Vulnerability Management Resume Sample
Work Experience
- Experience in various security technologies and techniques
- Experience in organizing resources, establishing priorities, and leading security related projects
- Collaborate with members of IT, business units, functional teams, field personnel, internal and external audit functions, regulatory bodies and third party service providers with regards to security priorities and assessments
- Maintain the relationship with the CIC’s Cyber Check vulnerability 3rd party vendor
- Have a broader perspective of potential issues encountered when managing diverse teams and the strategies to overcome them; have a clear understanding of the firm’s commitment to creating a more inclusive culture
- Experience in the information security and/or IT risk management field related to network, host, database and/or application security in multiple operating system environments is required
- Experience with vulnerability management tool (Qualys, others)
- VM Operate: Focused on processing Security Advisories to Rate and Profile Vulnerabilities as well as providing a deep understanding of the issue, impact to the firm, and solutions needed to mitigate/remediate
- Acts as lead on incident and vulnerability response
- Liasing with internal stakeholders and senior leadership
- Driving optimisation of incident impact assessment and response times
- Responsibility for managing the end to end vulnerability management workflow
- Provides recommendations on improving the security posture of the client’s enterprise
- Scanning and identifying vulnerabilities associated with Capital One assets connected to the network
- The team also assisting with the prioritization and remediation of the identified vulnerabilities utilizing operational best practices to maintain all tools that are used in the scanning and identification of vulnerabilities as well as the tools used to rationalize, consolidate and apply additional contextual information
- Working with the Information Security Engineering team in the identification, design and implementation of new tools as requirements arise, consolidating and rationalizing the various vulnerability data from different scanning tools to remove duplicates, apply additional context to provide meaningful information for metrics that help prioritize and drive remediation activities
- Strong knowledge and experience in the areas of security assessment, vulnerability management, risk based threat analysis, security mitigation techniques and tools like Nexpose and RedSeal
- Technical knowledge of desktop and server hardware and software architectures and operating systems including Windows, UNIX, and Ma
- Technical knowledge of Cisco and Checkpoint network and security solutions
- Experience with a scripting language such as shell scripting, Ruby, or Perl
- IT monitoring and reporting technology and tools knowledge like SQL, Tableau
- Experience as a manager with emphasis on IT Security and technical solutions
- Hands on experience with the remediation of security vulnerabilities (e.g. OS/Application Patching, Static and Dynamic Application Security Testing)
- Knowledge of current security threat landscape including traditional data center and cloud computing platforms
- Experienced in, and able to formulate, the effectiveness and benefits of security remediation initiatives in the context of overall business risk mitigation, security posture, and the company's operational objectives
Education
Professional Skills
- Excellent organizational, written communications and oral presentation skills
- Penetration testing skills including the use of relevant tools and technologies
- Leadership skills which bring out the best in the team. This includes both direct leadership but also cross-functional capabilities
- Detail oriented, organized, methodical, follow up skills with an analytical thought process
- Leading and supporting the Vulnerability Management team, effectively driving team strategy, goals, and performance objectives
- Familiarity with validating vulnerability scanning results, mitigation and false positives
- Strong understanding of the Common Vulnerability Scoring System and its application in a production vulnerability management environment
How to write Vulnerability Management Resume
Vulnerability Management role is responsible for security, training, design, technical, analytical, reporting, database, auditing, architecture, research.
To write great resume for vulnerability management job, your resume must include:
- Your contact information
- Work experience
- Education
- Skill listing
Contact Information For Vulnerability Management Resume
The section contact information is important in your vulnerability management resume. The recruiter has to be able to contact you ASAP if they like to offer you the job. This is why you need to provide your:
- First and last name
- Telephone number
Work Experience in Your Vulnerability Management Resume
The section work experience is an essential part of your vulnerability management resume. It’s the one thing the recruiter really cares about and pays the most attention to.
This section, however, is not just a list of your previous vulnerability management responsibilities. It's meant to present you as a wholesome candidate by showcasing your relevant accomplishments and should be tailored specifically to the particular vulnerability management position you're applying to.
The work experience section should be the detailed summary of your latest 3 or 4 positions.
