Access Management , Critical Infrastructure Security , Geo Focus: Asia

Vulnerability Management Program for Early Threat Detection

John Sandiford, Security Architect at Verizon, on the Essential Steps
John Sandiford, principal security architect, Verizon

Building an effective vulnerability management program requires assessing your inventory to identify the critical, vulnerable, external- and internal-facing applications and applying internal controls to secure them, says John Sandiford, principal security architect at Verizon.

He says understanding risks and prioritizing them to provide the right access to users is a good way to reduce exposure.

See Also: Rapid Digitization and Risk: A Roundtable Preview

In an interview with Information Security Media Group, previewing an upcoming virtual roundtable discussion, Sandiford discusses:

  • Identifying software vulnerabilities and developing a strategy to control them;
  • The relevance of the "security by design" concept;
  • Getting the basics right.

Sandiford has extensive experience in network security and specialized skills in exploit development, security tools and techniques, network and application testing, design and implementations for enterprises and governments. He has been a technical lead for many engagements, such as security audits of Verizon Security Operations Centers and other security works, including conducting security reviews and testing of a large multinational enterprise, implementing PCI compliance solutions for corporations and managing a global SOC team providing managed security services to large corporations and governments worldwide.


About the Author

Geetha Nandikotkur

Geetha Nandikotkur

Managing Editor & Conference Chair, Asia and Middle East, ISMG

Nandikotkur is an award-winning journalist with over 20 years of experience in newspapers, audiovisual media, magazines and research. She has an understanding of technology and business journalism and has moderated several roundtables and conferences, in addition to leading mentoring programs for the IT community. Prior to joining ISMG, Nandikotkur worked for 9.9 Media as a group editor for CIO & Leader, IT Next and CSO Forum.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.