runZero

Cyber professionals, I need your help (See the image for how much thought I am giving to this question). What should I ask ✓ HD Moore? 👀 Next week, I’m sitting down with HD Moore, yes, the creator of The Metasploit Project and now CEO at runZero, for a no-nonsense conversation about what’s gone seriously wrong with vulnerability management. We’ll be digging into why so many orgs are still relying on outdated, blind-spot-riddled tooling, and how we can flip the script and actually reduce risk (instead of just generating reports no one reads 🙃). At Secon, we’re big believers in keeping it practical and human. So this isn’t just another webinar. It’s a chance to hit reset on how we think about exposure and learn from one of the sharpest minds in the field. Now over to you… What would YOU ask HD? Drop your questions below, I’d love to bring your voice into the conversation. Don't forget to sign up to webinar happening on Wednesday 28th at 15:00 to see if I ask your question: https://lnkd.in/etXAUy_q #CyberSecurity #VulnerabilityManagement #ExposureManagement

🔴 We’re going live at 1pm ET today! Join vulnerability expert Jay Jacobs, along with Tod Beardsley and Rob King for a special episode of runZero Hour. We’re debating all things CVSS, EPSS, and SSVC. Get expert opinions on where these scoring systems excel, where they falter, and how to use those insights for more strategic triage. 📺 Stream it on YouTube: https://lnkd.in/eh2Kekci 🎥 Register to watch via Zoom: https://lnkd.in/e7d_2CGG

🎙️ We have an awesome runZero Hour teed up for you this week! Tune in LIVE as we welcome special guest Jay Jacobs on Wednesday, May 21st @ 1PM ET. Jay joins Tod Beardsley and Rob King to debate the findings in our new research report: Divining Risk: Deciphering Signals From Vulnerability Scores. They'll be unpacking what CVSS, EPSS, and SSVC really measure, what they get right, where they fall short, and how defenders can turn that insight into smarter prioritization. If you're looking for a spicy debate on vulnerability scoring methodologies, this session is right up your alley! 📺 Register for the webcast: https://lnkd.in/eseNuWxz  📘 Read the report: https://lnkd.in/eU5XpHWC

If you’ve ever assumed your scanners had it covered, this is your moment to pause. Join us at 15:00 BST on Wednesday 28 May for a live conversation with ✓ HD Moore, founder of The Metasploit Project and now CEO of runZero, the platform redefining visibility across the entire attack surface. HD will unpack the fundamental flaws in how most organisations understand risk. He’ll challenge the assumptions behind traditional vulnerability management and explain why even the best security teams are still blind to their most serious exposures. This isn’t about fear. It’s about clarity and taking back control. You’ll leave with: 🟢A clearer understanding of why “prioritised” CVEs don’t equal real protection 🟢 Insight into how forgotten devices and shadow assets are shaping your exposure 🟢 A smarter, leaner way to see everything, without agents, authentication or guesswork 🟢 Tools for better decision-making, not just bigger reports At Secon, we believe in protecting people, not just ticking compliance boxes. This session aligns with our belief that simplicity, honesty and visibility are the foundation of real security. 💬 Join us for a conversation that will challenge how you think, and help you move forward with purpose. Sign up here: https://lnkd.in/euPnc4yZ #cybersecurity #cyber #vulnerabilities

It's almost time! Tod Beardsley takes the stage at 11:30 ET at NorthSec to dissect the three most-used vulnerability scoring systems — CVSS, EPSS & SSVC. He'll be unpacking what they reveal, where they mislead, and how to read between the scores. Tune in here for the live stream: https://lnkd.in/eGp9_wpq Then read the report that inspired the talk here: https://lnkd.in/eU5XpHWC

Looking forward to a great event in collaboration with Secon! We hope you'll join us on May 28th as we delve into the fatal flaws of vulnerability management. Registration link below 👇

Please join us in congratulating James M. as our Employee of the Month! James continues to exemplify what it means to be a team player—always kind, swift, and incredibly effective in everything he touches. From helping shape runZero's voice across our blog and social media channels to taking feedback with grace, James consistently goes above and beyond to ensure our message is both clear and heard. Most recently, James led the charge on updating our website for the Exposure Management launch, delivering outstanding results. He continues to drive strong performance across our paid ad channels and just launched a set of Reddit ads that are already gaining meaningful traction—no small feat! Beyond his results, James brings a great attitude and genuine team spirit to everything he does. We’re lucky to have him on the team. Way to go, James - and thank you for all that you do! 

What do ghosts, squids, and scoring systems have in common? Find out at 9:15 ET! Join us live at NorthSec or tune in virtually on YouTube for ✓ HD Moore's keynote: A Pirate’s Guide to Snake Oil and Security. HD will take you on a satirical voyage through the crowded world of vulnerability management. From clashing tribes to competing frameworks, HD will examine how defenders can navigate vendor claims and hype to uncover what actually works. https://lnkd.in/eAHm9R3B

🇨🇦 Meet runZero at NorthSec: Two Talks on Vulnerability Management 🇨🇦 Heading to Montreal this week? Don’t miss two sessions from the runZero team that unpack the state of vulnerability management — from scoring system chaos to security snake oil. 📅 Thursday, May 15 @ 9:15AM EST: A Pirate’s Guide to Snake Oil & Security ✓ HD Moore, runZero Founder & CEO, opens NorthSec with a satirical voyage through the crowded world of vulnerability management. From clashing tribes to competing frameworks, HD examines how defenders can navigate vendor claims and hype to find what actually works. 📅 Friday, May 16 @ 11:30AM EST: Vulnerability Haruspicy: Using Woo to Confirm Your Biases Tod Beardsley, runZero VP of Security Research, breaks down CVSS, EPSS, & SSVC — what these systems get right, where they fall short, and how to turn that insight into smarter prioritization. Swing by our table for a demo, hear the talks, and read our new companion report, Divining Risk: Deciphering Signals From Vulnerability Scores: https://lnkd.in/eU5XpHWC 🎟️ Explore the event: https://northsec.io/

⚡ New Research Report⚡ Divining risk isn’t just for mystics. Defenders do it every day — reading signals, spotting patterns, and deciding what really matters. In our latest report, Tod Beardsley breaks down the three scoring systems at the core of modern triage: CVSS, EPSS, and SSVC. What’s inside: 👉 A breakdown of CVSS, EPSS, and SSVC — how they work, where they mislead, and what signals are actually useful 👉 Data-backed insights from analyzing 270,000+ CVEs, including the biggest EPSS score movers and what they reveal 👉 Practical guidance on combining scores with PoCs, asset context, and data to triage smarter This isn’t a teardown. It’s a practical guide for interpreting risk through a sharper, more intuitive lens. Read it here and tell us what you think: https://lnkd.in/eU5XpHWC