Jon Oltsik: Aligning Security and IT Operations
Security researcher and analyst Jon Oltsik examines how some companies go too far with automation and capabilities, stressing the need for alignment between security and IT operations.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Why 2025 Marked a Turning Point for Exposure Management and for Nucleus
For years, the cybersecurity industry has told itself that vulnerability management has been improving. This story is centered around “more”: more scanners, more data, more dashboards. Despite this abundance, by 2025 the gap between activity and outcomes became impossible to ignore. Security teams were doing more work than ever but struggled to show that risk was actually going down.
Jon Oltsik: Shifting Left and Threat Informed Defense
Security researcher and analyst Jon Oltsik talks about the importance of shifting lift and employing threat informed defense in this short clip.
Jon Oltsik: Vulnerability Management is a Business Issue
Industry researcher and analyst Jon Oltsik explains why vulnerability management should be considered a business issue and stop being viewed as a technical issue.
An Industry Analyst's Take on Nucleus 3.0
In this episode of Nucleus Conversations, industry analyst and researcher Jon Oltsik unpacks the current state of exposure management, why so many organizations still struggle to manage cyber risk at scale, and the impact the recent Nucleus 3.0 releases will have for customers.
Looking Ahead to 2026: Why Cyber Economics Will Redefine the CISO's Mandate
Cybersecurity in 2026 will be driven by economics. Not hype. Not novelty. Economics. Attackers follow financial incentives and scale their operations faster than most enterprises can defend. CISOs must shift from reporting technical metrics to explaining business impact, guide safe AI adoption as Shadow AI grows, and design programs that emphasize resilience over perfection.
Kenna Lit the Spark on the Exposure Management Fire and It's Time for the Next Generation
When Kenna launched more than a decade ago, it reshaped an industry that had grown numb to vulnerability overload. Back then, vulnerability management meant looking at mountains of CSV files, scanner reports, and a never-ending backlog of unprioritized issues. Kenna introduced the idea that risk instead of raw counts should determine what gets fixed first. For many security teams, it was the first time they realized they didn’t have a vulnerability problem.
What's Next in Cyber Economics: 2026 Security Strategies from Industry Leaders
Security leaders are bracing for a pivotal shift in 2026. Attacker economics are evolving, extortion models are changing shape, and organizations are rethinking how they allocate resources to defend against more scalable and financially motivated threats. In this on-demand webinar, four industry experts break down the forces reshaping cybersecurity strategy and offer practical guidance for leaders preparing for the next wave of challenges.
Automating SLAs in Risk-Based Vulnerability Management: Turning Deadlines into Results
Many organizations set remediation SLAs, but static severity-based timelines and manual tracking prevent them from meeting those deadlines in a way that meaningfully reduces risk. This article outlines how automated, risk-based SLAs connect timelines to real exploitability, exposure, and asset value, turning deadlines into reliable, measurable outcomes. Key takeaways from this article.
Built for What's Next: How Nucleus Became the Exposure Assessment Platform for a New Era
For nearly a decade, we’ve been building Nucleus with a clear mission: to help security teams make faster, smarter, and more business-aligned decisions about what to fix first. When we started, the world called it vulnerability management. Today, the industry calls it exposure assessment. To us, that evolution isn’t just semantics, t’s the culmination of years spent redefining how organizations understand and reduce risk.