CypherCon 2024

Scanners and Vulns and Triage, Oh My!

Kimber Dowsett (@mzbat)

Abstract:

Whether you’ve inherited your organization’s scanner choice(s) or have been tasked with choosing a suite of products to flag all of those pesky CVEs in real-time, hard days are ahead of you. Why do different scanners catch different CVEs? What do SBOM generators have to do with variable scan results? Is that critical vulnerability really YOUR critical vulnerability? Why does your team get dinged for 3rd party library vulnerabilities and what can you do about it? Why is CVE triage so hard? I don’t have all the answers, but I’ve had a pretty long journey and I’ve learned a few things along the way. Let’s unpack the yellow bricks necessary for building the road to vulnerability management together.

Kimber Dowsett (@mzbat)

Cybersecurity consultant, cat-lover

Kimber is a Senior Security Architect, having experienced success in both the public and private sectors for nearly two decades. Most recently, Kimber was the Security Engineering Lead on VMware’s Tanzu Application Platform team. Kimber is the former Director of Client Product Security at Krebs Stamos Group and former Director of Security Engineering at Truss. Prior to joining Truss, she served as a Security Architect and Director of Infrastructure at 18F. She also served 6 years as a Sr. Mission Information Specialist at NASA, securing instrument and ground systems at Goddard Space Flight Center. Kimber is passionate about privacy, encryption, and building user-driven technology for the public.
In her spare time, Kimber developed the framework for the Mock Interview and Resume Review (MIRR) Workshop, a project that partners mentors with mentees from underrepresented communities who are un/underemployed in tech and seeking opportunities for professional development. Kimber also has a passion for election integrity and security and has spoken on the topic at several events including security conferences, Secretary of State events, and closed door Senate Committee discussions. She also enjoys designing artwork for PCB-based electronic projects and is an avid admirer of Chiroptera, comic books, and video games.