I work in cyber security (financial markets) and want to point out the use of a specific word -”vulnerabilities”. The good Colonel uses it quite often in his presentation.
Within the Cyber community, the use of that word indicates a very specific condition. It is not some vague condition that might be exploited. That is known as a “threat”. A “vulnerability” is a known, specific condition that:
- can be exploited
- or is known to be currently exploited
These exploitable conditions are used to gain unauthorized access to the underlying system. To me, this is a damn scary presentation.
I work in financial services (large multinational bank) and when we say "vulnerability" to our I.T. leadership they interpret it as a specific condition that exists in our environment that will be exploited unless deliberate and decisive action is taken to eliminate it.
Sometimes that means remediation, sometimes that means extra controls to monitor the condition to see if there are attempted exploits and other times if it's serious enough, it means the system/server/platform that has the vulnerability needs to be removed from service as quickly as possible.
There is at least one vendor who's VPN hardware & software solution contains a very nasty vulnerability that many firms even outside of Financial Services are running away from as fast as possible.
You likely already know who I'm talking about.