Representative Vulnerability Management resume experience can include:
- Have strong quantitative and analytical skills, proven ability to track and successfully complete complex programs
- Strong communication and advocacy skills, both verbal and written, with the ability to express complex and technical issues in clear and concise language
- Prior experience in leading and developing Secure Software Development Lifecycle (SSDLC)
- Communicate effectively and tactfully with both business-oriented executives and technology-oriented personnel
- Build and maintain strong working relationships with IT engineering, operations, and other stakeholders to remediate Vulnerability Findings
- Demonstrated knowledge of security industry standards and leading practices (e.g. PCI, OWASP, NIST, CIS, CVSSv3)
Education on a Vulnerability Management Resume
Make sure to make education a priority on your vulnerability management resume. If you’ve been working for a few years and have a few solid positions to show, put your education after your vulnerability management experience. For example, if you have a Ph.D in Neuroscience and a Master's in the same sphere, just list your Ph.D. Besides the doctorate, Master’s degrees go next, followed by Bachelor’s and finally, Associate’s degree.
Additional details to include:
- School you graduated from
- Major/ minor
- Year of graduation
- Location of school
These are the four additional pieces of information you should mention when listing your education on your resume.
Professional Skills in Vulnerability Management Resume
When listing skills on your vulnerability management resume, remember always to be honest about your level of ability. Include the Skills section after experience.
Present the most important skills in your resume, there's a list of typical vulnerability management skills:
- Demonstrated specific experience managing an IT operations center
- Good understanding of Windows and Linux patching
- Experience assisting the resolution of customer escalations, incident handling, and vulnerability response
- Experience using scripting languages such as Perl, Python and PowerShell
- Experience managing vulnerability management and security testing for cloud services (Amazon Web Services, Microsoft Azure, Google Cloud Platform)
- Experience in overseeing remediation of system, network, and application vulnerabilities
List of Typical Experience For a Vulnerability Management Resume
Experience For Vulnerability Management Lead Resume
- Lead working groups of business stakeholders to proactively enhance Vulnerability Management standards in conjunction with the Firmwide Cybersecurity Program and Vulnerability Management Product and Capability Roadmaps
- Strong written and verbal communication skills with the ability to collaborate through all parts of the business
- Strong understanding of security requirements in the application development life cycle
- Assess the validity of source data and subsequent findings
- Linux hand-on experience
- Knowledge and experience with ACAS and HBSS
- Understanding and leading deployment of static and dynamic code scanning practices
- Lead team of Information Security engineers responsible for Vulnerability Scanning, Penetration Testing, and Application Security
Experience For Senior Manager, Vulnerability Management Resume
- Mentor and organize training for staff
- Conduct security risk assessments of customer-facing applications
- Work with the Director, Vulnerability Management to implement a cohesive vulnerability management strategy encompassing all Sony Group companies
- Knowledge of application, network and operating system security
- Collect metrics and trending data
- Develop and facilitate data-gathering methods
- Ensure stability and resiliency of Cybersecurity products and services related to Vulnerability Management
- As a member of the Governance, contribute to team goals and objectives
Experience For Director of Vulnerability Management Resume
- Direct and manage team of vulnerability managemnt and incident response resources
- Develop plans with executive management, business units and technical resources to enhance the current vulnerability management program
- Direct and manage roll-out of static and dynamic code analysis
- Orchestrate the analysis and delivery of vulnerability findings to internal customers with impactful, comparative, interpretative security analysis in a clear, consistent, and factual manner
- Responsible for tracking and reporting metrics, including detection and use of various available inventories and scan results, data modelling, processing, calculating and transformation into meaningful metrics and reports
- Analyze data or information, identifying the underlying principles, reasons or fact of information by breaking down information or data into separate parts
- Develop, revise, and update documentation, SOPs
Experience For Threat & Vulnerability Management Resume
- Monitor global cybersecurity trends
- Develop, implement and maintain incident management processes
- Manage the development of vulnerability management systems, initiatives, integration, and technical assessment support
- Collaborate with diverse sets of information security experts and stakeholders in the formulation of unified information security requirements and architecture standards for Sony’s most critical global projects
