Tools and Techniques for Better Network Visibility and Vulnerability Management with Kylie McClanahan

In Episode 10 of Protect It All, titled "Tools and Techniques for Better Network Visibility and Vulnerability Management with Kylie McClanahan," host Aaron Crow and guest Kylie McClanahan dive into the critical elements of enhancing cybersecurity through advanced tools and strategies. Kylie, CTO of a company specializing in this field, shares her insights on overcoming the challenges of consistent naming conventions, accurate vendor data, and breaking down silos for effective communication across teams.

They explore the utility of tools like Spartan and Network Perception in visualizing network vulnerabilities, mapping asset inventories, and planning effective patch management. They emphasize the importance of correlating vulnerabilities with business priorities rather than just CVSS scores and the need for a layered security approach.

The episode also discusses cybersecurity risks to non-technical stakeholders, highlighting the business implications. The duo discusses the evolving landscape in the power utility sector, the dual nature of physical and cyber threats, and the ever-present need for continuous adaptation.

Kylie shares her excitement about machine learning and graph neural networks for grid state estimation while expressing caution about AI tools' accuracy. Aaron and Kylie stress the importance of reliable data, automated processes, and vendor security advisories in maintaining effective asset management.

Key Moments: 

03:47 Discussion focused on improving cybersecurity classifications and communication.

08:48 Compliance sometimes leads to minimum effort for benefit.

11:17 Vendor security advisories prioritize patch tracking.

14:46 Testing for security vulnerabilities and potential exploits.

17:20 Understanding and communicating cybersecurity risk to non-professionals.

20:50 Disagreement on consistent product naming causes confusion.

25:46 NVD website publishes overwhelming recent vulnerabilities.

27:07 Understanding the importance of asset management.

32:13 Challenges of tracking change management in organizations.

33:33 People, process, and technology are crucial investments.

37:34 Spartan takes any scan, offers change management.

39:55 Vision of the future: a dynamic ecosystem.

43:19 Vendors acknowledge changes in control systems effectiveness.

48:09 Equations useful, AI for optimization, caution with models.

49:28 Questioning truthfulness of AI in HR replacement.

53:01 Toyota and Lexus prioritize reliable, tested technology.

About the guest : 

Kylie McClanahan is the Chief Technology Officer of Bastazo, Inc and a doctoral candidate in Computer Science at the University of Arkansas. She has nearly a decade of experience with cybersecurity in the electric industry, including both professional experience and frequent collaborations with industry as a graduate researcher. Her research explores the automation of vulnerability analysis and remediation using natural language processing and machine learning. She holds a GCIP certification from GIAC and speaks frequently about cybersecurity in industrial control systems.

How to connect Kylie: 

https://www.linkedin.com/in/kyliemcclanahan/

https://www.bastazo.com

https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: [email protected] 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at [email protected]