Podcasts about vulnerability analysis

This week, in the Application Security News, we spend a lot of time on some recent vulnerabilities. We take this opportunity to talk about how to determine whether or not a vulnerability is worth a critical response. Can AI fully automate DevSecOps Governance? Adrian has his reservations, but JLK is bullish. Is it bad that 70% of DevSecOps professionals don't know if code is AI generated or not? All that and more on this week's news segment. Show Notes: https://securityweekly.com/asw-307

This week, in the Application Security News, we spend a lot of time on some recent vulnerabilities. We take this opportunity to talk about how to determine whether or not a vulnerability is worth a critical response. Can AI fully automate DevSecOps Governance? Adrian has his reservations, but JLK is bullish. Is it bad that 70% of DevSecOps professionals don't know if code is AI generated or not? All that and more on this week's news segment. Show Notes: https://securityweekly.com/asw-307

Event IFPRI Policy Seminar Learning Support for a Multi-Country Climate Resilience Programme for Food Security Organized by CGIAR with support from World Food Programme (WFP) and The Norwegian Agency for Development Cooperation (Norad) November 5, 2024 The Learning Support for a Sub-Saharan Africa Multi-Country Climate Resilience Program for Food Security, launched in 2023, aims to enhance food security and climate resilience across 14 African countries. This collaboration among CGIAR, the World Food Programme, and the Norwegian Agency for Development Cooperation (Norad) has three pillars: scaling disaster risk financing, transforming food systems with sustainable school meals and clean cooking, and supporting smallholder farmers. This work leverages CGIAR's extensive experience in strategic program support, impact evaluations, and knowledge product development, and integrates the CGIAR's Fragility, Conflict, and Migration (FCM) and Seed Equal initiatives. Ongoing efforts include strategic reviews, resilience assessments, and evaluations of WFP's nutritional and crisis resilience interventions. The event aims to disseminate research findings and showcase the partnership's significant contributions to food security and climate resilience. Speakers from CGIAR, WFP, and Norad will present an overview of the program and highlights of research projects and findings, followed by a panel discussion by experts from several African countries. Introduction and Opening Remarks Johan Swinnen, Director General, IFPRI; Managing Director, Systems Transformation, CGIAR Arif Husain, Chief Economist and Director of Analysis, Planning and Performance, United Nations World Food Programme (WFP) Daniel van Gilst, Senior Agriculture Adviser, The Norwegian Agency for Development Cooperation (Norad) An Overview of the CGIAR-WFP Activities Funded by Norway Daniel Gilligan, Director, Poverty, Gender, and Inclusion (PGI), IFPRI Highlights of Selected Research Projects and Findings Jessica Leight, Senior Research Fellow, IFPRI Alan de Brauw, Senior Research Fellow, IFPRI Peter Läderach, Program Leader, Co-lead CGIAR Climate Security / Principal Climate Scientist, Alliance of Bioversity and CIAT (ABC) Wolde Mekuria, Senior Researcher, International Water Management Institute (IWMI) Panel Discussion Moderated by: Sandra Ruckstuhl, Senior Researcher, International Water Management Institute (IWMI) David Kamau, Programme Officer, World Food Programme (WFP), Kenya Lynett Ochuma, Ministry of Labor and Social Protection, Kenya Christian Grassini, World Food Programme (WFP), Mozambique Serene Philip, Social Protection Specialist, World Food Programme (WFP), Somalia Adeyinka Jacob Timothy, Vulnerability Analysis and Mapping Officer, World Food Programme (WFP), Nigeria Closing Remarks Katrina Kosec, Senior Research Fellow, IFPRI Moderator Mulugeta Bayeh, Web Communications Manager, IFPRI Links: More about this Event: https://www.ifpri.org/event/learning-support-for-a-multi-country-climate-resilience-programme-for-food-security/ Subscribe IFPRI Insights newsletter and event announcements at www.ifpri.org/content/newsletter-subscription

