#112 - Attack Surface Management (with Richard Ford)

How do you defend against automated attacks in an era of ChatGPT-formulated malware, coordinated nation-state actors, and a host of disgruntled laid-off security professionals? Want to find your vulnerabilities faster than the bad actors do? Come listen to Richard Ford to learn how to apply best practices in attack surface management and defend your crown jewels. Special thanks to our sponsor Praetorian for supporting this episode. Full Transcripts - https://docs.google.com/document/d/18QyrN-7V91nxOyRQ0KsNeJU0-k-bTlqj Chapters: 00:00 Introduction 04:22 The Impact of Continuous Attack Surface Mapping on Security Responses 07:48 What's the Difference between a CTO and a CIO? 10:24 What attracted you to the problem space? 12:53 Is the Attack Surface really exposed? 16:12 Shadow IT - The Unknown Unknowns that could Bite You 19:56 Is there a Shadow IT problem? 23:24 How to get management on board with Shadow IT? 26:38 Building an Attack Surface Management Program 29:57 You Get What You Measure, Right? 33:27 Do I Have Vulnerable Assets? 39:24 Attack Surface Management