In this presentation, Dave will walk the attendees through the challenges facing most companies around dealing with vulnerabilities in their environments. Many companies are running tools or having scans performed against their network, and are being presented with a sea of information on discovered vulnerabilities along with information on how to address them. But most tools stop there, and that’s where the trouble starts. Without some type of guidance on where to begin, it’s easy to get overwhelmed trying to decide how to prioritize. Simply using the severity rating (ie. Let’s fix all the Highs first) doesn’t cut it, as many large organizations have 100s, 1000s, or 10s of 1000s of High vulnerabilities to address. Dave will provide a number of different approaches to modelling and managing your vulnerability data with an eye towards helping you make quick decisions on how to tackle the mountain of vulnerability information, and will provide formulas and samples of ways to help effectively manage risk and reduce exposure.