PinnedWelcome to The VM Playbook – Practical Vulnerability ManagementTL;DR The VM Playbook is a resource for anyone who manages vulnerabilities — from CISOs to IT ops leads. It focuses on real-world best practices, not technical deep-dives. If you've ever struggled with patch SLAs, asset ownership, or reporting that m...Jun 25, 2025·2 min read
Not All Low CVSS Scores Are Low RiskUnderstanding Why CVE-2016-3351 is on CISA's KEV List with a Low CVSS ScoreJun 28, 2025·2 min read
How to Use the CISA KEV List to Prioritize Exploited VulnerabilitiesCISA KEV: Your Free Threat Feed (That Too Few People Use Properly) This post is part of the “Briefings” series — fast, focused takes on topics that matter in vulnerability management. The CISA Known Exploited Vulnerabilities (KEV) list is one of the...Jun 27, 2025·2 min read
Why Patch Tuesday Still Matters in Vulnerability ManagementWhy Patch Tuesday Still Matters (Even If You Automate Everything) This post is part of the “Briefings” series — fast, focused takes on topics that matter in vulnerability management. Microsoft’s Patch Tuesday is a relic of early 2000s enterprise IT ...Jun 27, 2025·2 min read
Top Free Tools to Support Vulnerability ManagementOpen-source and no-cost tools that help across discovery, scanning, and prioritizationJun 27, 2025·2 min read
How to Build an Effective Vulnerability Management Process – Complete Series SummaryA practical field guide to what actually works – from discovery to continuous improvementJun 27, 2025·2 min read
How to Build an Effective Vulnerability Management Process – Part 6: Continuous ImprovementHow to keep your VM program relevant, responsive, and resilientJun 27, 2025·3 min read
