To CVE or Not to CVE | OT After Hours, An OT Security Podcast

Подробнее о видео

In this episode, we explore how often OT teams really need to refresh asset-inventory data and what MITRE’s near-miss funding lapse for the CVE program means for vulnerability management.

Join host Ken Kully, Cyber Tech Lead at Verve Industrial, and his guests Natalie Kalinowski (OT Security Specialist), Lance Lamont (VP, Solutions Engineering), Andrew Wintermeyer (Senior ICS Architect), and Tyler Bergman (Principal Security Consultant) as they discuss scan cadences, change-detection value, and building redundancy into threat-intel pipelines.

Key Takeaways:

Context drives cadence. Fan speed may need minute-level polling, firmware often does not.

Redundancy is resilience. Blend NVD, CISA, MITRE, and vendor advisories to survive feed outages.

CVE is a language, not the cure. Losing it wouldn’t add vulnerabilities, but it would cripple prioritization.

Change detection turns inventory data into real-time alerts for unauthorized config tweaks.

Timestamps:


00:00 – Introduction and sound check
03:30 – Why “asset-data freshness” landed on today’s agenda
04:10 – MITRE CVE funding scare: what happened and why it matters
10:50 – OT vs. IT views on vulnerability backlog and enrichment
18:00 – Mapping scan frequency to business need
24:40 – Change management and configuration-drift detection
33:00 – Diversifying data sources beyond NVD
38:50 – The proposed “CVE Foundation” for long-term stability
42:40 – Building redundancy into threat-intel pipelines
44:50 – Listener poll results: hard-rock “Legacy Code” wins
46:15 – Sign-off and credits

Guest Information:

Natalie Kalinowski: OT Security Specialist at Verve Industrial; leads proof-of-value engagements and vulnerability mapping.

Lance Lamont: VP, Solutions Engineering at Verve Industrial; directs driver development and asset-inventory strategy.

Andrew Wintermeyer: Senior ICS Architect at Verve Industrial; designs secure network architecture for critical infrastructure.

Tyler Bergman: Principal Security Consultant at Verve Industrial; focuses on risk prioritization and framework alignment.

Subscribe

Follow OT After Hours on Apple Podcasts, Spotify, YouTube, or your favorite app for monthly deep dives into industrial cybersecurity.