The Internet Archive gets breached and DDoSed. Dutch police arrest the alleged proprietors of an illicit online market. Fidelity Investments confirms a data breach. Marriott settles for $52 million over a multi-year data breach. Critical updates from Mozilla, FortiNet, Palo Alto Networks, VMWare, and Apple. Mongolian Skimmer targets Magento installations. On our Industry Voices segment, we speak with Ben April, Chief Technology Officer at Maltego Technologies GMBH, about "Overcoming information overload: Challenges in social media investigations." Bankruptcy pulls back the curtain on a data brokerage firm.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we speak with Ben April, Chief Technology Officer at Maltego Technologies GMBH, about "Overcoming information overload: Challenges in social media investigations."  Selected Reading Internet Archive Breach Exposes 31 Million Users (WIRED) Dutch cops reveal takedown of 'largest dark web market'  Fidelity says data breach exposed personal data of 77,000 customers (TechCrunch) Marriott Agrees $52m Settlement for Massive Data Breach (Infosecurity Magazine) Mozilla releases patches for actively exploited Firefox bug (The Register) CISA says critical Fortinet RCE flaw now exploited in attacks (Bleeping Computer) Palo Alto Warns of Critical Flaw That Let Attackers Takeover Firewalls (Cyber Security News) VMware NSX Vulnerabilities Allow Hackers To Execute Arbitrary Commands (Cyber Security News) iTunes Local Privilege Escalation (CVE-2024-44193) Vulnerability Analysis and Exploitation (CYFIRMA)  The Mongolian Skimmer (Jscrambler) National Public Data files for bankruptcy after info leak (The Register) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

CEH Module 5: Vulnerability Analysis begins with an introduction to vulnerability assessment concepts, delving into aspects such as vulnerability scoring systems, databases, and the life cycle of vulnerability management. It further explores different strategies and tools for conducting vulnerability assessments. This knowledge is crucial for understanding attackers' tools and techniques for quality vulnerability analysis. This module ends with learning how to review vulnerability assessment reports. These reports are crucial for ethical hackers to fix the security weaknesses they have found. What is Vulnerability? Imagine your house with all its doors and windows. A vulnerability in cybersecurity is like a window left unlocked or a door that doesn't quite close right. It's a weak spot where a burglar — in this case, a hacker — could get in to steal things or cause trouble. Just like you'd fix a faulty lock to protect your home, fixing a vulnerability in a computer system helps keep digital information safe from people who aren't supposed to access it. Common reasons behind the existence of vulnerability Incorrect configurations of hardware or software. Networks and applications that are designed without adequate security measures. Fundamental weaknesses that are an intrinsic part of the technology. Negligent behavior by the users of the system. View More: Enhance Your CEH Skills with Module 5: Vulnerability Analysis

[Referências do Episódio] Microsoft and Adobe Patch Tuesday, July 2024 Security Update Review - https://blog.qualys.com/vulnerabilities-threat-research/2024/07/09/microsoft-patch-tuesday-july-2024-security-update-review  RESURRECTING INTERNET EXPLORER: THREAT ACTORS USING ZERO-DAY TRICKS IN INTERNET SHORTCUT FILE TO LURE VICTIMS (CVE-2024-38112) - https://research.checkpoint.com/2024/resurrecting-internet-explorer-threat-actors-using-zero-day-tricks-in-internet-shortcut-file-to-lure-victims-cve-2024-38112/  CVE-2024-37985 - FetchBench: Systematic Identification and Characterization of Proprietary Prefetchers - https://publications.cispa.saarland/3991/1/ccs23-fetchbench.pdf CVE-2024-38021: Moniker RCE Vulnerability Uncovered in Microsoft Outlook - https://blog.morphisec.com/cve-2024-38021-microsoft-outlook-moniker-rce-vulnerability Blast-RADIUS - https://www.blastradius.fail/  Patch or Peril: A Veeam vulnerability incident - https://www.group-ib.com/blog/estate-ransomware/ PHP CGI Argument Injection (CVE-2024-4577)- Vulnerability Analysis and Exploitation - https://www.cyfirma.com/research/php-cgi-argument-injection-cve-2024-4577-vulnerability-analysis-and-exploitation/ The Mechanics of ViperSoftX: Exploiting AutoIt and CLR for Stealthy PowerShell Execution - https://www.trellix.com/blogs/research/the-mechanics-of-vipersofts-exploiting-autoit-and-clr-for-stealthy-powershell-execution/  Justice Department Leads Efforts Among Federal, International, and Private Sector Partners to Disrupt Covert Russian Government-Operated Social Media Bot Farm - https://www.justice.gov/opa/pr/justice-department-leads-efforts-among-federal-international-and-private-sector-partners  People's Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action - https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-190a  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

