In this episode, Brad Hibbert (COO & Chief Strategy Officer at Brinqa) joins Ashish to explain why traditional risk-based vulnerability management (RBVM) is no longer enough in a cloud-first world .
We explore the evolution from simple patch management to Exposure Management a holistic approach that sits above your security tools to connect infrastructure, code, and cloud risks to actual business impact . Brad breaks down the critical difference between a "Risk Owner" (the service owner) and a "Remediation Owner" (the team fixing the bug) and why this distinction solves the "who fixes this?" problem .
This conversation covers practical steps to uplift your VM program, how AI is helping prioritize the noise , and why compliance often just "proves activity" rather than reducing real risk . Whether you're drowning in Jira tickets or trying to automate remediation, this episode provides a roadmap for modernizing your security posture
Guest Socials - Brad's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
If you are interested in AI Security
, you can check out our sister podcast - AI Security Podcast
Questions asked:
(00:00) Introduction(02:50) Who is Brad Hibbert? (Brinqa)(04:55) The Evolution: From Scanning Servers to Cloud Complexity (06:50) What is Risk-Based Vulnerability Management? (08:50) Risk Owners vs. Remediation Owners: Who Fixes What? (12:00) How AI is Changing Vulnerability Management (15:20) Defining Exposure Management: Moving Beyond the Tools (18:30) The Challenge of "Data Inconsistency" Between Tools (22:30) Readiness Check: Are You Ready for Exposure Management? (25:10) Automated Remediation: Is "Zero Tickets" Possible? (28:40) Compliance vs. Risk: Why "Activity" isn't "Impact" (31:30) Maturity Milestones for Exposure Management (36:50) Fun Questions: Golf, Turkish Kebabs & Friendships
