Application Security Weekly (Audio) Why Proactive Security Is Far Better Than Patching - Erik Nost - ASW #375
Mar 24, 2026
Erik Nost, a Senior Analyst at Forrester focused on proactive security and attack surface management, discusses shifting from frantic patching to forward-looking practices. He covers visibility, prioritization, and remediation. He explains why remediation often feels reactive, how AI changes discovery and defense, and practical quick wins like reducing credential theft.
AI Snips
Chapters
Transcript
Episode notes
Implement Controls You Actually Control
- Focus on controls security teams can implement immediately rather than relying on others for fixes.
- Add IPS rules, monitoring, and preventative controls like zero trust to reduce dependency on third-party remediation cycles.
Secure By Design Is Aspirational Not Universal
- Secure-by-design is the aspirational goal but reality includes legacy systems and end-of-life artifacts.
- Erik emphasizes proactive programs must handle existing messy environments, not only new secure builds.
Likelihood Is Objective Impact Is Not
- Likelihood is often objective but impact is subjective and harder to measure before an incident.
- Erik notes impact assessments rarely reveal downstream effects until a real event occurs, complicating prioritization.