- Serve as a technical security subject matter expert and advisor for global information security priority initiatives
- Advanced knowledge of application security penetration testing and code review to include practical experience with verification of vulnerabilities similar to the OWASP Top Ten
Experience For Expert Vulnerability Management Lead Resume
- Advanced knowledge of vulnerability analysis and assessment to include reviewing Application Security Testing findings and conveying the risk to the business and its customers
- Provides direction and tasking to direct reports
- Advanced knowledge of asset management, patch management, and vulnerability remediation strategies
- Support customer of large, complex enterprise in managing the Vulnerability Management team, consisting of vulnerability scanning, applications security, enterprise vulnerability assessments, remediation management, and penetration testing
- Define vulnerability assessment and penetration testing policies and standards in alignment with CISO mission and direction
Experience For Threat & Vulnerability Management Assosiate Resume
- Work with the security governance, risk, and compliance capability to ensure vulnerability scanning incorporates controls and compliance requirements
- Oversees the development and enhancement of VMA services to include process and collaboration improvements
- Develop methods to integrate new tools into current workflows
- Ensures the senior CISO leadership direction and requests are fulfilled
- Prepare, write, and present reports and briefings to customer CISO senior leadership
- The position requires U.S. Person status or a Non-U.S. Person be eligible to obtain Authorization
- Knowledge of Vulnerability Assessment processes and procedures
- Be able to support limited domestic travel (<25 %)
Experience For Director of Threat & Vulnerability Management Resume
- Knowledge of cyber security RMF, OWASP, SANS top 20, NIST
- Design and drive strategy and tactical plans toward holistic vulnerability management across multiple technology teams in large complex organizations
- Exceptional communication and project management capabilities
- Develop and maintain a Continuous Security pipeline to ensure applications and infrastructure are secure through all portions of the GDSDL (GoDaddy Secure Development Lifecycle) without slowing down the pace of the business
- Prepare and provide weekly cybersecurity vulnerability status snapshots and trend analysis. Consolidate ongoing operational activities in a daily status briefing including cause, fix, impact, and prevention recommendations
- Devise, track, and complete all Plan of Action and Milestones (POA&Ms) to support vulnerability mitigation efforts
- Upon notification from the Cybersecurity office, report vulnerabilities and mitigations to the appropriate teams. Track, compile, assess, and report on these vulnerabilities, unauthorized activities, and security incidents
- Coordinate with the Cybersecurity office on the results of vulnerability scans and assessments
- Takes preventative measures to proactively identify and prevent potential problems
Experience For RTB Vulnerability Management Resume
- Assess, streamline, or develop comprehensive Vulnerability Management and Application Security programs
- Understanding and experience deploying and using technologies such as Nexpose, Tenable, Fortify on Demand, Veracode, Burp, WebInspect and other penetration testing tools
- Hands-on experience with vulnerability management tools and strong technical understanding and experience assessing vulnerabilities and identifying weaknesses in multiple operating system platforms, database, and application servers
- High performance skillset which not only understands the threat spaces as it relates to risks, but also able to meet the technical challenge of communicating this out to our teams
- In a vulnerability management program. Knowing not only how to assess vulnerabilities, but prioritize and drive remediation of the same
- Communicate at the executive leadership levels. Understanding how to translate technical gaps to business risk is critical for communication in this role
Experience For Patch & Vulnerability Management Resume
- Experience in interacting with auditors and regulators
- Experience with PCI Data Security Standard (PCI DSS)
- Reporting gaps in a meaningful way that addresses a business risk as well as providing technical solutions to the operations teams in remediation is key
- Perform and oversee development of threat and vulnerability briefings. Experience in articulating results and identifying remediation activities with business and technical teams
- Manage Dun & Bradstreet’s Vulnerability Globally: Accountable and responsible for building and executing all Vulnerability initiatives required by D&B to operate globally, including driving day to day activities for the in-house security team and vendor/partners
- Responsible to research, develop and implement new vulnerability tools to Dun & Bradstreet toolbox
- Partner with Risk Team: Ensure security operations meet D&B and other compliance requirements
- Utilize a structured analytical process to identify and remediate infrastructure and Application vulnerabilities
