Building a scalable vulnerability management program on AWS

Building a scalable vulnerability management program on AWS
Photo by Kelsey He (@idwyss)

In October 2023, I co-authored a guide for Building a scalable vulnerability management program on AWS. This guide includes how you can build a structured vulnerability management program, operationalize tooling, and scale your processes to handle a large number of findings from diverse sources. This guide can help you and your organization with the following:

  • Develop policies to streamline vulnerability management and maintain accountability.
  • Establish mechanisms to extend the responsibility of security to your application teams.
  • Configure relevant AWS services according to best practices for scalable vulnerability management.
  • Identify patterns for routing security findings to support a shared responsibility model.
  • Establish mechanisms to report on and iterate on your vulnerability management program.
  • Improve security finding visibility and help improve overall security posture.

Read more

Extending Security Ownership Across Your Organization: A conversation with Megan O’Neil, Principal Security Solutions Architect at AWS

Extending Security Ownership Across Your Organization: A conversation with Megan O’Neil, Principal Security Solutions Architect at AWS

In this chat with AWS enterprise strategist, Clarke Rodgers, Megan discusses the benefits of extending security ownership beyond the security department. Here at AWS, identifying vulnerabilities isn’t just the responsibility of the security team — every employee is empowered and expected to report potential security issues. In Megan’s own

By Megan O'Neil