#112 - Attack Surface Management (with Richard Ford)

How do you defend against automated attacks in an era of ChatGPT-formulated malware, coordinated nation-state actors, and a host of disgruntled laid-off security professionals? Want to find your vulnerabilities faster than the bad actors do? Come listen to Richard Ford to learn how to apply best practices in attack surface management and defend your crown jewels.

Special thanks to our sponsor Praetorian for supporting this episode.

Full Transcripts - https://docs.google.com/document/d/18QyrN-7V91nxOyRQ0KsNeJU0-k-bTlqj

Chapters:

• 00:00 Introduction
• 04:22 The Impact of Continuous Attack Surface Mapping on Security Responses
• 07:48 What's the Difference between a CTO and a CIO?
• 10:24 What attracted you to the problem space?
• 12:53 Is the Attack Surface really exposed?
• 16:12 Shadow IT - The Unknown Unknowns that could Bite You
• 19:56 Is there a Shadow IT problem?
• 23:24 How to get management on board with Shadow IT?
• 26:38 Building an Attack Surface Management Program
• 29:57 You Get What You Measure, Right?
• 33:27 Do I Have Vulnerable Assets?
• 39:24 Attack Surface Management