VulnWise

VulnWise

Welcome to VulnWise – your resource for conquering the chaos of vulnerability and exposure management. Hosted by Steve Carter and Scott Kuffer, two cybersecurity startup co-founders, our bi-weekly podcast features best in class cybersecurity experts from top organizations to discuss strategies, insights, and trends in vulnerability management and cybersecurity. From managing risks to staying ahead of emerging threats, we tackle the topics that matter most. Whether you're a seasoned professional or just starting out, join us every other week for actionable advice and inspiring conversations.

Recent Episodes

View all
Vulnerabilities, AI, and the Human Factor with Dr. Nikki Robinson
7
May 13, 2025

Vulnerabilities, AI, and the Human Factor with Dr. Nikki Robinson

In this episode of the VulnWise show, Steve Carter and Scott Kuffer engage with Dr. Nikki Robinson to discuss the evolving landscape of vulnerability management. They explore the significance of the CVE program, the impact of human factors on cybersecurity, the role of AI, and the importance of automation in vulnerability management. The conversation also delves into the future of vulnerability chaining and attack path mapping, highlighting the need for organizations to adapt to these changes in
Listen to the Episode
VulnWise S1E6: Into the Minds of CISOs, Analysts, and VM Practitioners with Jon Oltsik
6
April 24, 2025

VulnWise S1E6: Into the Minds of CISOs, Analysts, and VM Practitioners with Jon Oltsik

In this episode of the VulnWise Show, hosts Steve Carter and Scott Kuffer engage with cybersecurity expert and semi-retired analyst Jon Oltsik to discuss the evolving landscape of vulnerability and exposure management. They explore best practices derived from conversations with CISOs, the role of AI in vulnerability management, and the persistent challenges of prioritization. The discussion also delves into incident response processes, the significance of threat modeling, and the implications of
Listen to the Episode
VulnWise S1E5: Vulnerability and Exposure Management with Johnny Shaieb
5
April 2, 2025

VulnWise S1E5: Vulnerability and Exposure Management with Johnny Shaieb

In this episode of the VulnWise Show, hosts Steve Carter and Scott Kuffer engage with Johnny Shaieb, Chief Architect of Exposure Management at IBM. The conversation delves into the evolution of vulnerability management, the shift towards exposure management, and the importance of asset management in cybersecurity. Johnny shares insights from his extensive experience in the field, discusses the concept of a Risk Operations Center, and highlights the significance of normalizing data for effective
Listen to the Episode
Patching and Bug Bounty Programs with Rishika Hooda
4
March 10, 2025

Patching and Bug Bounty Programs with Rishika Hooda

In this episode of the VulnWise Podcast, Scott Kuffer and Steve Carter talk to Rishika Hooda, a senior technical program manager at Google, who shares her extensive experience in cybersecurity, particularly in managing Android's patching and bug bounty programs. The conversation delves into the complexities of vulnerability management at scale, the importance of prioritization, and the challenges faced by large organizations in maintaining security. Rishika emphasizes the need for transparency,
Listen to the Episode
The Intersection of Threat and Vulnerability Intelligence with Eli Woodward
3
Feb. 24, 2025

The Intersection of Threat and Vulnerability Intelligence with Eli Woodward

In this episode of the VulnWise show, Steve Carter and Scott Kuffer engage with Eli Woodward, a seasoned cyber threat analyst, to explore the intricate relationship between threat intelligence and vulnerability management. They discuss the evolving role of SOC teams, the discrepancies in vulnerability exploitation reports, and the importance of prioritization in vulnerability management. Eli shares insights on evaluating CVEs, the impact of AI on security operations, and his experiences at the N
Listen to the Episode
VulnWise: Compensating Controls in Vulnerability Management with Caleb Hoch
2
Feb. 10, 2025

VulnWise: Compensating Controls in Vulnerability Management with Caleb Hoch

In this episode of the VulnWise Show, hosts Scott Kuffer and Steve Carter dive into the nuanced world of compensating controls with cybersecurity expert Caleb Hoch, Principal Security Consultant at Google Mandiant. Caleb shares his insights on effectively leveraging compensating controls in vulnerability management, balancing risk, and addressing challenges in complex environments. From proactive strategies to validation techniques, this episode explores how compensating controls can help secure
Listen to the Episode
View all Episodes

About the Hosts

Steve Carter Profile Photo
Steve Carter

CEO and Cofounder at Nucleus Security

Steve Carter is co-founder and CEO of Nucleus Security. Steve has spent over 25 years in cybersecurity, helping organizations build, optimize and scale enterprise vulnerability management programs. Prior to founding Nucleus, Steve was a founding partner of Rampant Technologies, a defensive cybersecurity service provider for large federal agencies and private sector organizations. Steve holds a Master’s of Computer Science from Florida State University.

Scott Kuffer Profile Photo
Scott Kuffer

COO and Cofounder at Nucleus Security

Scott Kuffer is co-founder and COO of Nucleus, operating as a hands-on technical executive, building and managing the security software aimed at optimizing the vulnerability management process. Prior to founding Nucleus, Scott was a Security Engineer at Rampant Technologies, providing security, systems, and software engineering services to the Federal Government. Scott holds a Master’s of Cybersecurity Management and Policy from Embry-Riddle Aeronautical University.