Experience For Vulnerability Management Expert Resume
- Participate in the development of Vulnerability Management program documents
- Ensure compliance in accordance with Customer Requirement and Industry Standard
- Manage Technical Team. Take Ownership of the program and process
- Private and Public Cloud environments
- Continuous Integration/Continuous Deployment SDLC
- Big Data / Data Warehouse environments
List of Typical Skills For a Vulnerability Management Resume
Skills For Vulnerability Management Lead Resume
- Responsible for working to support hardware refresh, software currency, configuration compliance, and vulnerability remediation for all data, voice, and video network systems/platforms
- Organize and schedule work effectively, prioritizing critical tasks for immediate response
- Strong understanding of vulnerability management and security testing practices and methodologies
- Strong understanding of Internet security and networking protocols
- Experience in vulnerability managemennet and penetration testing security tools
- Experience in an operational environment with a focus on making key decision in a dynamic environment
- Experience in driving optimization of incident impact assessment and response times
Skills For Senior Manager, Vulnerability Management Resume
- Experience using open source tools such as Remnux, Radare, The Sleuth Kit, Kali, Volatility, Rekall
- Experience using commercial tools such as Ida Pro, Hopper, Binary Ninja, etc
- Strong understanding of common vulnerability frameworks (CVSS, OWASP Top 10)
- Experience defining legal boundaries for penetration tests
- Experience with Information Technology
- Experience on vulnerability scanning tools
- Experience with vulnerability and patch assessment
- Cleary communicate priorities and escalation points/procedures to other team members
Skills For Director of Vulnerability Management Resume
- Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes)
- Experience working in a military environment, particularly in a Command Center
- Experience in large scale Enterprise technology environments, Private and Public Cloud, Mobile and Application Security
- Solid and demonstrable comprehension of end to end Vulnerability Management workflow to include industry standards such as CVE, CPE, CVSS
- Experience in general information technology operations
- Related information security management experience
- Assessing and developing governance, reporting, scanning tool architecture, ticketing systems, and communication packages
- Maintaining current knowledge and understanding of the threat landscape and emerging security threats and vulnerabilities
Skills For Threat & Vulnerability Management Resume
- Developing and workshopping processes and runbooks for vulnerability identification, analysis, remediation, and reporting
- Understanding of system, application, and database hardening techniques and practices
- Understanding of process development and deployment of security tools
- Performing vulnerability assessments: Nessus, Qualys, Foundstone, Nexpose, Metasploit, Core Impact, OpenVAS, Kismet, etc
- Responsible for summarizing data, creating reports and designing remediation plans
Skills For Expert Vulnerability Management Lead Resume
- Alert – Early Warning - Awareness of new vulnerabilities and global threats, leveraging research and alerting services, with an objectives on
- Penetration testing using manual testing techniques, scripts, commercial and open source tools
- Detailed understanding of OS internals related to monitoring and threat detection covering Windows, Linux, and OSX
- Shell scripting in 2 or more of the following; Perl, Bash,PHP, WMI, SED
- Broad IT expertise coupled and understanding of financial services and impacting laws and regulations
Skills For Threat & Vulnerability Management Assosiate Resume
- Manage the compilation, cataloging, caching, distribution, and retrieval of data
- Conduct hypothesis testing using statistical processes
- Develop and implement data mining and data warehousing programs
- Support production of penetration testing scoping documents
- Leverage threat intelligence tools to expand understanding and profiles of new/emerging attackers
- Develop tools and technologies through programming/coding
Skills For Director of Threat & Vulnerability Management Resume
- Conduct internal and external CISO stakeholder meetings to ensure cooperation in identifying and remediating vulnerabilities
- Dynamic scans, static scans and penetration testing
- Be trained and proficient with one or more insider threat monitoring tools
- Detailed Windows/ nix operating system knowledge
- Own the end to end process and work with engineering on the tools to enable vulnerability discovery, compliance and coverage
- Conduct and/or support authorized penetration testing on enterprise network assets
- Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing
- Utilize different programming languages to write code, open files, read files, and write output to different files
- Develop test exploit code using high level concepts of vulnerabilities
Skills For RTB Vulnerability Management Resume
- Vulnerability impact modeling and mitigation
- Track lifecycle of security vulnerabilities, configuration management and coding
