Hey everybody, Josh here. Welcome back to
my channel. I do a lot of videos on IT
cyber security education and career
things, and today's video is going to be
on vulnerability management. We're
actually going to be doing a
vulnerability management lab where we
install Nessus Essentials and we install
VMware Workstation Player, and set up
Windows 10 inside of a VM, install some
old deprecated software on it, and then
we're going to be doing some
vulnerability scans against that virtual
machine to kind of discover any
vulnerabilities that might be on there,
and then we're going to go ahead and
remediate one or two of those just so we
can kind of observe what's happening. I
figured this would be a good video to do
because there's like quite a few
vulnerability management jobs on
LinkedIn and I've gotten a
lot of spam from recruiters for these
type of positions, and actually the last
real job I had I was a vulnerability
management program manager for King
County here in Washington State so I
kind of did this on an ongoing basis for
a while. Basically what vulnerability
management is continuously assessing
your assets, discovering vulnerabilities,
remediating them to an acceptable risk,
and then kind of starting the process
over and over again to kind of make sure
the risk in the whole organization is
low or at least an acceptable level. So I
think if you kind of watch this video
and practice it a few times, you can get
pretty good at it and get an idea of how
vulnerability management might work in
like a larger corporation. This is
definitely something you can put on your
resume. It might look something like this.
So it will definitely help you out. So
yeah, if you're excited to learn
vulnerability management, consider
smashing that like button and let's get
started. So the first thing we're going
to do is go ahead and
download and install VMware Player. Now
you probably want to have like a
semi-decent computer to be able
to do this, maybe like at least eight
gigabytes of ram and maybe dual core
or something. But if you don't know about
any of that, just try to go ahead and do
it, and if something fails, then it fails.=
I suppose. But go ahead and download
VMware Player. I'll put a link to this in
the description. Just download
for Windows. I'm not gonna do it again
because I already have it, but just go
ahead and like click this, download it,
and install it. You can see mine started
downloading, I'm just going to go ahead
and cancel this. And then while you're
waiting for VMware Player to download,
we'll go ahead and download the Windows
10 ISO. That's basically a file that'll
let us install Windows 10 onto our
virtual machine. So again, I'll put a link
to this in the description as well, but
just go ahead and go to it, and then
you'll go to where it says create
Windows 10 installation media and you'll
say download tool, and when
this downloads, just go ahead and open it.
Don't be surprised if this takes a while
to like start up and download. So we'll
just say accept. And then we're going to
click
create installation media. We want to get
an ISO file so we'll say next. This looks
good. And we're going to say ISO file, be
sure to select this. And then we'll just
choose where it goes. I like this nice xp
pro ISO that I have. Go ahead and put it
in a folder, just remember what folder
you put in. So I'll just save it to my C:
_ISOs folder and then we'll
wait for this to finish. And while this
is going, we can actually
download and install Nessus
Essentials which is going to
be the vulnerability scanner that we use
to actually conduct our scans. So I'll
put a link to this in the description as
well, but you can probably find it on google.
And just basically like fill this thing
out. After you fill this out, you'll be
able to download it and it will send
like a key to your email, so just go
ahead and- actually I'll just do it. Just
fill this thing out, cool. So it will send
an email inside of your email, I can't
show it because it has a key and like, I
don't know, so inside of your email
there'll be like a button that says
download Nessus and then there will be a
key. Go ahead and click the button to
download Nessus and it will take you to
a page that looks like this, and just
click on Nessus. And we already have an
activation code, it should be in your
email, so we'll pick the one for, this one,
it says Windows Server 2008 blah blah
blah, and then it says 10 in here. So
we'll download this. Just say agree and
then, you know, download it anywhere. And
then meanwhile, remember in the
background, Windows 10 should be still
downloading. Virtual VMware Player might
be downloading still too, so we just have
to install that on your own. I'm not
going to show it on the screen because I
already have it installed. Here we are at
the Tenable setup, so we just say next,
accept, and just accept this location, and
then go ahead and install it, and then
say finish.
And then it's going to kind of show
this like socket up here like localhost
in the port. I would recommend saving
this URL because it's kind of
annoying if you lose it, so just save it
in like a notepad somewhere or something
like this. And then we'll say connect via
SSL, and just say advanced, and then say
proceed. And this takes a while to set up
the very first time. It has to like
initialize and install things, and I
assume, download a whole bunch of
definitions or something like this, so
just go get like some coffee or
something while you wait for
this to happen because it will take a
while to do. And we're going to say
Nessus Essentials. It's essentially free.
