Automated Continuous Assessments are the only way forward if we want to keep pace. Point in time assessments can’t provide the necessary assurance and significantly delay mission access to leading tech. It’s the same issue in Commercial and Jeff Buss makes a great point.
Love the DoD's initiative to move to a more automated continuous assessment of Cyber/IT terrain. Well done Joint Force Headquarters - Department of Defense Information Network (JFHQ-DODIN)! Tools like Drata and Microsoft Purview Compliance Manager are making this possible in the commercial sector as well. https://lnkd.in/ebZbeywR
Glad more are seeing this! Being exposed the other 50 weeks out of the year hasn’t worked.
Vulnerability scanning: the new hotness? 🤔
Thaddeus Dziekanowski - CDM been the dream of DHS and CSA for years.
CEO @ Horizon3.ai
2moFor every “Patch Tuesday” there should be a “Pentest Wednesday”…. Or even better, the network should be assessed after every major change, onboarding of new employee cohorts, and any patches/updates applied… with reporting of how things have changed over time