The Adversarial Podcast Ep. 7 - Security Certs, Vulnerability Disclosure, and Effective Security Controls

Episode notes

Listen as CISOs-turned-founders Jerry Perullo, Mario Duarte, and Sounil Yu discuss the value of security exams and question the relevance of certain certifications in today’s industry. Then, they debate into the vulnerability disclosure process, exploring how CVEs impact companies outside the SaaS world and whether CISA’s "Secure by Design" initiative is truly effective across industries. Finally, they discuss security misprioritization, from school systems to corporate desktops, and the evolving role of account management in protecting digital crown jewels.

Stories

• LinkedIn Post on ISC2 exams - https://www.linkedin.com/posts/mlockhart_hate-to-see-how-isc2-has-devolved-over-the-activity-7234368996647604225-tKVp
• “Is the vulnerability disclosure process glitched? How CISOs are being left in the dark” - https://www.csoonline.com/article/3491353/is-the-vulnerability-disclosure-process-a-glitch-in-itself-how-cisos-are-being-left-in-the-dark.html
• LinkedIn Post on Chrome DevTools blocked in schools - https://www.linkedin.com/posts/perullo_im-lucky-enough-to-have-my-6th-grade-daughter-activity-7237092980996632577-5T62

00:00 Intro

01:00 ISC2 Exams

20:39 VDP and Secure by Design

35:29 Security controls

49:06 Admin accounts