You can read the, I guess, license
agreement if you want, but we're going to
install Essentials. And then just fill
this thing out and we'll get an
activation code. I believe I have one
already. It should have emailed it to
you actually. It should have emailed the
activation code to you so maybe skip
this, and then just paste the activation
code that was in your email
that you already received, and just
continue. And then this is where you're
going to set up a username and password.
Just make sure you don't forget this. It
might be troublesome, you know, if you
forget it, you'll have to reset it or
something like this. So just set up a
password, I guess. And this is the part
that takes a while, so just, you know, go
get coffee or sandwich or something, and
we will meet back here. Okay so while
this is still installing and
initializing and doing everything that it
needs to do, let's go ahead and set up
our virtual machine since this is going
to take some time anyway. So by now you
should have downloaded and installed
VMware Workstation Player. So we'll just
go ahead and open this up and check on
your Windows 10 ISO download. It should
be finished by now as well, maybe it
looks something like this, and then it
shows you like where it's at the C: ISO
Windows dot or yeah, wherever you put
yours. So just take note of this and
we'll say finish, cool. And then we're
going to create a new virtual machine
inside of VMware Workstation Player.
We'll go to player and then file and
then new virtual machine. And then
for the installer we're going to say
browse, and then we'll just browse to
wherever you downloaded the Windows 10
ISO. So this could probably be named
something better, but that's okay. So
we'll say next, and just name this
something appropriate. This is fine. This
location's fine. I guess you can change
it if you want. So we'll say next. Maximum
disk size, this is fine. We're not
gonna really put anything on it, I'm just
gonna set mine at 50. And then we'll
go to customize hardware, and for memory
like if you don't know how much RAM you
have, maybe just like leave this as it is.
I'm going to increase mine a little bit.
I'll increase this a little bit. If you
don't know about your CPU, just leave it
as is. But we do have to change the
network adapter. We should change it to
bridged. Without explaining too deeply,
bridged kind of puts this virtual machine
on the same network as your actual
physical computer, so your nessus
implementation can talk to the
virtual machine
more easily. This looks good. We'll close
this. And this is good, power on after
creation, we'll just say finish. Kind of move
Tenable
to the side.
And then after the VM finishes getting
kind of created, it's going to launch and
then we're going to have a chance to
install Windows. Be sure to press any key
to boot into the ISO when it asks. And if
your cursor is gone, you can see
in the lower left it says like press
control alt to release your cursor, and
then you can get your cursor back. So
we're just going to install Windows 10.
So we'll just say next, install, and say I
don't have a product key. You can close
this message down here. And just pick
Windows 10 Pro and say next, and we'll
say accept, say next, and say custom, and
then this is our blank hard drive, so
click on that. It's the only one you can click
and just say next. And then this will
take some time to install too, so I'll
kind of come back when one of these
finishes. Cool, so it looks like both
finished now. I'll just finish setting up
the VM. I will say yes and US and skip.
And for Nessus we'll just kind of,
we'll close this thing here, and then
we'll just kind of wait on this
until we finish setting up the virtual
machine.
And we'll say set up for personal use,
and next, and then we'll say offline account,
limited experience, and then just name,
I don't know, just name it like admin, and
make a password, but just remember
what it is. Make it like something simple
because we're going to use this later
for the credentialed scans, so just
remember what it is. It's troublesome, you
know, if you forget it.
Just make up something for these
if it asks you. This is just like, you
know, a junk VM, no one cares. Say no for
all of these things. Not now. Cool, okay.
Now everything is totally set up. We have
our VM here and then we have our Nessus
Essentials set up and ready to go. So for
now we're just going to do a kind of
basic scan against the virtual machine.
There's, we're going to do a credentialed
scan later which I'll kind of explain,
but I just want to make sure we can scan
it and make sure we can kind of get some
kind of result back. So before we do that,
I'm going to go to the VM and like get
the IP address from it. So go, make sure
to go to the VM, not your actual computer,
but go to the VM. Click start, open up
command line, and then we will type
ipconfig just to get the IPv4 IP address.
And we're going to ping this from our
local machine just to make sure that we
can reach it, I guess, essentially. So open
up the command line on your
PC, and we will just say, we'll just ping
this IP address. So we'll just say ping
10.0.0.189 and then we'll do -t
which means like perpetual ping, like
keep going forever until we cancel it.
