
Episode #080: Patch Me If You Can: Compliance, SLAs, and Other Fairytales
From Relating to DevSecOps by Ken Toler and Mike McCabe
August 25, 2025 · 34 min · Season 1 · Episode 80
About this episode
Ken and Mike discuss the challenges of vulnerability management and the realities of compliance in the tech industry.
Send us Fan Mail In this no-punches-pulled return from hiatus, Ken and Mike dig deep into the messy middle of vulnerability management, SLA fatigue, and the illusion of compliance. Are we building secure systems or just passing audits? From legacy cruft to exploitable CVEs, this episode unpacks the real-world pressures of SOC 2, the auditor dance, and whether fixing every “critical” is even feasible. Perfect for practitioners trying to balance the checkbox culture with actual risk reduction,...
People in this episode
Hosts: Ken Toler, Mike McCabe
Topics covered
- vulnerability management
- compliance
- SLA fatigue
- risk reduction
- audits
Keywords
- vulnerability management
- SLA
- compliance
- SOC 2
- CVE
- risk reduction
- audits
Mentioned in this episode
Organizations: SOC 2, CVE
More episodes of Relating to DevSecOps
- Episode #083: AI Mythos, Security Fundamentals, and the Zero-Day Panic Cycle · April 29, 2026 · 44 min
- Episode #082: AI Hype, Human Cost · March 17, 2026 · 44 min
- Episode #081: Burnout by Budget Season: Surviving Q4 in Security · October 29, 2025 · 22 min
- Episode #079: CISOver It: When Dashboards Replace Direction · June 10, 2025 · 37 min
- Episode #078: 🔥 Burn Your 30-page Policies: Tanya’s Got Better Ideas · April 22, 2025 · 47 min
- Episode #077: Is Google Eating the Cloud? 🔥 Wiz.io Acquisition Hot Takes · March 24, 2025 · 32 min
Explore listener stats, chart rankings, contacts and more on the Relating to DevSecOps podcast page.