PLAY PODCASTS
To CVE or Not to CVE?
Season 2 · Episode 3

To CVE or Not to CVE?

OT After Hours · Verve Industrial, a Rockwell Automation Company

April 23, 202546m 35s

Audio is streamed directly from the publisher (traffic.libsyn.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.

Original episode page

Show Notes

In this episode, we explore how often OT teams really need to refresh asset-inventory data and what MITRE's near-miss funding lapse for the CVE program means for vulnerability management.

Join host Ken Kully, Systems Support Lead at Verve Industrial, and his guests Natalie Kalinowski (OT Security Specialist), Lance Lamont (Team Lead, Special Projects & Protocols), Andrew Wintermeyer (Senior ICS Architect), and Tyler Bergman (Principal Security Consultant) as they discuss scan cadences, change-detection value, and building redundancy into threat-intel pipelines.

Key Takeaways

  • Context drives cadence. Fan speed may need minute-level polling, firmware often does not.
  • Redundancy is resilience. Blend NVD, CISA, MITRE, and vendor advisories to survive feed outages.
  • CVE is a language, not the cure. Losing it wouldn't add vulnerabilities, but it would cripple prioritization.
  • Change detection turns inventory data into real-time alerts for unauthorized config tweaks.

Timestamps

00:00 – Introduction and sound check

03:30 – Why "asset-data freshness" landed on today's agenda

04:10 – MITRE CVE funding scare: what happened and why it matters

10:50 – OT vs. IT views on vulnerability backlog and enrichment

18:00 – Mapping scan frequency to business need

24:40 – Change management and configuration-drift detection

33:00 – Diversifying data sources beyond NVD

38:50 – The proposed "CVE Foundation" for long-term stability

42:40 – Building redundancy into threat-intel pipelines

44:50 – Listener poll results: hard-rock "Legacy Code" wins

46:15 – Sign-off and credits

Listener Q&A

We're happy to announce that the hard rock version of Legacy Code on the Conveyor Belt was far-and-away the fan favorite! Download it now!

Guest Information

  • Natalie Kalinowski: OT Security Specialist at Verve Industrial; leads proof-of-value engagements and vulnerability mapping.
  • Lance Lamont: VP, Solutions Engineering at Verve Industrial; directs driver development and asset-inventory strategy.
  • Andrew Wintermeyer: Senior ICS Architect at Verve Industrial; designs secure network architecture for critical infrastructure.
  • Tyler Bergman: Principal Security Consultant at Verve Industrial; focuses on risk prioritization and framework alignment.

Subscribe

Follow and Subscribe

Get in Touch

LinkedIn | YouTube | Twitter/X | Contact Verve I Listener Q&A

← All episodes of OT After Hours