Author Bio

Ed Bellis

Chief Technology Officer, Co-founder

Some call him the father of risk-based vulnerability management. Everyone else just calls him Ed. He’s got thoughts about RBVM. Deep thoughts. He shares them here.

WHAT HE REALLY DOES: Ed herds a team of very smart cats who do the security research and data science that helps you keep the bad guys at bay.

WHY READ HIS BLOG: When he headed security for Orbitz, Ed realized that staying ahead of the next threat would be impossible without the ability to know which vulns pose the greatest risk to your enterprise. He applies that same kind of vision to his blogs.

ODD FACT: Related to both Major and Minor League Baseball players, yet oddly uncoordinated himself.

Read My Posts

Buy vs. Build? 5 Considerations for Vulnerability Management

This post originally ran on September 9, 2021, and has been updated. Worldwide IT spending is projected to total $4.4 trillion in 2022, an increase of 4% from 2021, according to the latest forecast by Gartner, Inc. With skyrocketing IT initiatives and digitization, leaders everywhere are evaluating their options, including investments in vulnerability management (VM)….

austin-distel-goFBjlQiZFU-unsplash-scaled-min

The State of Risk-Based Vulnerability Management in 2022

Once executives make an investment, they’re eager to see one particular metric: Return. In many cases, it’s a piece of hardware or software that needs to pay for itself by saving time, amplifying efforts, or even reducing risk to be a win for the company. Kenna Security customers bought into the risk-based vulnerability management (RBVM)…

richard-horvath-WOA3QKFjlo8-unsplash-scaled-min

Why Security Resilience is Actually Business Resilience

Businesses don’t like surprises, especially unwelcome ones. Economic and marketplace shocks often lead to decisions made under duress and result in rapid, costly ramp-ups or scale-backs. And while the future ultimately is unknowable, organizations that understand the business risks posed by an uncertain world–and equip themselves to respond confidently to those risks—will fare far better…

Here’s How to Measure Your Organization’s Exploitability

We’ve had a few big goals throughout our research series, “Prioritization to Prediction,” and we accomplished a big one with the release of our eighth edition: A way for organizations to measure and reduce their exploitability. The findings, based on research by Kenna Security and the Cyentia Institute, uncovered a few interesting tidbits along the way….

yang-song-gsh-RsCnLKQ-unsplash-e1639580542518-min

How Not to Be a Crisis CISO

Businesses have been under historical stress the last two years as global events have dealt blow after devastating blow. And perhaps no office has felt these stresses more acutely than the CISO. Unprecedented attacks, increasingly complex environments, expanding perimeters, blame culture, challenging stakeholders, friction between Security and IT, data overwhelm, and shortcomings inherent to traditional vulnerability management strategies can spread CISOs thin. Instead of investing their valuable time in efforts that lower risk to the business, they’re…

Time and Again, We Are Reminded That Together Is Better

If the past couple of years has taught us anything, it’s that there is strength in numbers. Cybersecurity professionals know this more than most. Challenges are becoming more complex, telemetry data more voluminous, vulnerabilities more prevalent, workforces and attack surfaces more distributed, and threats more sophisticated. In the face of all this, few organizations have…