CVSS Is a Starting Point, Exposure Validation Turns It Into an SRE Signal
Thursday, 21 May | 9:55 AM GMT+2 | Hall 6 | CyberWiseCon
VulnCheck Research Engineer Guillermo Menjivar will be presenting “CVSS is a Starting Point, Exposure Validation Turns it into an SRE Signal” at DevOps Pro Europe 2026 on Thursday, 21 May at 9:55 AM GMT+2 in Hall 6, CyberWiseCon.
DevOps and SRE teams are overwhelmed by alerts, yet patching decisions often rely solely on CVSS scores. CVSS is a baseline, but real risk depends on context: compensating controls, system placement, and reachability. Most teams lack a workflow to turn context into actionable decisions.
AI is used only to correlate data and generate clear summaries, keeping decisions grounded in real-world exposure.
Join Guillermo to learn an operational approach that prioritizes vulnerabilities based on reachability, blast radius, and ownership, not just severity. Walk away with reference architecture, sample reports, and open-source templates to reduce patch chaos and prioritize what really matters.
Learn more about the conference at devopspro.it.
About Guillermo
Guillermo Menjivar is a security engineer who has worked across offensive and defensive security, building infrastructure and automation at scale. He was a founding engineer and VP at GreyNoise, where he helped design and build the platform.
He is currently at VulnCheck, building a canary network of vulnerable devices to capture real-world exploitation of known vulnerabilities. Guillermo is passionate about SRE, DevOps, and practical automation, and is integrating LLMs, agents, vector databases, and MCP to improve the operational security context.