Sign up to save your podcasts
Or
Share To CVE or Not to CVE?
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
To CVE or Not to CVE?
In this episode, we explore how often OT teams really need to refresh asset-inventory data and what MITRE's near-miss funding lapse for the CVE program means for vulnerability management.
Join host Ken Kully, Systems Support Lead at Verve Industrial, and his guests Natalie Kalinowski (OT Security Specialist), Lance Lamont (Team Lead, Special Projects & Protocols), Andrew Wintermeyer (Senior ICS Architect), and Tyler Bergman (Principal Security Consultant) as they discuss scan cadences, change-detection value, and building redundancy into threat-intel pipelines.
Key Takeaways
- Context drives cadence. Fan speed may need minute-level polling, firmware often does not.
- Redundancy is resilience. Blend NVD, CISA, MITRE, and vendor advisories to survive feed outages.
- CVE is a language, not the cure. Losing it wouldn't add vulnerabilities, but it would cripple prioritization.
- Change detection turns inventory data into real-time alerts for unauthorized config tweaks.
Timestamps
00:00 – Introduction and sound check
03:30 – Why "asset-data freshness" landed on today's agenda
04:10 – MITRE CVE funding scare: what happened and why it matters
10:50 – OT vs. IT views on vulnerability backlog and enrichment
18:00 – Mapping scan frequency to business need
24:40 – Change management and configuration-drift detection
33:00 – Diversifying data sources beyond NVD
38:50 – The proposed "CVE Foundation" for long-term stability
42:40 – Building redundancy into threat-intel pipelines
44:50 – Listener poll results: hard-rock "Legacy Code" wins
46:15 – Sign-off and credits
Listener Q&A
We're happy to announce that the hard rock version of Legacy Code on the Conveyor Belt was far-and-away the fan favorite! Download it now!
Guest Information
- Natalie Kalinowski: OT Security Specialist at Verve Industrial; leads proof-of-value engagements and vulnerability mapping.
- Lance Lamont: VP, Solutions Engineering at Verve Industrial; directs driver development and asset-inventory strategy.
- Andrew Wintermeyer: Senior ICS Architect at Verve Industrial; designs secure network architecture for critical infrastructure.
- Tyler Bergman: Principal Security Consultant at Verve Industrial; focuses on risk prioritization and framework alignment.
Subscribe
Follow and Subscribe
Get in Touch
LinkedIn | YouTube | Twitter/X | Contact Verve I Listener Q&A
View all episodes
By Rockwell AutomationIn this episode, we explore how often OT teams really need to refresh asset-inventory data and what MITRE's near-miss funding lapse for the CVE program means for vulnerability management.
Join host Ken Kully, Systems Support Lead at Verve Industrial, and his guests Natalie Kalinowski (OT Security Specialist), Lance Lamont (Team Lead, Special Projects & Protocols), Andrew Wintermeyer (Senior ICS Architect), and Tyler Bergman (Principal Security Consultant) as they discuss scan cadences, change-detection value, and building redundancy into threat-intel pipelines.
Key Takeaways
- Context drives cadence. Fan speed may need minute-level polling, firmware often does not.
- Redundancy is resilience. Blend NVD, CISA, MITRE, and vendor advisories to survive feed outages.
- CVE is a language, not the cure. Losing it wouldn't add vulnerabilities, but it would cripple prioritization.
- Change detection turns inventory data into real-time alerts for unauthorized config tweaks.
Timestamps
00:00 – Introduction and sound check
03:30 – Why "asset-data freshness" landed on today's agenda
04:10 – MITRE CVE funding scare: what happened and why it matters
10:50 – OT vs. IT views on vulnerability backlog and enrichment
18:00 – Mapping scan frequency to business need
24:40 – Change management and configuration-drift detection
33:00 – Diversifying data sources beyond NVD
38:50 – The proposed "CVE Foundation" for long-term stability
42:40 – Building redundancy into threat-intel pipelines
44:50 – Listener poll results: hard-rock "Legacy Code" wins
46:15 – Sign-off and credits
Listener Q&A
We're happy to announce that the hard rock version of Legacy Code on the Conveyor Belt was far-and-away the fan favorite! Download it now!
Guest Information
- Natalie Kalinowski: OT Security Specialist at Verve Industrial; leads proof-of-value engagements and vulnerability mapping.
- Lance Lamont: VP, Solutions Engineering at Verve Industrial; directs driver development and asset-inventory strategy.
- Andrew Wintermeyer: Senior ICS Architect at Verve Industrial; designs secure network architecture for critical infrastructure.
- Tyler Bergman: Principal Security Consultant at Verve Industrial; focuses on risk prioritization and framework alignment.
Subscribe
Follow and Subscribe
Get in Touch
LinkedIn | YouTube | Twitter/X | Contact Verve I Listener Q&A