Executive brief on how PCI DSS 4.0 affects offensive security practices, penetration testing, and segmentation testing. Watch Now

Attack Surface Management: Measuring Real-World Impact

Our experts explain how to tell if your ASM is effective, what teams often miss, and why it’s more than just tracking known vulnerabilities.

Many organizations invest in Attack Surface Management (ASM) solutions, but how can security leaders determine if they are truly effective? This session brings together industry experts to dissect what really matters in ASM—beyond vendor promises—to help decision-makers make informed investments.  

Watch our expert panel as they discuss:

  • How decision-makers evaluate ASM solutions – What executives look for when assessing ASM effectiveness and ROI.
  • The state of ASM in the industry – Research-backed insights on the latest trends, challenges, and innovations shaping ASM.
  • ASM vs. real-world threats – How attackers actually exploit attack surfaces—and where ASM solutions succeed or fall short.

This conversation goes beyond the marketing buzz to give security leaders the practical insights they need to measure, optimize, and improve their ASM strategy.  

If you want practical, unfiltered insight on how to strengthen your ASM game, this session’s for you. 

Host: Mark Goodwin, Director of Managed Security Services, Bishop Fox

Guests: 

  • Chris Ray, Field CTO, Gigaom
  • Sergio Villegas, Sr. Managing Analyst, Bishop Fox – ASI, where he leads a team focused on attack surface intelligence
  • Richard Brown, Sr. Managing Operator, Bishop Fox – TEA, where he leads a team focused on threat enablement and analysis

Summary

In this engaging panel, Bishop Fox’s Mark Goodwin sits down with Chris Ray (GigaOm), Sergio Villegas, and Richard Brown (Bishop Fox) to talk about what really makes an Attack Surface Management (ASM) program effective.

They answer a key question: If you’re investing in ASM, how do you know it’s actually working?

Highlights from the Discussion:

  • ASM ≠ Vulnerability Management – ASM focuses on discovering unknown assets and gaps, not just tracking known issues.

  • Common Misconceptions – Many teams think they’re covered, but often miss assets from cloud apps, mergers, or rogue domains.

  • Why Threat Intelligence Matters – Integrating real-time intel helps teams prioritize what truly matters.

  • Emerging Trends – Organizations are starting to apply ASM internally to catch issues before attackers do.

  • Measuring Success – It’s about more than critical findings—track trends over time, response speed, and attack surface hygiene.

Key Takeaway:

ASM isn’t just a tool—it’s a partnership. The best programs combine automation, expert insight, and strong collaboration to stay ahead of threats.

Mark Goodwin

About the speaker, Mark Goodwin

Director of Managed Security Services

Joining Bishop Fox in 2020, Mark Goodwin has held key leadership roles, including Managing Principal and now Director of Managed Security Services. He pioneered the firm’s Offensive Threat Intelligence service and Emerging Threat reporting lines and currently oversees the strategic vision and operational excellence of the firm's Managed Security Services team. With a focus on innovation, automation, and team development, Mark ensures clients receive proactive, high-impact security assessments that evolve with emerging threats.

More by Mark
Chris Ray Headshot

About the speaker, Chris Ray

GigaOm Analyst

Chris Ray is a veteran of the cyber security domain. He has a collection of experiences ranging from small teams to large financial institutions. Additionally, Chris has worked in healthcare, manufacturing & tech. More recently he has acquired an extensive amount of experience advising and consulting with security vendors, helping them find product-market fit as well as deliver cyber security services.

More by Chris
Sergio Villegas BF Headshot

About the speaker, Sergio Villegas

Senior Analyst

Sergio Villegas is a Senior Analyst in the Attack Surface Intelligence team at Bishop Fox where he is one of the lead researchers. His main areas of focus are emerging threats, attack surface mapping, and tactical lead generation. Sergio has over 11 years of experience in cybersecurity during which he has worked as a researcher and consultant to help companies improve their procedures, technologies, and techniques around threat intelligence and threat hunting.

More by Sergio
Richard Brown headshot

About the speaker, Richard Brown

Senior Managing Operator

Richard Brown is a Senior Managing Operator at Bishop Fox, where he leads a team focused on tracking and notifying customers of Emerging Threats, and identifying and helping expand what the operators do; which includes tool development, automation, and working with other business units in Bishop Fox.

Before joining Bishop Fox, Richard served in various security and consulting roles, including positions at MasterCard, Mercy, and Focal Point Data Risk. He also spent several years in law enforcement with the St. Louis Metropolitan Police Department, where he served as a detective in the Intelligence Division. This experience informs his ability to think like an attacker—and uncover what others miss.

Richard holds a Bachelor’s degree in Information Technology from Lindenwood University and an Associate’s degree in Electrical System Design from Ranken Technical College. He has held several certifications, including Certified Information Systems Security Professional (CISSP) and Certified Ethical Hacker (CEH), as well as others from Cisco, Splunk, NW3C, and FEMA.

More by Richard

Extend Your Knowledge

Check out these related resources.

2025 attack surface management (ASM) Fast mover recognition between best ASM vendors.
Report

2025 GigaOm Radar for Attack Surface Management

Get an overview of the Attack Surface Management (ASM) market — along with the key features and business criteria met by the top solutions — and learn why Bishop Fox was named a Fast Mover by the analysts at GigaOm.

Learn More
Preview of the cover page of the Cosmos report on Data Analysis unveiling critical vulnerabilities in attack surfaces.
Report

Cosmos: Protecting the Perimeter

To understand the vulnerability landscape that organizations are up against, we meticulously examined 17,000 data points, extracted from over 110 billion automations, within a 12-month period. Download the report to view a comprehensive propensity model that allows security and organizational leadership to visualize the potential impact of leaving vulnerable exposures to chance.

Learn More
2024 Q1 DIGITAL DS COSMOS Tile
Datasheet

Cosmos Datasheet

Learn how Cosmos combines attack surface management with expert-driven penetration testing to help security teams identify and remediate dangerous exposures before attackers can exploit them.
Learn More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.