In this episode of THREATCON1, hosts Tom Bain and Patrick Garrity sit down with Nathan Rollings, Field CISO at Zafran, and Yonatan Keller, Analyst Team Lead at Zafran, for a deep, practitioner-focused conversation on the realities of modern vulnerability management.
Together, they explore why patching alone can’t keep up with today’s threat landscape — and how security teams can dramatically reduce risk by prioritizing what actually matters.
🔍 Key Topics Covered
Why patching is too slow
The average enterprise takes ~49 days to patch — while attackers weaponize vulnerabilities in days (or minutes).
Mitigating controls vs. patching
How firewalls, EDRs, WAFs, segmentation, and configuration changes can meaningfully reduce exploitability — even when patching isn’t possible.
The “1 in 50,000” insight
Why only a tiny fraction of vulnerabilities are truly critical when you factor in runtime, reachability, exploitability, and existing controls.
Zero-days without CVEs
How agentic workflows can assess exposure, identify impacted assets, and recommend mitigations before scanners, signatures, or CVE IDs exist.
CTEM as a maturity journey
Moving from noisy vulnerability lists to operationalized, risk-driven exposure management — without creating shelfware.
Threat enablement is the real danger
Why loosely organized groups and even teenagers are now capable of causing enterprise-level disruption.
Edge devices, legacy software, and OT risk
Why internet-facing systems and unpatchable environments (manufacturing, healthcare, critical infrastructure) demand a mitigation-first mindset.
AI vulnerabilities: the next frontier
No CVEs, no standards, rapid adoption — and a growing attack surface most organizations aren’t tracking yet.
AI as a force multiplier for defenders
How agentic AI can shorten exposure windows, automate analysis, and upskill under-resourced security teams.
🎯 Why This Episode Matters
If you’re overwhelmed by vulnerability volume, constrained by patching windows, or struggling to align security priorities with business reality, this episode offers a grounded, experience-driven perspective on how modern teams are adapting — and where the industry is heading next.
THREATCON1 is created by VulnCheck and focuses on emerging threats, real-world security operations, and conversations with practitioners shaping the future of cybersecurity.
🔔 Subscribe for more episodes exploring vulnerabilities, threat intelligence, and exposure management with the people who matter most.
Popular Podcasts
Two Guys, Five Rings: Matt, Bowen & The Olympics
Two Guys (Bowen Yang and Matt Rogers). Five Rings (you know, from the Olympics logo). One essential podcast for the 2026 Milan-Cortina Winter Olympics. Bowen Yang (SNL, Wicked) and Matt Rogers (Palm Royale, No Good Deed) of Las Culturistas are back for a second season of Two Guys, Five Rings, a collaboration with NBC Sports and iHeartRadio. In this 15-episode event, Bowen and Matt discuss the top storylines, obsess over Italian culture, and find out what really goes on in the Olympic Village.
iHeartOlympics: The Latest
Listen to the latest news from the 2026 Winter Olympics.
Milan Cortina Winter Olympics
The 2026 Winter Olympics in Milan Cortina are here and have everyone talking. iHeartPodcasts is buzzing with content in honor of the XXV Winter Olympics We’re bringing you episodes from a variety of iHeartPodcast shows to help you keep up with the action. Follow Milan Cortina Winter Olympics so you don’t miss any coverage of the 2026 Winter Olympics, and if you like what you hear, be sure to follow each Podcast in the feed for more great content from iHeartPodcasts.