Cloud Platform
Contact us
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview
  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Cloud Security

Black Hat USA 2022

Get More Security in a Single Platform

Visit us at booth 1320 to learn how to Get More Security with our latest Qualys solutions. Hear from our experts, see demos, and meet 1:1 with a Qualys expert. Can’t join in person? Visit us at our virtual booth.

Free Virtual Business Pass

Register for free access to the Business Hall, Arsenal, Community Programs and Sponsored Sessions

Qualys sessions at Black Hat USA


Business Hall Theater A

Making External Attack Surface Management (EASM) the First Step for Reducing Your Cybersecurity Risk

August 10, 2022 - 10:20 AM

Mike Orosz, VP, Information and Product Security, Vertiv

Kunal Modasiya, VP, Product Management, Attack Surface Management & AppSec, Qualys

As an organization's digital footprint grows rapidly, so does its attack surface and risk. Often, unknown assets aren’t noticed by an organization and its security teams but are discovered by bad actors and leveraged in successful attacks and breaches. Siloed external attack surface management (EASM) tools provide a laundry list of assets without any context, requiring security teams to manually analyze assets and conduct a very manual time-consuming process to reduce risk. Kunal and Mike will discuss the challenges of asset visibility and why it remains one of cybersecurity's most elusive goals. The session will include a demo of Qualy's new solution for analyzing external assets, and Mike will share ideas to leverage the solution can help proactively manage cyber defenses and help mitigate cyber risk within organizations.

Mehul Revankar, Vice President, Product Management & Engineering for VMDR, Qualys

The doubling of disclosed vulnerabilities over the last five years, the speed at which vulnerabilities are weaponized, and the cyber talent shortage, have left teams struggling to keep up with attackers. It is possible to remediate faster and more efficiently by prioritizing your vulnerabilities, leveraging rule-based integrations between VM and ITSM tools, automating operational workflows, and using integrated patch management. Here we detail these four techniques, that can significantly accelerate an organization’s ability to respond to threats, thus preventing possible exploitation.


Rapid Response – Getting Under the Attack Envelope


Elevating Vulnerability Management programs with Business and Security Risk Context

Mehul Revankar, Vice President, Product Management & Engineering for VMDR, Qualys

If you fail to prioritize the most tempting vulnerabilities, attackers will prioritize them for you. Attacks will follow. With today’s hybrid infrastructure, prioritizing vulnerabilities based on real risks can be a daunting task, requiring an in-depth understanding of targeted assets, their vulnerabilities, and associated threats. Business and security context can help organizations clearly understand their risk, and then act by efficiently balancing their resources, processes, and technology. This discussion will detail a new integrated approach from Qualys that can help organizations: Discover assets, and then find and prioritize vulnerabilities based on the organization’s risk profile and Deliver closed-loop integration from a single platform.

Ankur Tyagi, Principal Engineer, Qualys

Writeups for CTF challenges and machines are a critical learning resource for our community. For the author, it presents an opportunity to document their methodology, tips/tricks, and progress. For the audience, it serves as a reference material. Oftentimes, authors switch roles and become the audience to learn from their own work. This demo aims to showcase tools, svachal and machinescli, developed with these insights. These work in conjunction to help users curate their learning in .yml structured files, find insights and query this knowledge base as and when needed.


Tools for Creating and Learning from CTF Writeups

Booth Sessions

10:20 AM Reduce Risk of Your External Attack Surface
Pablo Quiroga, Director, Product Management, Qualys

Pablo Quiroga’s bio

11:00 AM Coordinating a Global Response to Cyber Threats
Sara Griffiths, CISO, Euronet Worldwide

Sara Griffiths' bio

With 130 offices around the globe, Euronet CISO is on a mission to centralize and standardize security. In this session, Sara Griffith will discuss how the payments processor safeguards its international business from the risk of cyberattacks with a central, real-time view of vulnerabilities across all IT assets.

11:40 AM Shift Left with WAS: Empower DevOps Security Testing
John Delaroderie, Director Product Management, Qualys

John Delaroderie’s bio

12:20 PM Better Together – VMDR 2.0 and Multi-Vector EDR
Thomas Nuth, Sr. Director, Product Marketing, Qualys

Thomas Nuth’s bio

1:00 PM Using Qualys Flow to Automate Detection & Remediation with No-code Workflow
Parag Bajaria, VP, Cloud and Container Security Solutions, Qualys

Parag Bajaria’s bio

1:40 PM Cutting the Cost and Complexity of Protecting Healthcare Data
Elie Abouzeid, VP, Information Security, Dentaquest
2:20 PM Risk-Based Vulnerability Management with TruRisk
Mehul Revankar, VP, Product Management & Engineering, Qualys

Mehul Revankar’s bio

3:00 PM Responding with Precision and Speed: Custom Assessment & Remediation (CAR)
Hariom Singh, Senior Director, Compliance Solutions, Qualys

Hiep Dang’s bio

3:40 PM Software Composition Analysis and SBOM
Kong Yew Chan, Director, Product Management, Qualys

Kong Yew Chan’s bio

4:20 PM Reduce Risk of Your External Attack Surface
Pablo Quiroga, Director, Product Management, Qualys

Pablo Quiroga’s bio

5:00 PM Automate Risk Remediation The Smart Way
Eran Livne, Director, Product Management, Endpoint Remediation, Qualys

Eran Livne's bio

Visit us at our booth and win prizes

Stop by booth 1320 to meet with our product managers, technical account manager, and other experts.

