Erik Nost

Senior Analyst

Author Insights

Blog

There’s Something Strange In The CVE Woods, Who You Gonna Call?

Erik Nost October 31, 2022
Last week, the number of CVE vulnerabilities received and analyzed by the National Vulnerability Database for 2022 surpassed the total number of CVEs for 2021. With nine weeks still left in 2022, we are on pace to crush last year’s record of vulnerabilities. And we are bound to set another record in 2023. When we […]
Blog

CISA Releases Directives On Asset Discovery And Vulnerability Enumeration

Erik Nost October 4, 2022
The Cybersecurity & Infrastructure Security Agency (CISA) kicked off Cybersecurity Awareness Month with a bang yesterday, with its latest binding operational directive that requires federal agencies to account for a complete inventory of assets and vulnerabilities. In past CISA coverage, we recommended that organizations doing business with the federal government, looking to maintain good cyber […]
Blog

Cyber Grant Program Is Welcome News For Small Governments

Erik Nost September 21, 2022
Local governments have become frequent targets of cyber attacks, and funding and planning for preventing for more attacks have been left largely to the local level. A new initiative is changing that.
Blog

Vulnerability Programs Must Regain Trust To Inspire Action

Erik Nost August 17, 2022
Is using CVSS scores for risk prioritization leading to misalignment and even mistrust in your organization? Find out in this Security & Risk event session preview.
Blog

Perspectives From Black Hat 2022

Erik Nost August 16, 2022
Thousands of security practitioners, vendors, and researchers from 111 different countries packed the Mandalay Bay Convention Center in Las Vegas last week for the first in-person Black Hat since 2019. Since the 2019 Black Hat, new technologies and security providers have increased, but so have threats, actors, and social/political/economic concerns. This year’s high attendance demonstrated […]
Blog

Microsoft Announces Defender Vulnerability Management

Erik Nost May 23, 2022
Microsoft recently announced Defender Vulnerability Management is available in a 120-day public preview as as a standalone, endpoint detection and response (EDR)-agnostic option. Defender for Endpoint Plan 2 customers have the option to purchase new add-on capabilities, while Defender for Endpoint Plan 1 customers will need to purchase the full standalone version. This release is […]
Blog

Plan Your Response To CISA Emergency Patching Directives

Erik Nost May 20, 2022
The US Cybersecurity and Infrastructure Security Agency and other government agencies will continue to weigh in on vulnerability and patch management. Be prepared to respond.
Blog

Meet The New Analyst Covering Vulnerability Risk Management: Erik Nost

Erik Nost May 11, 2022
What Topics Will You Be Covering at Forrester? I am very excited to be covering vulnerability risk management (VRM) at Forrester, including threat modeling and management and penetration testing. Some of the areas in VRM that I hope to explore include: Vulnerability risk prioritization, especially with new “zero days” hitting at what seems like every […]