I had the honor to hold the first episode of the podcaso Xpoision Live from Summit Xpoision 2025. And I couldn’t ask for the best panel: three cybersecurity executives who don’t just talk, they live.
Let me submit them.
Alex delayedCISO in IDB Bank knows what to protect the high -regulated environment. Ben midCybersecurity Director of Avity Biosciences brings a promising safety perspective that reflects the innovation that lying for the purposeful Avitude RNA therapy. And last but no less important, Michael FranceThe cybersecurity director who has threatened at Wyndham hotels and resorts is charged with franchise. Each brought a unique advantage of the overall task: the use of constant exposure to threats (CTEM) to complex production conditions.
In 2023, Gartner made waves with a bold prediction: organizations pricing CTEM will be CTEM Three times less likely be broken until 2026. But here is a kicker – only if it works.
Speaking with these experienced defenders, we unpacked the realities and problems behind the implementation and operational strategy of effective exposition management strategy, solving the following tough issues:
- What does a good CTEM program look like and what are the typical problems you need to overcome?
- How do you optimize the cyber report and the risk to affect the Council level decisions?
- And end up, how do you measure the success of your CTEM program?
Problems, priorities and best practices
CTEM is not a connection and game. The concept of the discussion participants was clear: start with the inventory of assets and identity management; Weak maintenance accounts, excessive users, Legacy Logins. None of them are small gaps, they are wide open doors that need to be checked. And for all our participants, the frequency is a lot. Because guess what? Opponents also constantly dispute the defense. For internal assets, a weekly check is a rule. For external assets? Daily. As they see, this is the only way to maintain a permanent handle over them constantly changing the environment.
Surprisingly, Michael pointed to the threat of intelligence as the basis of any security test program. “You need to understand your opponents, mimic their TTPS and check your defense in the real world scenarios rather than just CVE corrections.” This is a key difference between CTEM and vulnerability. Vulneration management is a correction. The exposition management is to find out whether your control is working on the locking threats.
Report: Cyber translation at risk conditions
In the banking industry, as in many other high -ranking industries, Alex could not emphasize enough need to be prepared to answer the tough questions asked by the regulators. “You will Get a call for an exhibition, recovery time and risk treatment. And that’s good. It makes clarity and accountability. “
But even on the borders of regulated branches, the conversation changes. Tips do not want to hear about CVSS points. They want to understand risk – And this is a completely different discussion. Does the company’s risk profile go up or down? Where is it focused? And what do we do about?
Measurement of progress
Success in CTEM is not a count of vulnerabilities; Ben secured it when he said he measures the number of exploited attacks that his team closed. He shared how the check -in -attack ways revealed risky gaps in safety, such as inflated accounts and forgotten assets. Suddenly the risk becomes visible.
Others took it the other way with board exercises that go through the real
The attack scenarios. It is not about indicators, but about the explanation of risk and consequences. The transition that moves the debate from the noise to the signal and gives clarity to the business that is important: where we expose and what we do with.
From concept to action
Want to hear how these defenders create CTEM into action without drowning from the noise?
This episode deepens deeply into real questions: where do you start, how you remain focused on what exploits and how do you connect it with business -riches? You will hear firsthand as security leaders such as Alex, Ben and Michael, fight these problems, with several surprises along the way …
🎧 Make sure to catch a complete conversation Apple Podcast and Hold
