Last week I wrote about progress in cybersecurity policy and practice over the last decade. Yes, the world is more aware today in part because stuff has gone pear-shaped in cyberspace over and over. Naturally, reporters have risen to the task and written story after story about it. There is a veritable cottage industry about what Russia did with the interwebs. But beyond improvements in daily media reports, we’ve also seen an up-tick in major book-length works.

In this post, I explain the various factors in calculating the Illumio Vulnerability Exposure Score (VES), which allows organizations to combine industry-standard vulnerability scoring measurements with context from their own unique environment. The VES also helps security professionals prioritize security controls to minimize the exposure of the attack surface and potential impact of vulnerabilities.

Prior to joining Illumio, I spent two years on a writing fellowship at Berkeley’s Center for Long-Term cybersecurity and before that seven years at the Pentagon focused in large part on cybersecurity and cyber policy. For most of that time it felt like cyber folks were in a world of our own. Policy people assumed we were coders or engineers. The general public often assumed we were overreacting or, if not, hoped we knew what we were doing. In those early years we celebrated victories – the launch of U.S. Cyber Command in 2009, the President’s first international cyber strategy in 2011 – but the public didn’t pay all that much attention to the issues at stake. Like how some people erroneously see climate change, perhaps they saw cybersecurity as a future problem that was too complicated to address easily.  

Then things changed. 

#TeamIllumio recently took to the floor at VMworld 2018 — and micro-segmentation took center stage at our booth and at large. If you didn’t catch our glowing orange beacon of light and theater-style demo in action, relive it with us on this Flashback Friday.

This article was originally published on Forbes.com. Read part one of the series here. 

In part one of this two-part series, I talked about the similarities between protecting high-value assets in public spaces in the real world and in the enterprise. This includes the need to understand the value of the assets, how to reduce available pathways to the assets to minimize the potential attack surface and use security controls on the access points.