Exposure Management: The New Cyber Risk Strategy
Mark Thurmond
RSA Conference 2025 · Day 4 · West Stage
Tenable Co-CEO Mark Thurmond made the case at RSA Conference 2025 that the cybersecurity industry's dominant model — deploying more tools, more alerts, more specialized teams — has fundamentally failed. The replacement he proposed is exposure management: a continuous, AI-driven discipline that unifies fragmented visibility, contextualizes risk through predictive modeling, and is evolving toward autonomous remediation. The talk was delivered in honor of Tenable founder Amit Yoran, who died earlier in 2025 and had originally been scheduled to give it. ---
AI review
Tenable's Co-CEO delivers Amit Yoran's talk — and the emotional context makes it land harder than the content probably warrants on its own. The exposure management framework is coherent but not novel, and the statistics are the kind that get cited without enough scrutiny. A vendor keynote with a genuine human moment at its center, which is both its strength and the thing that makes it hard to rate on the merits.