Home Chapters Sydney Chapter

FAIR Institute Sydney Chapter Online Meeting - May 18, 2021 12:00 PM in Canberra, Melbourne, Sydney

To remediate, or not to remediate, that is the question

Please register for the FAIR Institute Sydney Chapter Online Meeting on May 18 here:


The recent Microsoft Exchange hack has drawn renewed focus on patch management. Due to the critical nature of the Exchange server infrastructure and a strong recommendation from Microsoft and governments, the patch was rolled out rapidly across organisations under the emergency patching process.

Unfortunately, the battle in patch management is far from over. Wade Baker (probably best known as the creator of the Verizon DBIR) found in the 'Prioritization to Prediction' research reports that large enterprise could take up to 437 days to close 75% of known vulnerabilities in their environment. But there is light at the end of the tunnel. By leveraging prediction of exploration research to prioritise patching, Wade found that top performers in patch management can remediate the majority of their vulnerabilities 3X faster than the others. But who exactly are these top performers?

A number of vulnerability management vendors are offering proprietary patching prioritisation capabilities in their platform. These researches might provide some useful background and insights to better understand these capabilities.

Too good to be true?

You will have the opportunity to put these tough questions to Wade in the panel session moderated by Branko Ninkovic with fellow panellists Ian Cameron and Anu Kukar. The panel will explore the practical business challenges in patch management in large enterprises. Denny Wan will provide a quick summary of Wade's research and explain how FAIR can assist in explaining the prioritised patching approach to the business stakeholders. The panel session is conducted under the Chatham House rule and will NOT be recorded. Please secure your registration early through the Zoom registration link below:


About the panellist (in alphabetical order):

Anu Kukar has a strong interest in innovations in risk management and passionate about driving lifelong learning mindsets. She specialises in Risk, Governance and Compliance for cyber, data, tech and third-party domains.

She is an internationally recognised speaker having spoken at 40+ conferences and events in North America, Middle East, Europe and Asia- Pacific. She focuses on sharing practical and personal insights, with the aim of knowledge exchange two-ways.

A diverse executive with 20 years of experience in both industry and consulting at senior levels. She has worked across organisations in critical infrastructure (electricity, transport, health, media and telecommunications), FMCG, financial services, government and corporates.

Branko Ninkovic has over 25 years' experience specialising in software and cyber security. Branko is known for his innovative and collaborative approach and the key to Branko's success is his ability to develop strong, enduring partnerships which are outcomes-driven, providing value to all involved. Branko is also the Australian Information Security Association (AISA) Sydney Chair. AISA is a not-for-profit organisation with a membership of over 6000 security professionals nationally. Branko was the recipient of AISA's 2019 Branch Chair of the Year award.

Ian Cameron is Executive Manager for Cybersecurity Governance, Risk & Compliance at IAG. IAG is Australia’s largest general insurance company and sells insurance through brands such as RACV, CGU, Coles & NRMA. IAG employs approximately 13,000 staff and has a team of approximately 1,500 IT professionals and a dedicated team of approximately 100 cybersecurity professionals.

In his role at IAG, he is responsible for governance & assurance of the Group’s cyber security management practices to ensure effectiveness and coverage objectives are being met. He has numerous security industry certifications including CISM, CISSP and CRISC and is also a regular guest speaker at public events and guest lectures at Universities.

Wade Baker the founding partner at the Cyentia Institute, a professor in Virginia Tech's College of Business, and Advisory Board member for the RSA Conference and FAIR Institute. He is passionate in improving cybersecurity knowledge, practice, and products through data-driven research. He is perhaps best known for creating and leading Verizon's annual Data Breach Investigations Report series – widely regarded in the industry for understanding threat trends and prioritizing defences.

Sign In or Register to comment.