Loading…
Subject: Vulnerability Management clear filter
arrow_back View All Dates
Saturday, September 12
 

10:30am CDT

CISA’s Menu for Vulnerability Management
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Hungry for better cyber defense? Pull up a chair at CISA’s café, where vulnerability management is always on the menu! This talk will serve up a full tasting of best practices, international standards, and key initiatives that help organizations defend against today’s threats and enhance their cyber resilience. From tried-and-true favorites like CVE and the Known Exploited Vulnerabilities (KEV) catalog, to innovative new flavors including CSAF and OpenEoX, discover how the vulnerability management chefs at CISA lead efforts to streamline vulnerability disclosure, automate risk decisions, and overall secure U.S. critical infrastructure. Whether picking a la carte or sampling the whole menu, you will leave this talk with tasty insights and actionable recipes to boost your organization’s cyber defense posture…no reservations required!
Speakers
avatar for Justin Murphy

Justin Murphy

Cybersecurity Vulnerability Analyst, DHS/CISA
Justin Murphy is a Vulnerability Analyst with the Cybersecurity and Infrastructure Security Agency (CISA). He helps to coordinate the remediation, mitigation, and public disclosure of newly identified cybersecurity vulnerabilities in products and services with affected vendor(s... Read More →
avatar for Julia Turkevich

Julia Turkevich

Cybersecurity Vulnerability Analyst, DHS/CISA
Julia Turkevich leads CISA's stakeholder engagement activities to recruit CVE Numbering Authority (CNA) partners that are committed to proactive and responsible vulnerability disclosure. As a member CISA's Vulnerability Management subdivision, Julia works to advance maturity across... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

The End is Just the Beginning of Better Security: Enhancing Vulnerability Management with OpenEoX
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Persistent cyber campaigns continue to threaten both public and private sectors, with outdated, unsupported edge devices emerging as a prime target for Nation-state adversaries. End-of-Life/End-of-Support (EoL/EoS) technologies create enduring exposure across our Nation's critical infrastructure, prompting CISA's February 2026 Binding Operational Directive (BOD) 26-02 requiring federal agencies to identify and replace EoS edge devices, maintain current software, and patch known vulnerabilities when immediate replacement is not feasible. The presentation will also introduce OpenEoX, a new open source, machine-readable standard, developed by OASIS Open, that streamlines the exchange of product lifecycle data across software, hardware, services, and AI models, and explains how it enables automated, timely detection of EoL/EoS assets and seamless integration with existing tools and standards such as Software Bills of Material (SBOMs) and the Common Security Advisory Framework (CSAF). It will detail the benefits for government agencies, vendors and open source maintainers, downstream users, and the broader ecosystem, and show how OpenEoX adoption supports transparency and consistency at scale. The session will also outline actions to operationalize OpenEoX, such as publishing OpenEoX data publicly, integrating OpenEoX into scanners and asset platforms, and updating workflows to drive proactive replacement, patching, and upgrades for unsupported devices. The goal is coordinated adoption that reduces risk and strengthens security through a standardized, transparent, and automated lifecycle management framework.
Speakers
avatar for Justin Murphy

Justin Murphy

Cybersecurity Vulnerability Analyst, DHS/CISA
Justin Murphy is a Vulnerability Analyst with the Cybersecurity and Infrastructure Security Agency (CISA). He helps to coordinate the remediation, mitigation, and public disclosure of newly identified cybersecurity vulnerabilities in products and services with affected vendor(s... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk
 
Blue Team Con 2026
From $0.00

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Event Planning Software Privacy Terms
Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Filtered by Date - 
Clear filter
Thursday, September 10
Saturday, September 12
Microsoft Technology Center (Aon Center)
Swissôtel Chicago
  • Talk
  • Training
  • Company
  • Abstract
  • Acalvio
  • Amazon
  • Beazley Security
  • Black Hills Information Security
  • Bloom security
  • Broadcom
  • C Spire
  • Campbell Clinic
  • Coalfire
  • CQURE
  • Critical Path Security
  • Data Defenders
  • Dataminr
  • Daylight Security
  • DHS/CISA
  • EXOS
  • First National Bank of Omaha (FNBO)
  • Flare
  • Fortune 150 Food & Bev Manufacturer
  • GetReal Security
  • Horizon Secured
  • Invisible Technologies
  • LevelBlue
  • Liberty Mutual Insurance
  • Nationwide
  • Netwrix
  • Notion
  • Pixee AI
  • Push Security
  • Rapid7
  • Reflex Security
  • Reversec
  • Revology
  • SCYTHE
  • Semperis
  • Spacewalk.ai
  • SpecterOps
  • StoneX
  • TrustedSec
  • Webflow
  • WiCyS Wisconsin
  • Zelis Healthcare
  • Audience
  • Advanced
  • Beginner
  • Early Career
  • Intermediate
  • Subject
  • Application Security / DevSecOps
  • Career Matters
  • Governance / Risk / Compliance
  • Management / Leadership
  • Physical Security
  • Resilience
  • Security Operations / Tools
  • Threat Hunting and Red Teaming
  • Threat Intel and DFIR
  • Vulnerability Management