In an era where digital adoption is not just a trend but a necessity, the cybersecurity landscape has become increasingly complex and severe. As we increasingly depend on technology, malicious actors are seeking more ways to exploit vulnerabilities in computer systems, networks, and softwares. This puts organizations, governments, and individuals at constant risk of cyber-attacks that can lead to data breaches, financial losses, and reputational damage. One critical aspect of fortifying our digital defenses is to conduct vulnerability analysis, which identifies weaknesses and potential entry points in an organization's information systems, networks, applications, and infrastructure. Introduction to Vulnerability Analysis Vulnerability analysis, or vulnerability assessment, is a crucial aspect of cyber security. It is a systematic and proactive approach used to detect and resolve vulnerabilities, flaws, or gaps that malicious individuals could exploit to compromise information assets' confidentiality, integrity, or availability. It involves a comprehensive assessment of software, hardware, and network components to pinpoint potential entry points and security vulnerabilities and gaps that attackers could exploit. View More: What is Vulnerability Analysis?

On the latest episode of the Security Sprint, Dave and Andy talked about the following topics. Warm Start Information Sharing: A Valuable Tool in Preventing Cyber Attacks CISA: Prepared Together – Cyber Storm IX Recap   Main Topics   Physical Threats & Violence Gate 15 White Paper: The Hostile Event Attack Cycle (HEAC), 2021 Update New Jersey Marine arrested after allegedly making threats to kill White people, 'began planning' mass shooting DOJ: Maryland Woman Pleads Guilty to Conspiring to Destroy the Baltimore Region Power Grid   U.S. Department of State: Worldwide Caution, 17 May. Due to the potential for terrorist attacks, demonstrations, or violent actions against U.S. citizens and interests, the Department of State advises U.S. citizens overseas to exercise increased caution.    Elections, Info Ops, Resources:  Misinformation perceived as a bigger informational threat than negativity: A cross-country survey on challenges of the news environment Sekoia: Master of Puppets: Uncovering the DoppelGänger pro-Russian influence campaign Canadian Centre for Cyber Security How to identify misinformation, disinformation, and malinformation (ITSAP.00.300). Opening Statement by CISA Director Jen Easterly at the Update on Foreign Threats to the 2024 Elections Hearing US intelligence spotted Chinese, Iranian deepfakes in 2020 aimed at influencing US voters Contagious Disruption: How CCP Influence and Radical Ideologies Threaten Critical Infrastructure and Campuses Across the United States Russian Connections to Israel-Gaza Protests   Democratic People's Republic of Korea Leverages U.S.-Based Individuals to Defraud U.S. Businesses and Generate Revenue.  Charges and Seizures Brought in Fraud Scheme, Aimed at Denying Revenue for Workers Associated with North Korea Justice Department Announces Arrest, Premises Search, and Seizures of Multiple Website Domains to Disrupt Illicit Revenue Generation Efforts of Democratic People's Republic of Korea   Quick Hits UK NCSC: Business email compromise: new guidance to protect your organisation Canadian Centre for Cyber Security Rethink your password habits to protect your accounts from hackers (ITSAP.30.036) CISA: Encrypted DNS Implementation Guidance Software Transparency in SaaS Environments TLP:CLEAR | FB-ISAO Newsletter.  Reliaquest: New Black Basta Social Engineering Scheme Microsoft: Threat actors misusing Quick Assist in social engineering attacks leading to ransomware Stairwell threat report: Black Basta overview and detection rules Iran Declares Mourning Period As President, Foreign Minister Killed In Helicopter Crash Israel insists 'it wasn't us' after 'Butcher of Tehran' Iranian president is killed in mysterious helicopter crash a month after ordering missile attack on the Jewish state while Islamic regime supports Hamas in Gaza war ICC prosecutor seeks arrest warrants against Netanyahu, Hamas leaders. Senators unveil plan to regulate AI, as companies race ahead Men accused of plot to attack Jews with machine guns in north-west England DHS Announces Creation of the Homeland Intelligence Advisory Board.  U.S. Attorney's Office and Law Enforcement Partners Take Action Against Money Mules in Order to Disrupt Transnational Fraud Schemes and Educate Public. Two Foreign Nationals Arrested for Laundering At Least $73M Through Shell Companies Tied to Cryptocurrency Investment Scams Feds nab alleged money launderers for pig butchering scheme Senator Vance issues warning on China-backed Volt Typhoon threat to US critical infrastructure BreachForums seized by FBI for 2nd time 6K-plus AI models may be affected by critical RCE vulnerability Tinyproxy (CVE-2023-49606) – Vulnerability Analysis and Exploitation British engineering giant Arup revealed as $25 million deepfake scam victim  

