📺 Missed the runZero Day livestream? Watch it now! Let's Go
runZero CAASM

The often-overlooked truth in cybersecurity: seeing the unseen in vulnerability management

In this episode, ITSPmagazine's Co-Founder Sean Martin speaks with HD Moore about the often-overlooked truth in cybersecurity: the greatest risks are usually the things you don’t know exist in your environment.

Moore’s career has spanned decades of penetration testing, tool creation, and product development, including leading the creation of Metasploit. That background shapes his approach at runZero — applying attacker-grade discovery techniques to uncover devices, networks, and vulnerabilities that traditional tools miss.

Why Discovery Matters Most

Through repeated penetration tests for high-security organizations, Moore observed a consistent pattern: breaches rarely occurred because defenders ignored known issues, but rather because attackers exploited unknown assets. These unknowns often bypassed mitigation strategies simply because they weren’t on the organization’s radar.

Beyond CVEs

Moore emphasizes that an over-reliance on CVE lists leaves organizations blind to real-world risks. Many breaches stem from misconfigurations, weak credentials, or overlooked systems — problems that can be exploited within days of a vulnerability being announced. The answer, he says, is to focus on exposure and attack paths in real time, not just lists of patchable flaws.

Revealing the Gaps

runZero’s approach often doubles the asset count organizations believe they have, uncovering systems outside existing scanning or endpoint management coverage. By leveraging unauthenticated discovery techniques, they detect exploitable conditions from an attacker’s perspective — identifying forgotten hardware, outdated firmware, and network segmentation issues that open dangerous pathways.

Changing the Game

This depth of discovery enables security teams to prioritize the small subset of issues that pose the highest business risk, rather than drowning in thousands of low-impact findings. It also helps organizations rebuild their security programs from the ground up — ensuring that every device is accounted for, properly segmented, and monitored.

Collaboration and Community

Moore also shares his ongoing contributions to open source through Project Discovery, integrating and enhancing tools like the nuclei scanner to accelerate vulnerability detection for everyone — not just paying customers.

The message is clear: if you want to close the gaps, you first need to know exactly where they are — and that requires a new level of visibility most teams have never had.

Meet Our Speakers

HD Moore

Founder & CEO, runZero

Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.

Related Resources

Podcasts
The infinite eye: How AI threat intelligence gives defenders an asymmetric edge
Tod Beardsley, HD Moore, and Jonathan Cran discuss how AI-powered threat intelligence is providing defenders with a much-needed advantage.
Watch Now
Podcasts
Perimeters and pathways: Protecting the complete attack surface
Tod Beardsley, Jared Atkinson, Zakir Durumeric, and HD Moore discuss the perimeters and pathways that connect internal networks to the global...
Watch Now
Podcasts
Bug bounties in the age of AI
In this session, Tod Beardsley and Casey Ellis explore the evolving role of bug bounties in a world increasingly shaped by artificial intelligence.
Watch Now
Podcasts
The network edge: EOL and exploitation
Tod Beardsley is joined by Kimber Duke & Patrick Garrity of VulnCheck to discuss the critical intersection of EOL hardware and cybersecurity...
Watch Now

See Results in Minutes

See & secure your total attack surface. Even the unknowns & unmanageable.

Try runZero for Free
runZero CAASM
© Copyright 2026 runZero, Inc. All Rights Reserved