Black Hat USA 2025

Want to Manage Cyber Risk at the Speed of Business with Agentic AI?

Visit us at booth 2233 to learn how the Qualys Enterprise TruRiskTM Platform, powered by Agentic AI, can measure, communicate, and autonomously eliminate cyber risk everywhere.

Black Hat USA 2025

Qualys Sessions at Black Hat USA

IN-PERSON SESSION:

Black Hat Main Stage

IS YOUR CTEM MONEY-MINDED?

August 6, 2025, 12:15 PM - 12:40 PM

Richard Seiersen, Chief Risk Officer, Qualys

Unveiling A New Approach to Cyber Risk Management: Moving from Attack Surface Management to Risk Surface Management

Modern businesses are risk-generating machines. They pursue digital and AI transformation, exposing more value to more people through more channels at higher velocities, in the hope of generating more revenue and profit. Their adversaries are similarly transforming, seeking to capitalize on this volumetric exposure. At the center of this emergent milieu stands security.

Is this asymmetric warfare? Meaning, is security destined to be crushed between super-funded business innovation and legions of artificially intelligent adversaries? Not if we have a modern risk-based approach to security that scales – that works backwards from what the modern business stands to lose.

In this keynote, we will unpack:

  • The evolution from attack surface management (ASM) to risk surface management (RSM)
  • The emergence of the Risk Operations Center (ROC) as a money-minded CTEM
  • The role of the modern cybersecurity risk management leader.

Mayuresh Ektare, Vice President, Product Management, Enterprise TruRisk Management, Qualys

Tired of playing whack-a-mole with endless alerts—vulnerabilities, misconfigurations, web app flaws, and cloud risks? As cyber threats grow and compliance stakes rise, security teams can no longer afford reactive tactics. The Risk Operations Center (ROC) offers a smarter way—centralizing security signals, business context, and automated workflows to drive continuous, measurable risk reduction.

In this session, we'll show how Qualys ETM helps organizations cut through the noise and focus on the exposures that actually matter. Learn how to move from alert overload to a unified, risk-based approach that enables faster decisions and stronger outcomes.

Key takeaways:

  • Turn vulnerability data into prioritized, business-aligned risk signals
  • Automate triage and remediation with context-aware playbooks
  • Build a clear, executive-friendly risk narrative

IN-PERSON SESSION:

Black Hat Theater A

Cancel Exposure Whack-o-Mole with a Risk Operations Center (ROC)

August 6, 1:30 PM - 2:20 PM

Black Hat USA 2025

Booth sessions

10:30 - 10:50 AM Operationalize Risk Surface Management with Industry's first Risk Operations Center (ROC)
Bhagyashree Thorat, Principal Product Manager, Enterprise TruRisk Management, Qualys

Are your security teams overwhelmed by a constant flood of exposures? The traditional "whack-a-mole" approach to vulnerabilities, misconfigurations, and other risks is no longer enough to keep up with today's emerging threats.

It’s time for a smarter strategy. The Risk Operations Center (ROC), powered by Qualys Enterprise TruRisk Management, transforms your security from being reactive to strategic. By unifying exposure signals, threat intelligence and business context, you can prioritize and remediate the risks that could have the greatest impact on your organization.

In this session, you'll learn how to break free from exposure overload and move to a unified, risk-based approach that enables your team to focus on what truly matters.

11:15 - 11:30 AM Auto-Renew your Expiring Certificates and Readiness for Post-Quantum Computing
Pablo Quiroga, Senior Director, Product Management, CSAM & EASM, Qualys

As digital infrastructure scales and the threat of quantum computing advances, organizations must modernize their certificate management strategies to ensure continuous trust and security. Manual renewal of digital certificates is error-prone and unsustainable, especially in large, dynamic environments. Explores the critical need for automated certificate renewal processes and their alignment with post-quantum cryptographic (PQC) readiness. Automation not only reduces operational risk and downtime but also lays the groundwork for transitioning to quantum-safe algorithms. We examine the challenges of implementing auto-renewal in existing Public Key Infrastructure (PKI), the importance of crypto-agility, and the integration of hybrid certificates during the migration phase. By combining automation with proactive planning for PQC, organizations can achieve both short-term operational resilience and long-term cryptographic sustainability in an evolving threat landscape.

11:55 AM - 12:15 PM Israeli Discount Bank’s Journey with Qualys TotalAppSec
Beatrice Sirchis, CyberSecurity Engineer, IDBNY
12:40 - 1:00 PM Cloudy Attack Paths: Use TruRisk GPS from Code to Cloud
Shrikant Dhanawade, Senior Product Manager, Cloud Security Solutions, Qualys

In today's cloud environments, real risk isn't just about critical CVEs — it's about what's exploitable and exposed. As the cloud attack surface grows, proactive risk management and frictionless automation are essential from code to cloud to reduce remediation time and provide actionable context to IT and development teams.