A successful cybersecurity approach is essential in an era where companies are moving their most critical services into the cyber world. Because there are many vulnerabilities in the cyber world today via which hackers might carry out attacks on companies. Therefore, companies should conduct a vulnerability analysis to identify and resolve the vulnerabilities before the hackers attack. It should be performed on a frequent basis because IT environments are rapidly evolving, and new threats are regularly emerging. What is Vulnerability Analysis? Vulnerability analysis, often referred to as vulnerability assessment, is a systematic process for identifying, categorizing, and prioritizing potential and existing security vulnerabilities in an organization's IT systems, network infrastructure, database, servers, and web applications. It also helps to remediate or mitigate the identified vulnerabilities or loopholes. View More: Top Vulnerability Analysis Tools

While the memory safety and security features of the Rust programming language can be effective in many situations, Rust's compiler is very particular on what constitutes good software design practices. Whenever design assumptions disagree with real-world data and assumptions, there is the possibility of security vulnerabilities–and malicious software that can take advantage of those vulnerabilities. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), David Svoboda and Garret Wassermann, researchers with the SEI's CERT Division, explore tools for understanding vulnerabilities in Rust whether the original source code is available or not. These tools are important for understanding malicious software where source code is often unavailable, as well as commenting on possible directions in which tools and automated code analysis can improve.

Monday, 8 November 2021, 6 – 7:30pm A public online lecture on 'Resistance and Responsibility: A Vulnerability Analysis, by Professor Martha Albertson Fineman (Emory University), organised by the Trinity's Centre for Resistance Studies in partnership with the Trinity Long Room Hub. Martha Albertson Fineman Martha Albertson Fineman is a Robert W. Woodruff Professor. An internationally recognized law and society scholar, Fineman is a leading authority on critical legal theory and feminist jurisprudence. Following graduation from University of Chicago Law School in 1975, she clerked for the Honorable Luther M. Swygert of the US Court of Appeals for the Seventh Circuit. Fineman began her teaching career at the University of Wisconsin in 1976. In 1990, she moved to Columbia University where she was Maurice T. Moore Professor. Before coming to Emory, she was on the Cornell Law School faculty where she held the Dorothea Clarke Professorship, the first endowed chair in feminist jurisprudence in the nation. Fineman continues to expand the boundaries of feminist jurisprudence, leading the way towards a new legal framework based on vulnerability theory. Fineman has received numerous awards for her writing and teaching, including the prestigious Harry J. Kalven Jr. Prize for her work in the Law and Society tradition. She is the 2017 recipient of the Ruth Bader Ginsburg Lifetime Achievement Award and in 2018 was awarded the Miriam M. Netter ‘72 Stoneman Award and gave the Kate Stoneman Day annual lecture at SUNY Albany. She currently teaches courses and seminars on family law, critical legal theory, and feminist jurisprudence. For more information on her scholarship, visit ssrn.com… About the Trinity's Centre for Resistance Studies The Centre for Resistance Studies fosters interdisciplinary research in Trinity College Dublin in relation to the various types and forms of resistance and its cognate notions, including opposition, dissent, resilience, protest, and non-conformism. https://www.tcd.ie/resistance/about/

Roger Khoury is an expert in Market Forecasting and has developed an innovation he calls "Market Vulnerability Analysis" which enables market participants to achieve consistent and sustainable performance results.