And we see like it's timing out, so
we just have to disable the firewall on
our virtual machine here. You might not
want to do this in production, it just
depends on like what other controls you
have in place. So we will minimize this,
we'll go to our VM here, and then we will
type
wf.msc, it's this Windows firewall
microsoft something console, can't
remember. So we'll open the firewall and
we're just going to do a lot of this
stuff for our lab. So we'll go to
defender firewall properties, and just on
these first three tabs, we'll just turn
all three of them off. Like domain
profile off, private profile off, public
profile off, and we'll just say okay here.
The firewall is off. And then we notice
that the ping is kind of going through
on our local computer here. So we can
press ctrl c to cancel this. And we'll
just copy this IP address. This is the IP
address of our VM. We will close this. And
then this is our Nessus Essentials.
Essentially it's like a web app
essentially, so we'll go back to this and
then we're going to create a new scan. So
we'll just do a basic network scan here.
And so we'll just name it like, I don't
know, Windows 10 single host, something
like this. And then for targets we'll
just paste, this is our virtual
machine's IP address, so we'll just kind
of paste it in here. We don't really need
to change anything else on here. We're
just going to do like a manual scan, but
you know, take note that you can do
like a scheduled scan if you're working
in an organization, you want to scan like
every x days or like every Tuesday or
something like this. Port scan common ports,
port scan all ports, obviously all
ports going to take longer, you can
customize it. There's a bunch of settings
that you can kind of explore in here on
your own. And there is, there's also
this credentials page which we'll get
into in a little bit, but basically you
can, we won't do this yet, but you can
enter credentials in here like the
username and password that we made when
we created the virtual machine, and then
the scanner will kind of go into the
machine more deeply and like look
through the registry and the file system
and like more things. And the reason for
this is you can kind of discover more
vulnerabilities if you have like
deprecated software or insecure services
or something like this running.
This is what this kind of credentialed, the
credentials page, is for. But right now
we're just going to do like a basic
network kind of port scan. It's not going
to be too deep. Just want to make sure we
can scan it and get some kind of
information back. So we have our IP
address and we will just say save. We'll, oh,
remove this credentials, oops. And then
just say save. And then this is our, this
is our scan. It's not running, it's
just kind of like a scan that's
configured that we can run in the future,
so we'll just go ahead and click launch
now and launch the scan. And I believe
you can kind of sometimes see
the progress of it like if you click it,
you can see, you know, what it has done so
far. It makes like little logs and then
the findings will kind of be on this
page, but we can just go back. Click back
to my host and then back to my scans, and
we'll just kind of wait for this to
finish. Cool, so we can now see that our
scan has finished over here. It says like
today and there's like a check mark. So
we can just kind of click this to look
at the individual results for it, and you
can see like down here like blue is info,
green is low, medium it's yellow, etc. And
depending on the organization you work
for, like a lot of people, a lot of orgs
like won't even, depending on what they
are, a lot of orgs won't even like really
touch medium or lows because they have
like so many criticals and highs that
kind of take precedence. And because we
didn't use any credentials for our scan,
we don't really see that much of what
might be actually vulnerable inside the
VM, but we do see like some things here.
So we can click
vulnerabilities up here and just kind of
look through these a tiny bit. We can see
like SMB signing is not required. If
that's something that your org cares
about, you can kind of read about it here
more, and consider like implementing
implementing the solution to
kind of remediate this vulnerability.
There's other kind of interesting things
in here. Traceroute information, it's
listed as info, means it's not
could not necessarily be a vulnerability,
but just something you should be aware
of, that you can see traceroute information
which means like ICMP is
accepted on this particular host.
And down here we can see
target credential status by
authentication protocol, and it says like
Nessus was not able to successfully
authenticate to the remote target
because we didn't actually provide any
credentials, and we can see that down
here. SMB was detected on port 445,
means it's listening on 445, but we
didn't provide any credentials. That's a
kind of vulnerability, that's a
vulnerability scan, some basic results. So
the next thing we're going to do is
we're going to, we're going to set up the
virtual machine to be able to accept
authenticated scans, and then we're going
to provide some credentials to Nessus,
and then we're going to try to rescan
the virtual machine with credentials, and
then kind of compare the results of the
new scan which with these ones that
we're looking at here. So we'll go back
to my scans. Actually we'll go back to
the virtual machine here, and then we'll
open up
services.msc. And there may be better
ways to do what I'm doing like
especially if you're in like a corporate
environment. I got these steps from
Nessus, the things that they recommend to
actually do credentialed scans against
Windows hosts that are not on the domain.
