Customer Interview: Jermaine Blyther, Associate Director at Carrier Corporation
My name is Jermaine Blyther. I’m Associate Director for Attack Surface Reduction. So I take care of items such as vulnerability management, penetration testing, and web application scanning.
What problems led you to search for a solution like NopSec?
Prior to NopSec, we utilized spreadsheets for everything vulnerability management. We would conduct vulnerability scans. Then we had to figure out who the owners of those particular applications and assets. And then we sent out spreadsheets. So there was no real way to track those asset vulnerabilities and there was no way to prioritize remediation of those assets.
What did you do to address the problem before NopSec?
When celebrity vulnerabilities came out, that would be the first thing that we prioritized. But other than that, we would just go off of the severity level of the vulnerability. However, with NopSec, we had situations where there could be a severity level three and that was upgraded due to the asset that the vulnerability was on. Without NopSec we would not have known that.
Why did you decide to purchase NopSec?
It’s hard to give a team just thousands of patches for them to deploy. So the ability of NopSec coming in and prioritizing those assets based on celebrity vulnerabilities or vulnerabilities that impact the assets that have our highest criticality was key for us.
How has NopSec impacted your company?
We’re not giving teams, you know, just spreadsheets full of vulnerabilities. We’re only giving them what they need to concentrate and work on. Being able to see what controls are in place, drilling down on lower level patches, we can just provide what’s critical to the organization at that particular time.
What other benefits are you reaping with NopSec in place?
One thing that NopSec is awesome about is actually drilling down on the organization itself. So NopSec isn’t just a cookie cutter out of the box solution. So they worked with us. If we had ideas, NopSec took those ideas and went to their development team and made the solution work for our team, whether that was in the dashboard or different configurations. So NopSec was a key player in our vulnerability management program throughout this entire process.