- Provide on-going support to the ISSO, ISSM, NCC, Server and Desktop Support teams to implement a Cyber Ready 365 posture
- Assist in the development of global information security technical standards, guidelines, and training
- Research, review and analyze network vulnerabilities, bugs, and defects
Skills For Patch & Vulnerability Management Resume
- Work with Cisco TAC to address network updates and bug fixes
- Hands-on knowledge on load balancer
- System analysis & development Already covered above
- Innovative and efficiency focused
- Performed vulnerability risk assessments on SCADA systems and remediation
- CISSP and/or CISA certification required
- Manage Consumer global security events that require remediation
- Perform root cause analysis for wide scale vulnerabilities
Skills For Vulnerability Management Expert Resume
- Manage relationships with the BU RTB and GIS teams
- Provide technical advice and guidance on IT security related queries when required
- Job Type: Entry Level, Management
- Configure the Scanners based on customer Network and systems
- Assign scan schedules and make sure scan perform in time
- Work with tower leads for timely remediation of identified Vulnerability
List of Typical Responsibilities For a Vulnerability Management Resume
Responsibilities For Vulnerability Management Lead Resume
- Hands on experience / knowledge of industry standards as they relate to Vulnerability Management and incident management and incident hanling
- Experience working in vulnerability management
- Supporting compliance and risk management activities, recommending security controls and corrective actions to mitigate vulnerability risks
- Driving requirements definition, evaluation, recommendation, implementation, and troubleshooting of tools used by the Vulnerability Management team
- Directing ongoing vulnerability assessments and penetration tests
- Build complex data structures and high-level programming languages
Responsibilities For Senior Manager, Vulnerability Management Resume
- Identify basic common coding flaws at a high level
- Use data visualization tools (e.g., Flare, HighCharts, AmCharts, D3.js, Processing, Google Visualization API, Tableau, Raphael.js)
- Apply programming language structures (e.g., source code review) and logic
- Certificate of training/course completion in current or recent versions of Windows, Unix/Linux, ACAS/Nessus, NMAP, and eMASS
- Work individually and as part of a team to deliver penetration testing services to a wide range of clients
- Knowledge of OWASP Top 10 and SANS Top 25
- Knowledge of Information Security elements and CBK
- Familiarity with analytic and visualization platforms such as Cognos or Tableau
Responsibilities For Director of Vulnerability Management Resume
- Experience in an operational role such as security operations, operations management, or production management with a focus on utilizing and understanding metrics and analytics
- Experience managing large highly complex security programs/projects with minimal 5+ years-of demonstrated experience in vulnerability management, application security scans, application remediation planning and/or incident response management
- Maintain deployable cyber defense audit toolkit (e.g., specialized cyber defense software and hardware) to support cyber defense audit missions
- Provide a managed flow of relevant information (via web-based portals or other means) based on mission requirements
- Provide recommendations on new database technologies and architectures
- Analyze data sources to provide actionable recommendations
- Develop strategic insights from large data sets
- Present technical information to technical and non-technical audiences
Responsibilities For Threat & Vulnerability Management Resume
- Present data in creative formats
- Provide actionable recommendations to critical stakeholders based on data analysis and findings
- Read, interpret, write, modify, and execute simple scripts (e.g., PERL, VBS) on Windows and UNIX systems (e.g., those that perform tasks such as: parsing large data files, automating manual tasks, and fetching/processing remote data)
- Accurately and completely source all data used in intelligence, assessment and/or planning products
- Conduct required reviews as appropriate within environment (e.g., Technical Surveillance, Countermeasure Reviews [TSCM], TEMPEST countermeasure reviews)
- Utilize technical documentation or resources to implement a new mathematical, data science, or computer science method
- Perform technical (evaluation of technology) and non-technical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications)
Responsibilities For Expert Vulnerability Management Lead Resume
- Subject matter expert (SME) in one or multiple areas such as Windows, UNIX, mid-range, mainframe, database, Cloud, Big Data
- Possess current IAM Level 3 certification (e.g., CISM, CISSP, GSLC)
- Familiarity with Government and DoD IT and security policies and requirements
- Analyze, develop, and maintain scope of vulnerability management and ensure that we are achieving 100% breath of coverage with high availability of the environment
- Develop dashboards and reports to monitor the scope of operations and lead efforts to bridge the gaps between scope and achieved coverage