So that's kind of what we're
using here, so I'm just going to first
I'm going to enable the remote registry.
The remote registry which will allow the
scanner to connect to this computer's
registry, and like kind of crawl through
the registry and look for insecure
configurations like maybe deprecated
cypher suites that might be enabled. You
can enable and disable those in the
registry, so I'm just going to enable
remote registry so our scanner can
connect to the registry. So I enabled it
and I turned it on, and then next we're
going to, be careful when you close this so
you don't close the actual VM. I'm just
closing like the window inside. I'll
close the firewall. And the next thing, I'll
enable file and printer sharing so, oh it
looks like it's possibly already on. Turn
on sharing so anyone with network, I
don't think public folder sharing needs
to be on. I was going to turn this on but
it looks like it's on already. Turn on
network discovery, file, and printer
sharing, oh, looks like it's already on. If
yours are not on, just make sure to turn
the file and printer sharing on.
And then we will go to user account
control, and this is not good to do,
but our computer is not on the domain so
we have to do these kind of hack things
to be able to scan it. So I'll disable
this, say okay, say yes. And then we're
going to open the registry and then
add a key that's supposed to allow the
remote account to like connect in. And
next we're going to connect to the
registry and add a key that's supposed
to I guess further disable user account
control for the remote account we're
going to use to connect to this
computer during our scan. So just go to
start and type regedit. Again, I got this
documentation from Nessus, I'll put a
link to it in the description. So we will
browse to a local machine here, so we'll
go to local machine, software, Microsoft,
Windows, current version, policies, system,
and then inside here we'll create a
DWORD called local account token filter
policy, so
local account token filter policy, local
account token filter policy. We'll say enter
and then we'll set this value to 1, and
we'll close this. And we'll go ahead and
restart our virtual machine at this
point. Cool, and then we'll log in,
remember our username, I made mine admin,
and then whatever your password is, just
make sure you don't forget it. And we
should be ready to scan our computer now.
We're going to edit this scan that we
made, so go back to Nessus Essentials, and
then we will, oh, so check this box next
to the scan, and then go to more, and then go
to configure, and then we're going to add
a set of credentials to this, and we're
going to add Windows credentials. So
we're going to use password, and remember,
our username is admin, so if you go to
the VM and go to cmd and type like
whoami, the name is
admin right, so we'll say admin, and then
whatever you made the password. And I
believe,
I believe we can like leave all these
things as default, if it breaks, I mean
maybe we can come back and configure it, or
if it doesn't work, we can check it. So
we'll save this as it is. So it saved, and then
we'll go back, and back to scans, and then
we'll run this scan one more time.
When this finishes, we'll compare the
results with the first scan, and
technically we should see more results
with this one because we enabled
credentialed scanning and we kind of
configured the VM to accept remote scans.
So we'll see what happens, so I'll just
pause this and I'll come back, I'll pause
the video and come back when it finishes.
Okay, it's been a few minutes and it
looks like our scan is finished here. So
we will click on this, and we can see
like immediately, remember last time we
we had like one medium and a bunch of
infos. Now we have like seven criticals,
38 highs, and, you know, four mediums, and a
whole bunch more infos. It's pretty
interesting, so before we like really
dive into the vulnerabilities and all
this. I'll just click on history over
here really quick. And this is the
current one and you can see the
vulnerabilities down here. You can see,
you know, five percent criticals, etc. And
then if we click on our first scan, we
can see like we didn't use credentials
for this, so we couldn't look at the file
system or the registry or any other
running services or any of that, so
you can see there's like a big
difference in doing credentialed scan
versus like uncredentialed scans. So this
kind of like solidifies the importance
of running credentialed scans whether or
not you're like scanning Cisco devices
or like Linux machines or like Windows
machines or Macs or whatever. If you can
use credentials, you can really like
discover more vulnerabilities. So I'll
just click on the vulnerabilities tab
here first, and we'll just kind of like
look at these a little bit. We can see
like this is essentially the
list of findings, and some of these
are mixed, so if we click on this, for
example, we can see it's like a
combination of like mostly criticals and
highs, and you can see it's like mostly
Edge, mostly Edge which can probably be
remediated from like updating, running
Windows updates essentially. And you can
kind of look at these individual ones
and dive more deep into them to
see like what the actual thing is and
like how to fix it.
So we can go back a little bit. We'll
back up a little bit more. So
vulnerabilities around Edge, around
Windows, around a bunch of other stuff.