"What is artificial intelligence? How will the automation of the decision-making process impact individuals and communities who have historically experienced disadvantage and marginalisation? Why does the use of artificial intelligence decision-making processes result in what Eugenia Eubanks refers to as the automation of inequality? When is the use of artificial intelligence technology valuable? This podcast examines these questions from the vantage point of Martha Fineman’s vulnerability theory."

It is that jolly time of the year: The Edgescan vulnerability stats report has arrived! After six annual editions, it has become an industry pillar representing the global state of cybersecurity vulnerability management.It is not for nothing that this large dataset is also part of other annual security analysis reports, such as the OWASP Top 10 and Verizon Data Breach Investigations Report (DBIR).So, what's in it? A bunch of numbers, and they all mean something. They will help you and your organization improve the effectiveness of your vulnerability management program and, in turn, your risk profile.  But do not take our word for it. We spoke directly with the founder of the report and the company behind it, Edgescan's CEO, Eoin Keary.To get to this year's findings, the team took a deeper look at vulnerability metrics from a known vulnerability (CVE), Malware, Ransomware, and visibility standpoint (exposed services), coupling both internal and public Internet-facing systems. The results directly impact mean time to detection (MTTD) and mean time to repair (MTTR) rates, which are also analyzed in this year's report.Get an audio preview before getting a deeper look at the report. It will be helpful reading for any size and maturity level organization that can then use this data to help them reduce their exposure, improve response times, and overall improve their security posture.Join us for another fantastic conversation with Eoin.Note: This story contains promotional content. Learn more.GuestsEoin Keary, CEO and Founder of Edgescan (@EoinKeary on Twitter)ResourcesLearn more about Edgescan and their offering: https://itspm.ag/itspegwebDownload a copy of the 2021 Vulnerability Statistics Report here: https://itspm.ag/edgescan-0c8a0Are you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Sextortion to the Next Level https://isc.sans.edu/forums/diary/Sextortion+to+The+Next+Level/26244/ TMobile Outage Due to Configuration Error https://www.scmagazine.com/home/security-news/outages-draw-speculation-of-ddos-attack-on-u-s-but-reality-likely-more-boring/ Vulnerability Analysis of 2500 Docker Hub Images https://arxiv.org/pdf/2006.02932.pdf Track IP Stack Contains Multiple Vulnerabilities https://www.kb.cert.org/vuls/id/257161

Sextortion to the Next Level https://isc.sans.edu/forums/diary/Sextortion+to+The+Next+Level/26244/ TMobile Outage Due to Configuration Error https://www.scmagazine.com/home/security-news/outages-draw-speculation-of-ddos-attack-on-u-s-but-reality-likely-more-boring/ Vulnerability Analysis of 2500 Docker Hub Images https://arxiv.org/pdf/2006.02932.pdf Track IP Stack Contains Multiple Vulnerabilities https://www.kb.cert.org/vuls/id/257161

Brian Fox and Shannon Lietz talk about the recent announcement of the struts 2 vulnerability: What is it, how can it affect you, what you can do about it. You can view this broadcast as video on YouTube: https://www.youtube.com/watch?v=EzRKOudJPtQ

When violence or natural disaster strikes vulnerable communities, good data on the hunger that often results can be hard to come by. For aid workers, knowing where food is scarce and how families are coping is crucial to alleviate suffering. M.J. talks to Jean-Martin Bauer, founder of the World Food Programme’s mobile Vulnerability Analysis and Mapping (mVAM) unit, about how mobile phones in the most remote and dangerous corners of our world are changing how we understand and fight hunger.

