modern information security? When time is precious, budgets are tight, and priorities are shifting, is vulnerability management the right investment? What kind of vulnerability management should you do? Authenticated scans, threat prioritization, sysadmins with questions, firewall rules, and a thousand other concerns loom behind a simple yes-or-no question. Join Rapid7 and the University of Chicago as we open the door wide on our partnership and confront the myths we dispelled, the discussions we had, and the choices we made for UChicago on how to build a sustainable program.

Outcomes: Clearly outline the principles of an enterprise-grade vulnerability management program * Get actionable insight on how to prioritize vulnerabilities, including metrics from across higher education * Discuss challenges to vulnerability management in a decentralized environment from a technical perspective, including firewall rules, credential management, and vulnerability classifications


  • Jason Edelstein

    IT Risk and Compliance Program Manager, University of Chicago
  • Sherif Hassabo

    Information Security Engineer, University of Chicago
  • Eric Reiners