In this episode of Socializing Security, Steve Sims returns to discuss the fundamentals of cybersecurity, focusing on vulnerability management. The conversation covers the importance of understanding assets, the role of CVE in tracking vulnerabilities, prioritization strategies, and the necessity of having a robust vulnerability management plan. Steve emphasizes the significance of compensating controls, risk management, and the need for documentation and exceptions in the face of vulnerabilities. The episode concludes with insights on engaging consultants to build effective security plans and the importance of continuous adaptation in cybersecurity practices. Steve's previous episode about Asset Management: https://www.socializingsecurity.com/e/e012-security-foundations-champions-of-asset-management More from Steve at https://www.cruxialtech.com/ Chapters 00:00 Introduction and Reintroduction 04:08 Security Fundamentals Start with Asset Management 06:10 Vulnerability Management Essentials 08:58 The Role of CVEs in Vulnerability Tracking 11:54 Prioritizing Vulnerabilities in Your Environment 19:19 Compensating Controls and Risk Management 23:23 Prioritization and Hard Decisions 28:25 Building a Vulnerability Management Plan 32:37 Business Impact and Resource Allocation 34:27 Wrapping Up and the Future of Security Essentials 35:41 Reflections