If we click on remediations, this tab
kind of gives us like a high level like
instructions on how to like remediate
most of the findings from like a really
high level, basically just like run
Windows updates is what I'm
seeing here. So security updates,
install this KB to fix a bunch of other
ones, and then all this is pretty much
Windows updates. And this VPR top threats,
these VPR top threats is essentially
what Tenable is like recommending we
prioritize to remediate probably based
on CVSS score and like whatever other
metrics they use. So like I would say
before like, if I were
doing this in like an organization,
like the first thing you want to do is
like make sure you have third-party
patching and like Windows OS patching
like set up properly and like properly
being like tested and deployed on
regular intervals, so you don't have to
like kind of go through and deal with
these like individual vulnerabilities
that are related to things
that can be easily fixed by like
automated patching and stuff like this.
So before I start like
remediating these and fixing them, I'm
gonna install some like deprecated
software on this computer like a really
old version of Firefox, and then we're
gonna kind of run another scan, and then
observe the results from that as well. So
I'm gonna get this old version of
Firefox. I'll put a link to it
in the description, I was gonna say I'm
worried about doing that, but I'll put a
link to it in the description. It's
really old, from six years ago apparently.
So we'll just download this Firefox
3612. And make sure to do this, make sure
you're doing this in the virtual machine.
Don't accidentally do it on your
computer, and that's
what I'm actually doing, so make sure
go to the virtual machine. So we'll open
up Edge in our virtual machine, and then
we'll paste, oh no, I can't paste it? I'm
just gonna search like download
deprecated Firefox. I shouldn't
use the word deprecated. I'll
say download old Firefox, and
I think I can click here and do it.
Still want to downgrade directory, I'll go
to directory of all old ones and then
I'll get 3612. This is random by the way,
you can get any old version that you
want. I'm just using this one because I
did it already. win32, en-US, and
I'll get this. So we'll open this, and
then install this super old version of
Firefox. We'll say next, standard, sure, and
then sure, we can launch it, I guess,
yeah why not. Cool, so this is old, old
Firefox, so now we have an old Firefox on
our computer, so we'll close this. This is
our virtual machine remember. Here's
Firefox. And then so we will go back to
our scans here. This is on our host
machine, and this is Nessus so we'll go
back to our scans, and we don't need to
change our scan anymore. We'll just click
launch and it will just run another scan.
It will do the same thing scan all, scan
the common open ports, inspect the
registry, inspect the services, and then
inspect the file system. It's going to
discover this old deprecated version of
Firefox. There's like a million
vulnerabilities in it probably, so
hopefully we'll see that reflected
in the scan results when this finishes
here in a couple of minutes. Okay, it's
been a couple more minutes and our scan
is finished, so we can click on this
again, and we'll see like our
vulnerabilities like went up to 68
critical now. So before we kind of dive
into these, again, we'll check out the
history just so we can see like a trend
in these. So this is the first one in the
bottom here we can see only info, no
credentials provided. Second one is our
credentials provided, and we, you know, we
have a little bit more, we have some
criticals discovered and some highs. And
then we installed Firefox, like a really
old one, and then this is our current
scan. There's like a bunch more criticals,
whole bunch of criticals, so we'll go to
the vulnerabilities tab here.
And then we can kind of see this one at
the very top mixed with Firefox and
total count of like 141, so if we click
on this, it's just absolute chuck full
of criticals just because that version
of Firefox is like so old, it has so many
vulnerabilities. And it's not like you
have to like go through like fix each
one of these one at a time, you can
either just like upgrade Firefox to the
latest one or just like completely
uninstall it and it will remediate the
vulnerabilities. So we can click
remediations, we pretty much see the same
thing as last time except for at the
very top now we have a recommendation to
upgrade Firefox. And then again this VPR
top threats, we have this kind of
Firefox in here. Again, history, first scan,
no credentials. Second, credentials,
default Windows install. Third scan,
Firefox, old Firefox, whole
bunch of vulnerabilities that need to be
remediated. So the next step we're going
to, we're just going to try to remediate
as many of these vulnerabilities as we
can by doing like really simple things,
like we're just going to uninstall
Firefox totally, and then we're going to
just essentially like run Windows
updates until there's no more updates
that need to happen essentially. So we'll
go to our virtual machine here, and then
we can go to appwiz.cpl, that's like a
kind of shortcut to go to this thing.