Attend one of our in-person booth presentation and enter the chance to win one of our great prizes! Must be present to win.

Meet with a Qualys Expert

Pablo Quiroga

Pablo Quiroga

Senior Director, Product Management, CSAM & EASM, Qualys

Pablo Quiroga is a Director of Product Management at Qualys, where he is in charge of the product definition, roadmap and strategy for the IT asset visibility & management initiatives. With over 10 years of experience in Enterprise Software and the IT industry, Pablo has helped numerous customers gain significantly better visibility to support data-powered decision that often led to multi-million-dollar savings and risk avoidance.

Shailesh Athalye

Shailesh Athalye

Senior Vice President, Product Management, Qualys Inc.

As Senior Vice President of Product Management, Shailesh leads the product management team and drives the Qualys product vision helping customers assess and improve their IT, security and compliance posture. Since joining Qualys in 2012, he has worked in various security and compliance roles driving innovative solutions, including remote endpoint protection, endpoint detection and response, and SaaS security. In addition, Shailesh headed engineering, research and product management for Qualys Policy Compliance and File Integrity Monitoring, where he helped customers go beyond compliance to drive their IT GRC objectives. Before Qualys, he focused on security research for Symantec ESM and Compliance solutions. Shailesh holds a master’s in computer applications (MCA) from the Vishwakarma Institute of Technology and has various security certifications including CISA, CRISC, CISM. He is also a regular speaker at industry conferences.

Sara Griffiths

Sara Griffiths

CISO, Euronet Worldwide

Sara Griffith is the Chief Information Security Officer (CISO) for Euronet Worldwide, Inc. (Nasdaq: EEFT), a public financial services company that is an industry leader in processing secure electronic transactions and payments for financial institutions, service providers, and individual customers all over the globe. Euronet has 9,000 employees in 66 offices worldwide including 41 countries across Europe, Asia Pacific, North America, the Middle East, South America, and Africa. Sara has been fortunate to work onsite in 29 of those countries during her 16 years at Euronet. Sara has been the CISO the past eight years; she has helped lead the global security team to centralize and standardize security policies, requirements, processes, reporting, tools, and training across the organization’s three core business segments, including 22 IT teams supporting 130 entities. Sara resides in Denver with her husband and three children.

Mehul Revankar

Mehul Revankar

Vice President, Product Management and Engineering, Qualys

Mehul Revankar is a cybersecurity professional with more than 15 years of experience in Vulnerability Management, Policy Compliance and Security Operations. He leads Product Management and Vulnerability Research at Qualys for VMDR. Before joining Qualys, Mehul led the development of vulnerability and patch management products at SaltStack, and prior to that he led multiple research teams at Tenable. Mehul has a bachelor’s degree in electronics from the University of Mumbai and a master’s degree in computer engineering from George Mason University.

John Delaroderie

John Delaroderie

Director, Product Management, Web App Security, Qualys

John Delaroderie is Director of Product Management for Web Application Security. He joined Qualys in 2018 and has spent the past decade working for various government agencies and private organizations in cybersecurity, incident response, digital forensics, and systems integrations. John holds a bachelor’s degree in political science from the U.S. Naval Academy and a master’s degree in computer science from the Naval Postgraduate School.

Hiep Dang

Hiep Dang

Vice President, Product Management, Qualys

Hiep Dang is Vice President of Product Management, EDR at Qualys. He is passionate about building innovative cybersecurity solutions to protect users and corporations from the evolving threat landscape. Almost 20 years ago, Hiep turned a casual curiosity in computer forensics and computer viruses into a full-time cybersecurity career. His journey has given him a spectrum of experiences from burgeoning startups to Fortune 500 companies and the opportunity to solve a range of problems from deeply technical to abstract business. He’s found his sweet spot in product management at the intersection of product strategy and technical execution. Before joining Qualys, Hiep launched several enterprise and consumer products for Cylance (acquired by BlackBerry), McAfee (acquired by Intel), and Aluria (acquired by EarthLink). Hiep has also served as the Director of Anti-Malware Research for McAfee, where he oversaw a globally distributed 24x7 organization responsible for researching and responding to complex malware threats.

Kunal Modasiya

Kunal Modasiya

Vice President, Product Management, Attack Surface Management & AppSec, Qualys

Kunal is currently VP of Product Management for the CyberSecurity Asset Attack Surface Management (CAASM), Web App and API Security product line at Qualys HQ in Foster City, CA. He is Qualys boomerang. He worked at Qualys for 3 years and incubated the XDR product line from inception. Kunal has spent 15+ years working at startups, and big and mid-size companies in cybersecurity, networking, and application security in both product and engineering roles at Juniper Networks, Extreme Networks, Sun Microsystems and Infinera. Prior to re-joining Qualys, Kunal was heading products at Israeli startup in API security and bot management AppSec space.

Kong Yew Chan

Kong Yew Chan

Director, Product Management, Container Security, Qualys

Kong Yew Chan is director of Product Management at Qualys, leading the container security solution. Prior to Qualys, Kong worked on multiple Kubernetes platforms at VMware and Pivotal. He has over 10 years of experience working on security solutions at Hewlett Packard and TrendMicro. Kong holds a bachelor’s degree in computer engineering from the Nanyang Technological University, Singapore, and an MBA from Babson College.