(10/19-6/20)
Challenge
Remediate CVEs without specialized resources.
Action
An annual process around springtime, I worked with corporate IT and its security consulting company acting in Red/Blue Teams to navigate rules of engagement, coordinate a window for the penetration tests, and then fix the identified CVEs.
Lacking other resources to replicate the penetration findings, I discovered and leveraged cobalt.io and detectify to reproduce an understanding of the vulnerabilities in order to create tickets for engineers to address.
Result
Remedied High severity vulnerabilities within 30 days and added those with Medium severity to the backlog.