The Information Assurance Directorate (IAD) within the National Security Agency (NSA) is charged in part with providing security guidance to the national security community. Within the IAD, the Vulnerability Analysis and Operations (VAO) Group identifies and analyzes vulnerabilities found in the technology, information, and operations of the Department of Defense (DoD) and our other federal customers. This presentation will highlight some of the ways that the VAO Group is translating vulnerability knowledge in cooperation with many partners, into countermeasures and solutions that scale across the entire community. This includes the development and release of security guidance through the NSA public website (www.nsa.gov) and sponsorship of a number of community events like the Cyber Defense Initiative and the Red Blue Symposium. It also includes support for, or development of, open standards for vulnerability information (like CVE, the standard naming scheme for vulnerabilities); the creation of the extensible Configuration Checklist Description Format (XCCDF) to automate the implementation and measurement of security guidance; and joint sponsorship, with the National Institute of Standards and Technology (NIST) and the Defense Information Systems Agency (DISA), of the Information Security Automation Program (ISAP), to help security professionals automate security compliance and manage vulnerabilities. The presentation will also discuss the cultural shift we have been making to treat network security as a community problem, one that requires large -scale openness and cooperation with security stakeholders at all points in the security supply chainoperators, suppliers, buyers, authorities and practitioners. Tony Sager is the Chief of the Vulnerability Analysis and Operations (VAO) Group, part of the Information Assurance Directorate at the National Security Agency. The mission of the VAO organization is to identify, characterize, and put into operational context vulnerabilities found in the technology, information, and operations of the DoD and the national security community and to help the community identify countermeasures and solutions. This group is known for its work developing and releasing security configuration guides to provide customers with the best options for securing widely used products. The VAO Group also helps to shape the development of security standards for vulnerability naming and identification, such as the Open Vulnerability and Assessment Language (OVAL), partnering with National Institute for Standards and technology (NIST) on the Information Security Automation Program (ISAP), developing the eXtensible configuration checklist description format (XCCDF), and for hosting the annual Cyber Defense Exercise and the Red Blue Symposium. Mr. Sager is active in the public network security community, as a member of the CVE (Common Vulnerabilities and Exposures) Senior Advisory Council and the Strategic Advisory Council for The Center for Internet Security. He is in his 29th year with the National Security Agency, all of which he has spent in the computer and network security field.

The Information Assurance Directorate (IAD) within the National Security Agency (NSA) is charged in part with providing security guidance to the national security community. Within the IAD, the Vulnerability Analysis and Operations (VAO) Group identifies and analyzes vulnerabilities found in the technology, information, and operations of the Department of Defense (DoD) and our other federal customers. This presentation will highlight some of the ways that the VAO Group is translating vulnerability knowledge in cooperation with many partners, into countermeasures and solutions that scale across the entire community. This includes the development and release of security guidance through the NSA public website (www.nsa.gov) and sponsorship of a number of community events like the Cyber Defense Initiative and the Red Blue Symposium. It also includes support for, or development of, open standards for vulnerability information (like CVE, the standard naming scheme for vulnerabilities); the creation of the extensible Configuration Checklist Description Format (XCCDF) to automate the implementation and measurement of security guidance; and joint sponsorship, with the National Institute of Standards and Technology (NIST) and the Defense Information Systems Agency (DISA), of the Information Security Automation Program (ISAP), to help security professionals automate security compliance and manage vulnerabilities. The presentation will also discuss the cultural shift we have been making to treat network security as a community problem, one that requires large -scale openness and cooperation with security stakeholders at all points in the security supply chainoperators, suppliers, buyers, authorities and practitioners. Tony Sager is the Chief of the Vulnerability Analysis and Operations (VAO) Group, part of the Information Assurance Directorate at the National Security Agency. The mission of the VAO organization is to identify, characterize, and put into operational context vulnerabilities found in the technology, information, and operations of the DoD and the national security community and to help the community identify countermeasures and solutions. This group is known for its work developing and releasing security configuration guides to provide customers with the best options for securing widely used products. The VAO Group also helps to shape the development of security standards for vulnerability naming and identification, such as the Open Vulnerability and Assessment Language (OVAL), partnering with National Institute for Standards and technology (NIST) on the Information Security Automation Program (ISAP), developing the eXtensible configuration checklist description format (XCCDF), and for hosting the annual Cyber Defense Exercise and the Red Blue Symposium. Mr. Sager is active in the public network security community, as a member of the CVE (Common Vulnerabilities and Exposures) Senior Advisory Council and the Strategic Advisory Council for The Center for Internet Security. He is in his 29th year with the National Security Agency, all of which he has spent in the computer and network security field.