​With Qualys, security teams move from alert overload to real-time action: orchestrating remediation, eliminating manual steps, and maintaining continuous compliance.

​Learn how Qualys enables Multi-Cloud Risk Operations with TruRisk Prioritization, Attack Path Analysis, and QFlow for no-code remediation of misconfigurations and vulnerabilities.

Join this session to see how Qualys helps enterprises operationalize risk management at scale.

1:25 - 1:40 PM Putting the 'M' in Vulnerability Risk Management
Siddharth Bhatia, Director, Product Management - CSAM & EASM, Qualys

The threat landscape is more complex than ever, with tens of thousands of new CVEs every year, an attack surface that changes by the hour, and dozens of disjointed tools to collect risk signals. Security teams spend endless cycles to make sense of infinite detections across a hazy picture of their technology environment. It doesn't need to be this way.

In this session, you'll learn to truly manage exposures beyond the list of vulnerabilities with the following:

  • A complete view of all assets with cyber risk context, including security gaps, internet exposures, and relationships to your crown jewels
  • Real-time threat intelligence, including known exploits and MITRE ATT@CK mapping to drive the universal language of TruRisk™️ across all asset categories
  • Orchestrated response, whether it's connected workflow to ITSM tools, automated patch jobs, and compensating controls to close attack paths as quickly as possible

Join us to learn how Qualys can simplify an increasingly complex threat landscape by streamlining your exposure management program with VMDR and CSAM.

2:05 - 2:20 PM Proactive Cyber Risk Reduction with ImagineX's mROC Services
Tim Salvador - ImagineX

ImagineX transforms cyber risk management by combining it’s proprietary AI-powered risk assessments with managed Risk Operation Center (mROC) services, to enable continuous risk monitoring, deliver advanced prioritization, and targeted risk remediation. Learn how this approach streamlines remediation and empowers organizations to make informed security decisions, demonstrably lowering their cyber exposure.

2:45 - 3:05 PM Qualys Solutions Change the Game for the New Orleans Saints
Jeff Huffman, Director, New Orleans Saints
3:30 - 3:45 PM The Eliminator: How Security Teams Can Slash Risk at the Root
Eran Livne, Senior Director, Endpoint Remediation, Qualys

In a world overwhelmed by unpatched vulnerabilities and alert fatigue, the real win isn't finding more — it's eliminating what matters most. In this session, we'll show how security teams can shift from pointing out problems to actively driving risk reduction. Discover how to partner with remediation teams to accelerate fixes for high-impact vulnerabilities — even in complex environments with those "it takes forever to patch" applications. Learn practical strategies to prioritize, align, and eliminate risk with precision, turning collaboration into impact.

4:05 - 4:20 PM Protect What Powers Your AI: Risk-First Container Security at Cloud Speed Abhishek Singh, VP Product Management, Qualys
Abhinav Mishra, Product Management Director, Container Security, TotalCloud CNAPP, Qualys

Kubernetes and containers have become the backbone of modern AI infrastructure, orchestrating GPU-powered LLM workloads across dynamic, distributed environments. But securing these pipelines isn't just about detection—it's about staying ahead of risk. With complex layers of infrastructure, ephemeral workloads, and constantly shifting code and API surfaces, AI introduces novel vulnerabilities that traditional approaches can't keep up with.

That's why Qualys takes a risk-first approach to container security: identifying, prioritizing, and eliminating risk before it's exploited.

In this session, we'll unveil how Qualys is redefining container security for modern AI-driven environments through:

  • Unified AI and LLM Discovery: Discover unknown LLMs across containers and Kubernetes running in hybrid cloud environments. Correlate application and infrastructure context to uncover blind spots and enable seamless cyber hygiene.
  • Runtime-informed risk reduction: Go beyond alerts with eBPF-powered detection, real-time attack path analysis, and intelligent correlation from code to container to cloud—including signature-free threat classification and zero-trust sandboxing for emerging zero-day activity.
  • Proactive security posture management: Scan for prompt injection and API vulnerabilities, and harden your Kubernetes and cloud control planes. Correlate and prioritize vulnerabilities across infrastructure, containers, and APIs using threat context and asset value—so you can focus efforts where they'll make the biggest impact.
  • End-to-end AI workload protection: Enable risk-minded threat detection and response across containers, Lambdas, cloud services, and identities—while tracing runtime risk back to code and ownership to accelerate response across the pipeline.

Join us to see how Qualys helps you burn down risk across your containerized AI stack—faster, smarter, and without the noise.

