The often-overlooked truth in cybersecurity: Seeing the Unseen in Vulnerability Management
0The often-overlooked truth in cybersecurity: Seeing the Unseen in Vulnerability Management
In this episode, Sean Martin speaks with HD Moore, Founder and CEO of RunZero, about the often-overlooked truth in cybersecurity: the greatest risks are usually the things you don’t know exist in your environment.
Moore’s career has spanned decades of penetration testing, tool creation, and product development, including leading the creation of Metasploit. That background shapes his approach at RunZero—applying attacker-grade discovery techniques to uncover devices, networks, and vulnerabilities that traditional tools miss.
Why Discovery Matters Most
Through repeated penetration tests for high-security organizations, Moore observed a consistent pattern: breaches rarely occurred because defenders ignored known issues, but rather because attackers exploited unknown assets. These unknowns often bypassed mitigation strategies simply because they weren’t on the organization’s radar.
Beyond CVEs
Moore emphasizes that an overreliance on CVE lists leaves organizations blind to real-world risks. Many breaches stem from misconfigurations, weak credentials, or overlooked systems—problems that can be exploited within days of a vulnerability being announced. The answer, he says, is to focus on exposure and attack paths in real time, not just lists of patchable flaws.
Revealing the Gaps
RunZero’s approach often doubles the asset count organizations believe they have, uncovering systems outside existing scanning or endpoint management coverage. By leveraging unauthenticated discovery techniques, they detect exploitable conditions from an attacker’s perspective—identifying forgotten hardware, outdated firmware, and network segmentation issues that open dangerous pathways.
Changing the Game
This depth of discovery enables security teams to prioritize the small subset of issues that pose the highest business risk, rather than drowning in thousands of low-impact findings. It also helps organizations rebuild their security programs from the ground up—ensuring that every device is accounted for, properly segmented, and monitored.
Collaboration and Community
Moore also shares his ongoing contributions to open source through Project Discovery, integrating and enhancing tools like the nuclei scanner to accelerate vulnerability detection for everyone—not just paying customers.
The message is clear: if you want to close the gaps, you first need to know exactly where they are—and that requires a new level of visibility most teams have never had.
FInd out more about RunZero on ITSPmagazine https://www.itspmagazine.com/directory/runzero