So we can go to Firefox, I'm just going
to uninstall it to be honest. So uninstall
Firefox, and then I'll go to Windows
update, and let's see
I guess I'll just manually check for
updates, I'll leave the settings to like
whatever they are. And then you can do
this too just keep like running Windows
updates, and you might have to like
restart and then run it again then
restart and run it again. I'll pause this
and I'll just kind of like let the
updates happen, then I'll come back to it
again. Okay, it updated for a while and
it's asking for a restart, so I'll just go
ahead and restart and repeat the process.
Okay when it comes back up, just go ahead
and log in again, and go to Windows
updates again, and just click check for
updates one more time just to make sure.
Okay, it looks like it's installing some
more, so I'll go ahead and pause this and
kind of let this continue. So it actually
looks like the updates are done, so we'll
go back to Nessus, go back to my scans,
and we'll run our scan one more time. So
we should expect to see a lot of the
remediations done, there should be a lot
less highs and criticals like Firefox
should be gone, like all the Windows
updates should be no longer required, but
we will let this finish, and then check
it out in a couple of minutes, or for you
it will be instantly because I'll edit
this out. So our last scan has finally
finished, so let's check this out. So
we'll click on this and before we like
really dive in deep, we can kind of see
there's some highs and some
criticals and highs, but we'll go to
history over here, and this is our
current scan, and this is the last scan
right here before we uninstalled Firefox
and before we updated Windows, so we can
see there's quite a bit more mediums,
quite a bit more, sorry, there's quite a
bit more criticals, quite a bit more
highs. So current, after removing
Firefox and running Windows updates, and
then before. So there's quite a bit less, and
this scan right here, this is the
default install of Windows and then this
is the current one after updating
Windows. So current or default and then
current. So we can kind of dive into
these like a little bit, it looks like
the remaining vulnerabilities, most of
them are around Microsoft Edge. It looks
like maybe Windows update didn't update
Edge for some reason. We can check
this one, a bunch of highs, I can't
read these. Microsoft 3D Viewer Base 3D
Code something. Maybe this is some like
native app that's installed, oh yeah, it
is. So it looks like there's some like
random stuff that's still on this
virtual machine that maybe it's like out
of date or something like this, and
you can just kind of look through this. I
won't like do any further remediations
because this video is getting kind of
long so, but maybe you could consider,
you know, figuring out exactly like how
to update Microsoft Edge or like
uninstall it if you're allowed to do
that like, I don't know. But yeah, it's
pretty interesting to kind of
experiment with this and like install
like really old stuff, or maybe even
like get a hold of like a Windows XP ISO
and install Windows XP, right, and scan
that and see what kind of like swiss
cheese scan results like come back. It's
like going to be absolutely full of
holes, but yeah that is vulnerability
management. And those are kind of like the
really kind of the core components of
vulnerability management just like
scanning and remediating, scanning and
remediating, but, you know, a lot more goes
into it because you have to have like,
you know, when you work at a big
organization, you usually will make some
kind of standard and like policies and
procedures, and you have to kind of bring
all the departments in and work with the
individual groups to like get
credentials for all their individual
resources, or maybe you use like a domain
account to scan everything, and it
gets a little bit more complicated when
you're in a large organization, but this
is pretty much the guts of it,
just like scanning stuff, finding
vulnerabilities, and then essentially
remediating them. You want to automate it,
as much of it as you can as possible
like updating like the third-party
apps and like Windows update and this
kind of thing. And you want to have like
a secure build standard, so like make
sure the build is like already like
remediated and like secure enough before
it goes into production to kind of
reduce the amount of vulnerabilities
that get introduced, but now that you've
kind of like watched this you have a
pretty good idea, I would say, of how
vulnerability management works, so you
can, you know, practice this a bunch, and
consider like reading up on how to
implement vulnerability management on
like a large organization, and then you can
like put something on your resume that
might look something like this, and then
go ahead and start applying to jobs that
are looking for like vulnerability
management engineers or vulnerability
management analysts or like whatever
they're calling them because it's a
relatively like straightforward process.
It's pretty easy technically speaking.
Like the hard part about
vulnerability management usually comes
from like dealing with the humans and
like getting everyone to like coordinate,
that's like really difficult. But yeah, I hope
you enjoyed this. If you
thought I was interesting, you know I'd
appreciate if you liked and consider
subscribing, and if you have any
questions or comments, criticism, please
like let me know in the comment section.
I 100% read all the comments every time. I
respond to everybody's comment. If you
feel like supporting me, I do have a
Patreon, but other than that, thank you so
much for watching and we will see you in
the next video, bye bye.
[Music]