Security Operations Blog

Defense in Depth.

Technical articles on vulnerability management, threat detection, compliance automation, and building a security program that works.

Vulnerability ManagementAI

Why CVSS Is Dead: Building a Better Vulnerability Scoring Model

CVSS was designed for a world that no longer exists. Multi-layer scoring models like TRIS factor in exploit maturity, business context, and threat intelligence to deliver actionable prioritization.

Mar 10, 2026Read →
Threat Intelligence

EPSS + KEV: The Scoring Stack That Actually Predicts Exploitation

Combining EPSS probability with CISA KEV binary signals produces a prioritization model that outperforms CVSS Base Score in every measurable category.

Mar 8, 2026Read →
Compliance

SOC 2 Vulnerability Management Requirements: A Practical Guide

What SOC 2 actually requires for vulnerability management, how to automate evidence collection, and common audit findings to avoid.

Mar 5, 2026Read →
Vulnerability Management

Building a Vulnerability Management Program from Scratch

A step-by-step operational guide to standing up a VM program: asset discovery, scanning cadence, triage workflow, SLAs, and board reporting.

Mar 2, 2026Read →
AIVulnerability Management

Local-First AI for Security: Why Your Data Should Never Leave Your Network

Cloud AI introduces data sovereignty risks. Local LLMs running on commodity hardware deliver the same remediation quality without shipping your CVE data to a third party.

Feb 28, 2026Read →
Threat Intelligence

CISA KEV Deep Dive: What the Known Exploited Vulnerabilities Catalog Tells Us

Analyzing the composition, update cadence, and operational value of the CISA KEV catalog for vulnerability prioritization programs.

Feb 25, 2026Read →
Vulnerability ManagementFundamentals

MTTR Metrics That Matter: Measuring Remediation Velocity

Mean time to remediate is the metric boards care about. How to measure it accurately, set realistic SLAs, and drive continuous improvement.

Feb 22, 2026Read →
Compliance

FedRAMP Vulnerability Management: Continuous Monitoring Requirements

FedRAMP continuous monitoring demands specific scanning frequencies, remediation timelines, and POA&M reporting. A detailed breakdown.

Feb 19, 2026Read →
DevSecOps

Shift Left: Integrating SAST Into Your CI/CD Pipeline

Practical patterns for embedding static analysis into build pipelines without slowing developers down. Gate policies, false positive management, and incremental adoption.

Feb 16, 2026Read →
Threat Intelligence

NVD vs OSV vs GHSA: Comparing Vulnerability Data Sources

The National Vulnerability Database, Open Source Vulnerabilities, and GitHub Security Advisories each serve different purposes. When to use which.

Feb 12, 2026Read →
Vulnerability Management

Patch Tuesday Triage: A Repeatable Monthly Process

Every second Tuesday, Microsoft drops patches. Here is the operational playbook for triaging, testing, and deploying them within your SLA windows.

Feb 8, 2026Read →
AIDevSecOps

AI-Powered Remediation: From Vulnerability to Fix in Seconds

How local AI models generate context-aware remediation guidance -- complete with code snippets, deployment steps, and rollback procedures.

Feb 5, 2026Read →
Fundamentals

Stop Paying $40K for Vulnerability Management

The vulnerability management market charges enterprise prices for problems that can be solved with better tooling. A breakdown of where the money actually goes.

Jan 30, 2026Read →
Vulnerability ManagementThreat Intelligence

Ransomware Triage: Prioritizing CVEs That Ransomware Gangs Actually Exploit

Cross-referencing KEV, ransomware campaign data, and EPSS to build a prioritization list focused on the CVEs ransomware operators actively weaponize.

Jan 26, 2026Read →
Compliance

Compliance Mapping: ISO 27001, SOC 2, HIPAA, and NIST CSF in One View

Most organizations face multiple compliance frameworks. Cross-mapping controls reduces duplication and simplifies evidence collection.

Jan 22, 2026Read →
No posts match that filter. Try a different category.