Skip to content ↓ | Skip to navigation ↓

At RSA 2015, I facilitated my first Peer-2-Peer session, “Vulnerability and Risk Scoring: What Ratings Really Mean” in front of full audience. I went into the event not really certain what a Peer-2-Peer was and what I would take away, but I knew I was very interested in discussing vulnerability scoring and metrics with a group of like-minded individuals.

While I expected a discussion around the various formulas available and the reasoning for the math, I was surprised to instead find myself with a group of individuals looking to discuss how metrics affected their day-to-day and the missing metrics that they would like to see.

It was very insightful then; it was my favourite part of RSA that year. While I missed my opportunity last year, I’m happy to say I’ll be back at RSA 2017 with a Peer-2-Peer session titled, “Metrics for Managing and Understanding Patch Fatigue.”

If you’ve never experienced a P2P before, the concept is simple. A small group of people meet to share their thoughts and ideas on a subject. There’s no PowerPoint, no presenter, and not a lot of prepared material (a few conversation starters). It’s the ultimate brainstorming session and a lot of fun.

With my session this year, I plan to use a research paper published last year by Lane Thames and I on Patch Fatigue to seed the conversation. Similar to my first P2P, I hope that this one discusses metrics but with a focus on their ability to assist IT Operations with juggling the staggering number of patches that are released each year.

While these discussions tend to have a mind of their own and their organic evolution is what makes them interesting, I’m interested in hearing how attendees are dealing with information overload and working together to come up with ways to handle that.

Whether you’re on a team experiencing Patch Fatigue or a team that’s successfully managing it, this session is for you. It doesn’t really matter if you’re a team member, manager, or vendor providing tools – your voice can add to the conversation. It should be a great opportunity to gather around a table and discuss Patch Fatigue. While we may not solve the problem, at least we can help each other better understand the problem set.

If you’re attending RSA 2017, come by the Marriott Marquis (Room: Nob Hill B) at 4PM and join in the discussion. You can reserve a seat for this session here.

SANS White Paper: Security Basics
<!-- -->