🗓️ Join us August 20 for runZero Hour: Summer Camp recap! Register Now

The often-overlooked truth in cybersecurity: seeing the unseen in vulnerability management

In this episode, ITSPmagazine's Co-Founder Sean Martin speaks with HD Moore about the often-overlooked truth in cybersecurity: the greatest risks are usually the things you don’t know exist in your environment.

Moore’s career has spanned decades of penetration testing, tool creation, and product development, including leading the creation of Metasploit. That background shapes his approach at runZero — applying attacker-grade discovery techniques to uncover devices, networks, and vulnerabilities that traditional tools miss.

Why Discovery Matters Most

Through repeated penetration tests for high-security organizations, Moore observed a consistent pattern: breaches rarely occurred because defenders ignored known issues, but rather because attackers exploited unknown assets. These unknowns often bypassed mitigation strategies simply because they weren’t on the organization’s radar.

Beyond CVEs

Moore emphasizes that an over-reliance on CVE lists leaves organizations blind to real-world risks. Many breaches stem from misconfigurations, weak credentials, or overlooked systems — problems that can be exploited within days of a vulnerability being announced. The answer, he says, is to focus on exposure and attack paths in real time, not just lists of patchable flaws.

Revealing the Gaps

runZero’s approach often doubles the asset count organizations believe they have, uncovering systems outside existing scanning or endpoint management coverage. By leveraging unauthenticated discovery techniques, they detect exploitable conditions from an attacker’s perspective — identifying forgotten hardware, outdated firmware, and network segmentation issues that open dangerous pathways.

Changing the Game

This depth of discovery enables security teams to prioritize the small subset of issues that pose the highest business risk, rather than drowning in thousands of low-impact findings. It also helps organizations rebuild their security programs from the ground up — ensuring that every device is accounted for, properly segmented, and monitored.

Collaboration and Community

Moore also shares his ongoing contributions to open source through Project Discovery, integrating and enhancing tools like the nuclei scanner to accelerate vulnerability detection for everyone — not just paying customers.

The message is clear: if you want to close the gaps, you first need to know exactly where they are — and that requires a new level of visibility most teams have never had.

Meet Our Speakers

HD Moore

Founder & CEO

Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.

Related Resources

Podcasts
You can’t get there from here: why we need a new way to manage exposure
At Black Hat 2025, CyberRisk TV sits down with HD Moore for a no-BS conversation on why vulnerability management is still failing enterprises.
Read More
Podcasts
Is Vuln Management Dead?
HD Moore joins Paul's Security Weekly to share how vulnerability management and asset discovery are evolving in the age of emerging technologies....
Watch Now
Podcasts
Metasploit's Origin, Browser Bugs & Exposure Management
HD shares the story of building the top pen testing framework, early cybersecurity tales, and how his Month of Browser Bugs ended ActiveX.
Watch Now
Podcasts
From Vulnerability to Visibility: Rethinking Exposure Management
Learn how exposure management is evolving and how organizations can move from simply identifying vulnerabilities to gaining true visibility and...
Watch Now

See Results in Minutes

See & secure your total attack surface. Even the unknowns & unmanageable.

Try runZero for Free
© Copyright 2025 runZero, Inc. All Rights Reserved