- Processes and maintain adequate level of technical and analytical skills, to handle security incidents and threats that have the potential to introduce risk to sensitive/confidential data
- Familiarity with and ability to leverage various internal network, IT, and security platforms such as masscan, nmap, Metasploit, SCCM, GPO, FireEye, Tanium, Windows event logs, splunk, ELK, etc
Responsibilities For Threat & Vulnerability Management Assosiate Resume
- Deobfuscate and/or conduct basic cryptanalysis of potentially malicious content
- C|EH, CISA, or GSNA certification
- Develop solutions and solve complex/unique problems w/ regard to Visa’s Attack Surface
- Leadership in the continued evolution of a data model and data architecture to support the Vulnerability Management Program; devise and implement key risk indicators, metrics and reporting across all vectors with the goal of identifying current threats and Visa’s ability to defend against those threats
- Undertake tests remotely and on site, and produce high quality pre-test documentation and post-test reports in line with service procedures and quality management system
- Overall accountability for development, implementation, and effectiveness of vulnerability management and security testing programs, initiatives, and capabilities
- Establishing daily operations, regular communications, resource planning, providing guidance, relaying leadership expectations and leading team initiatives and activities
Responsibilities For Director of Threat & Vulnerability Management Resume
- Providing communications across the organization, interfacing with senior leadership on vulnerability remediation, driving security hardening best practices, and representing the Vulnerability Management team with customers and partners
- Developing and maintaining strong partnerships with other teams to drive end-to-end vulnerability remediation, ensure consistent customer experience, convey a positive and professional demeanor, and be a positive catalyst for leading change
- Assisting with strategic planning, providing input on capabilities and methods used for vulnerability management and security testing, and driving improvements
- Provide technical expertise for VMware information security policies and standards
- Experience managing vulnerability scanning tools (Nessus, Qualys, AppScan, Trustwave, Burp Suite, Nipper) and vulnerability management platforms (RiskVision, Kenna Security)
- Evaluate business risks and recommend appropriate information security measures
- Quickly adapt as the external environment and organization evolves
- Self-motivated, team player, and detail oriented
Responsibilities For RTB Vulnerability Management Resume
- Author/create and modify vulnerability checks by host and network based standards
- Engage/extract valuable information from vulnerability research communities
- Vulnerability engineer/security vulnerability engineer. Threat intelligence engineer
- Focus on proactive measures and automation
- Identify, analyze, and develop mitigation or remediation actions for system and network vulnerabilities
- Develop, document, and convey IAVM operational requirements to enhance capabilities to identify, track, and remediate system and network vulnerabilities as well as automated vulnerability management capability
- Monitor the progress of and collaborate with internal and external organizations to ensure IAVM operational requirements are fulfilled
Responsibilities For Patch & Vulnerability Management Resume
- Administer vulnerability mitigation and security activities to deliver 95% compliance for all messages, orders, and directives (e.g., IAVM, TCNOs, TASKORDS)
- Upon notification from AFDW Cybersecurity Offices, perform vulnerability mitigation activities, as required/mandated by the appropriate CNDSP, CSSP, PENTCIRT, NOS, DoD or 24th AF Component
- Configure, manage, operate and maintain AFDW assigned instances of automated vulnerability management systems (e.g., Microsoft’s System Center Configuration Manager (SCCM) and Automated Remediation and Asset Discovery (ARAD)
- Build, configure, and deploy vulnerability remediation packages for automated vulnerability management systems (e.g., SCCM, and ARAD), when not available from DoD and Air Force Enterprise service providers
- Coordinate with the corresponding 24 AF organizations (e.g., 83 NOS, 561 NOS, 26 NOS) and administer local level requirements to ensure that End Point Security (EPS) (a.k.a Host Based Security System (HBSS)) products are current and operational in AFDW host systems IAW USCYBERCOM, AFCYBER, and applicable DoD Orders or policies
Responsibilities For Vulnerability Management Expert Resume
- Manage vulnerability detection, assessment, and analysis
- Ensure ACAS servers are properly maintained and in compliance
- Manage vulnerability remediation and provide oversite for vulnerability mitigation and security activities
- Conduct vulnerability management for UNIX and/or Windows systems on AFDW owned section of the AFIN
- Coordinate vulnerability management actions and POA&M actions with system owners
- Draft, coordinate, and track POA&Ms with the local Cybersecurity office, AF, and DoD components as required to support vulnerability management efforts