Presentation Title:
A Case for Continuous Threat Exposure Management (CTEM): Why Now is the Time to Act.
Abstract:
Cybersecurity leaders know that traditional vulnerability management is no longer enough. Expanding attack surfaces, cloud complexity, and third-party risk demand a continuous, business-aligned approach. In this session, Victor Marchetto will guide attendees through the CTEM Methodology and its core phases: scoping, discovery, prioritization, validation, and mobilization.
Attendees will learn how organizations evolve from compliance-driven practices to strategic exposure management, supported by a clear four-level maturity model.
By the end of this session, participants will walk away with:
-
A working understanding of the CTEM framework and its phases
-
A practical maturity model for measuring progress
-
Strategies to shift exposure management from tactical fixes to business enablers
Bio:
Victor Marchetto is the Manager of Advisory Services at Evolve Security, where he leads governance, risk, and compliance engagements and helps organizations strengthen their cybersecurity programs. He helps clients navigate SOC 2 readiness, CIS Controls v8 assessments, ISO 27001 preparation, NIST CSF alignment, HIPAA security requirements, and risk assessments.
Victor has developed and refined service offerings that blend technical expertise with practical business alignment, including for Continuous Threat Exposure Management (CTEM) adoption, NIST AI Risk Management. He works directly with executives and stakeholders across industries, from financial services and manufacturing to private equity, translating complex security requirements into actionable strategies.
With over a decade of experience spanning policy development, framework alignment, risk management, and advisory leadership, Victor is passionate about helping organizations mature their security posture. Through his presentations and advisory work, he highlights clarity, practicality, and measurable outcomes, showing how security can serve as both a safeguard and a business enabler.
Sponsor: ISACA Kentuckiana
Locations:
We would like to thank Dean Dorton for hosting their facilities for our event!
(Option 1) In-Person: Dean Dorton - Louisville
435 N Whittington Pkwy Suite 400, Louisville, KY 40222
(Option 2) In-Person Remote Viewing: : Dean Dorton - Lexington
250 W Main St #1400, Lexington, KY 40507
(Option 3) Remote Viewing: Video Conference link available at checkout. *Note - the actual link to the remote viewing session will be in the ticket emailed from Eventbrite to your Eventbrite registered email, so make sure you retain that email which will have the link to the URL.
Time
The meeting will be from 11:30 AM - 1:00 PM Eastern. Lunch will be provided.
RSVP appreciated!
Preregistration is appreciated for us to order the correct amount of food.
CPE Credits
ISACA Kentuckiana members with confirmed attendance of this event are eligible for 1 CPE credit