Erich Winkler (@cybersecerich): "Risk. Threat. Vulnerability. Three words that lose interviews in the first five minutes. Beginners use them interchangeably. Hiring managers stop listening. Here's the difference: A vulnerability is a weakness in your system. A threat is something that could exploit…"

Risk. Threat. Vulnerability.

Three words that lose interviews in the first five minutes.

Beginners use them interchangeably.

Hiring managers stop listening.

Here's the difference:

A vulnerability is a weakness in your system.
A threat is something that could exploit that weakness.
A risk is what happens when both exist together with something worth protecting.

The CISSP doesn't forgive this. The CC doesn't. Real risk registers definitely don't.

Get the vocabulary right before you build anything on top of it.

Try this: explain the three words in your own way below. I'll tell you if it would pass an interview.

May 6

1:38 PM