4:45 - 5:00 PM TruLens as a Unified Threat Intelligence Gateway
April Lenhard, Principal Product Manager, Qaulys

With today's fragmented cyber threat landscape, security teams struggle to translate broad and copious amounts of intelligence into actionable insight for their unique environments. This session introduces TruLens: a threat intelligence gateway that contextualizes global threat trends through the lens of your organization's specific exposures, industry, and assets. Using the Qualys Enterprise TruRisk Management (ETM) platform, April will demonstrate how TruLens delivers tailored, dynamic intelligence modules to bridge the gap between high-profile vulnerability news and concrete risk reduction actions to operationalize intelligence and confidently prioritize mitigations.

Himanshu Kathpal

Himanshu Kathpal

VP, Product Management, Platform and Technologies, Qulays

Himanshu Kathpal is VP, Product Management, Platform and Technologies at Qualys. He has over 13 years of experience in cybersecurity and product management, with a specialization in vulnerability management, remediation, and next-generation endpoint security. Himanshu is passionate about developing security solutions that align with the company’s cybersecurity product strategy to meet customer needs, reduce the attack surface, and strengthen the organization’s security posture. He holds a master’s degree in engineering from D.Y.Patil University, Pune, as well as an MBA in International Business Management from NMIMS, Mumbai.

Nayeem Islam

Nayeem Islam

Vice President, Product Management, Qualys

Nayeem Islam is the Vice President of Product Management at Qualys for the TotalCloud initiative. Prior to joining he was founder and CEO of Blue Hexagon, a cloud security company that pioneered the use of AI to detect cloud threats. Blue Hexagon is now part of Qualys.

Shailesh Athalye

Shailesh Athalye

Senior Vice President, Product Management, Qualys Inc.

As Senior Vice President of Product Management, Shailesh leads the product management team and drives the Qualys product vision helping customers assess and improve their IT, security and compliance posture. Since joining Qualys in 2012, he has worked in various security and compliance roles driving innovative solutions, including remote endpoint protection, endpoint detection and response, and SaaS security. In addition, Shailesh headed engineering, research and product management for Qualys Policy Compliance and File Integrity Monitoring, where he helped customers go beyond compliance to drive their IT GRC objectives. Before Qualys, he focused on security research for Symantec ESM and Compliance solutions. Shailesh holds a master’s in computer applications (MCA) from the Vishwakarma Institute of Technology and has various security certifications including CISA, CRISC, CISM. He is also a regular speaker at industry conferences.

Lavish Jhamb

Lavish Jhamb

Sr. Product Manager, Compliance Solutions, Qualys

Lavish Jhamb is Solution Architect for Compliance Solutions at Qualys, focused on building security solutions such as ‘Custom Assessment and Response’ and ‘File Integrity Monitoring’ and helping customers assess and improve their security and compliance posture. He has over 7 years of experience working on security solutions, regulatory standards, and cyber security frameworks, with thorough understanding of operating systems. Lavish holds a bachelor’s degree in computer engineering from the Kurukshetra University Institute of Engineering and Technology and a Post Graduate Diploma in IT Infrastructure, Systems and Security from CDAC Pune.

Eran Livne

Eran Livne

Senior Director, Endpoint Remediation, Qualys

Eran Livne is Senior Director, Endpoint Remediation at Qualys, leading a team tasked with helping customers improve their security posture through cross-platform vulnerability remediation. He has more than 20-years of product management and computer science experience working in diverse IT and security markets. In 2014, Eran founded mobile security company, LetMobile, acquired by Ivanti. Following the acquisition, he drove Ivanti’s enterprise security and endpoint security and management solutions. Eran holds a bachelor’s degree in computer science from Tel Aviv University and an MBA in high-tech business administration from Technion - Israel Institute of Technology.

Kunal Modasiya

Kunal Modasiya

Senior Vice President, Product Management, Qualys

Kunal is currently VP of Product Management for the CyberSecurity Asset Attack Surface Management (CAASM), Web App and API Security product line at Qualys HQ in Foster City, CA. He is Qualys boomerang. He worked at Qualys for 3 years and incubated the XDR product line from inception. Kunal has spent 15+ years working at startups, and big and mid-size companies in cybersecurity, networking, and application security in both product and engineering roles at Juniper Networks, Extreme Networks, Sun Microsystems and Infinera. Prior to re-joining Qualys, Kunal was heading products at Israeli startup in API security and bot management AppSec space.

Sandeep Potdar

Sandeep Potdar

Senior Director, Product Management, VMDR, Qualys

As Senior Director of Product Management, Sandeep Potdar leads product strategy and its execution for the Qualys VMDR product portfolio. He is an Engineer-turned-Architect-turned-PM, with close to 2 decades of experience in Enterprise Software and Cybersecurity domains and an extensive consulting experience in various Retail, Banking, Insurance, Travel, and Manufacturing Fortune 500 companies. Prior to joining Qualys, he led Platform and Product Management at Tenable. Before that, he led Product Management at WhiteHat Security and launched several Application Security products. Sandeep has a bachelor’s in computer science engineering from Visvesvaraya Technological University, India and a certificate of business excellence from Haas School of Business, University of California, Berkeley.