# Making vulnerability management and incident response actually work. Also, the News! - Beck Norris, Ryan Fried, José Toledo - ESW #442 Page: https://stenobird.com/podcast/enterprise-security-weekly-video-787162/making-vulnerability-management-and-incident-response-actually-work-also-the-news-beck-norris-ryan-fried-jos-toledo-esw-442 Text version: https://stenobird.com/podcast/enterprise-security-weekly-video-787162/making-vulnerability-management-and-incident-response-actually-work-also-the-news-beck-norris-ryan-fried-jos-toledo-esw-442.md Podcast: [Enterprise Security Weekly (Video)](https://stenobird.com/podcast/enterprise-security-weekly-video-787162) Published: 2026-01-19T10:00:00+00:00 Episode link: https://eswvideo.libsyn.com/making-vulnerability-management-and-incident-response-actually-work-also-the-news-beck-norris-ryan-fried-jos-toledo-esw-442 Audio file: https://dts.podtrac.com/redirect.mp3/traffic.libsyn.com/secure/eswvideo/ESW_442_1--c95daf98-6505-483e-b7b3-f1f80902775a--sd-converted--88bd17dd-a3dd-4cd2-b844-770cc7da46c9.mp4?dest-id=376667 Processing state: not_requested JSON: https://stenobird.com/v1/public/podcasts/enterprise-security-weekly-video-787162/episodes/making-vulnerability-management-and-incident-response-actually-work-also-the-news-beck-norris-ryan-fried-jos-toledo-esw-442 Duration seconds: 6206 ## Resource Segment 1 with Beck Norris - Making vulnerability management actually work Vulnerability management is often treated as a tooling or patching problem, yet many organizations struggle to reduce real cyber risk despite heavy investment. In this episode, Beck Norris explains why effective vulnerability management starts with governance and risk context, depends on multiple interconnected security disciplines, and ultimately succeeds or fails based on accountability, metrics, and operational maturity. Drawing from the aviation industry—one of the most regulated and safety-critical environments—Beck translates lessons that apply broadly across regulated and large-scale enterprises, including healthcare, financial services, and critical infrastructure. Segment 2 with Ryan Fried and Jose Toledo - Making incident response actually work Organizations statistically have decent to excellent spending on cybersecurity: they have what should be sufficient staff and some good tools. When they get hit with an attack, however, the response is often an unorganized, poorly communicated mess! What's going on here, why does this happen??? Not to worry. Ryan and José join us in this segment to offer some insight into why this happens and how to ensure it never happens again! Segment Resources: [Mandiant - Best practices for incident response planning] ( https://services.google.com/fh/files/misc/mandiant incident response best practices_2025.pdf?linkId=19287933 ) Beyond Cyberattacks: Evolution of Incident Response in 2026 Segment 3 - Weekly Enterprise News Finally, in the enterprise security news, Almost no funding… Oops, all acquisitions! Changes in how the US handles financial crimes and international hacking Mass scans looking for exposed LLMs The state of Prompt injection be careful with… ## Actions - request_transcript: `POST https://stenobird.com/v1/public/podcasts/enterprise-security-weekly-video-787162/episodes/making-vulnerability-management-and-incident-response-actually-work-also-the-news-beck-norris-ryan-fried-jos-toledo-esw-442/transcription-requests` — Idempotently request low-priority transcript generation for this episode. - read_markdown: `GET https://stenobird.com/podcast/enterprise-security-weekly-video-787162/making-vulnerability-management-and-incident-response-actually-work-also-the-news-beck-norris-ryan-fried-jos-toledo-esw-442.md` — Read the agent-friendly Markdown representation of this episode resource. A page view does not enqueue transcription. Agents should invoke `request_transcript` explicitly when they need this episode processed. ## Transcript Full transcripts are not published on public pages unless there is a clear rights basis.