Skip to content
View patrickmgarrity's full-sized avatar
40 followers · 11 following

Achievements

Achievement: StarstruckAchievement: Pull Sharkx2Achievement: Quickdraw

Achievements

Achievement: StarstruckAchievement: Pull Sharkx2Achievement: Quickdraw

Block or report patrickmgarrity

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
patrickmgarrity/README.md

Hi, I'm Patrick Garrity! 👋

I currently work as a security researcher at VulnCheck. ⛄⛄

📊 Security Research

Research Projects
Helping Improve and Scale the CVE Ecosystem Through the Lens of Security Research
State of Exploitation - A look Into The 1H-2025 Vulnerability Exploitation & Threat Activity
Expanding VulnCheck’s KEV: Auditing ShadowServer, New CVE Assignments, and Source Expansion
Does ENISA EUVD live up to all the hype?
2025 Q1 Trends in Vulnerability Exploitation
NIST’s New Deferred CVE Status: What It Means for Defenders
Exposing CVEs from Black Bastas' Chats
2024 Trends in Vulnerability Exploitation
Are the Top 25 CWEs Truly the Most Dangerous Software Weaknesses in 2024?
A Peek Into the Known Exploited Vulnerabilities of 2024
Exploring CISA’s 2023 Top Routinely Exploited Vulnerabilities
Outpacing NIST NVD with VulnCheck NVD++
Danger is Still Lurking in the NVD Backlog
Exploring Targeted Technologies and Countries of the Flax Typhoon Botnet
VulnCheck Known Exploited Vulnerabilities Report - Summer 2024
Weaponized Vulnerabilities Deserve a Seat at The Prioritization Table
State of Exploitation - A Peek into 1H-2024 Vulnerability Exploitation
Taking an Evidence-Based Approach to Vulnerability Prioritization
The Real Danger Lurking in the NVD Backlog
State of Exploitation - A Peek into the Last Decade of Vulnerability Exploitation
Verizon's 2024 DBIR Report - Mapping Mitre Att&CK tactics and techniques to Incident Classification Patterns
Verizon's 2024 DBIR Report - Mapping CIS Controls to Incident Classification Patterns
Exploring the Anatomy of an Exploited CVE with VulnCheck KEV
Reimagining How We Think About Threat Actors

🎥 Educational Videos

Topic
VulnCheck Getting Started Series
Stakeholder Specific Vulnerability Categorization
What is Common Vulnerability Scoring System (CVSS) v4?
What is Exploit Prediction Scoring System (EPSS)?
What is a Honeypot?

📢 Speaking Enagements

Event Talk / Presentation Slides
Grrcon 2025 Responding to Emerging Threats Amidst the Shitpile of Vulnerability Debt Grrcon 2025 Slides
Threatcon1 2025 Panel Hours, Not Days: The Race from Disclosure to In-the-Wild Exploitation
Threatcon1 2025 How to Triage & Research Vulnerability Data With Community Tools
GoSecure 2025 Keynote - Exploited CVEs of 2025: Lessons for Vendors and Defenders GoSec Keynote Slides
Infosec Europe 2025 Tackling Emerging Threats: It Starts with a Single Vulnerability
VulnCon 2025 Exploited CVEs of 2024: Lessons for Vendors and Defenders Vulncon 2025 Slides
Vuln4Cast 2024 Insights from 3,000 Known Exploited Vulnerabilities: What Can We Learn? Vuln4Cast 2024 Presentation
Vuln4Cast 2024 Building Trust Through Transparency: Democratizing Vulnerability Data and Strengthening Defenses
VulnCon 2024 CISA Panel What It Takes to Lead America’s Vulnerability Management Team Animation for Panel

🎤 Podcasts

Podcast Topic
Resilient Cyber Fixing the Broken Vulnerability Management System
The Cyber Security Recruiter Podcast https://www.youtube.com/watch?v=5-pYX3V0m-8
Threatcon1 Building a Proactive Cyber Strategy with Focus and Cross team Collaboration
Threatcon1 Cyber Ops Experience Meets Following Industry Money with Mike Privette
Threatcon1 CVE's Emerging Threats and Horror Movies with Tod Beardsley (RunZero)
Threatcon1 The Ins and Outs of Offensive Cyber with Andrew Boyd
Threatcon1 Cyber Summer Break with Jen Easterly
CISO Tradecraft Understanding Vulnerabilities, Exploits, and Cybersecurity
Open Source Security CVE update with Patrick Garrity
Resilient Cyber The Potential Collapse of CVE & Implications for Cyber
GRC Academy Why Threat Intel is Essential for Vulnerability Management with Patrick Garrity
Eclypsium The Complexities of Vulnerability Tracking and Prioritization
The Security Table CVSS 4.0 Unleashed with Patrick Garrity
Kiteworks Safeguarding Vulnerabilities
ITintheD AI’s Impact on Security
Enterprise Security Weekly Getting Vulnerability Management Back on the Rails
Intel471 Vulnerability Management and Patching: Outrunning Attackers
RiskyBiz Talking with Nucleus Security about vulnerability threat intelligence
Unscripted with David Raviv Fireside Chat

Webinars

Host Topic
Mass Device From Ransomware to Regulation: The New Business Reality for Medical Device Cybersecurity
VulnCheck Exploitation Trends in the First Half of 2025

Acting

Duo MFA Dance Walk

Projects I'm Involved in

Extended Vulnerability Community Discord Mod CVE Consumer Working Group

Other Fun Projects

Embarrasing Old Youtube Videos] Stevie Rich Supply

Pinned Loading

  1. hoodwink hoodwink Public

    Gain Visibility into SaaS Adoption

    Python 3 1

  2. Free-Vuln-Tools Free-Vuln-Tools Public

    8

  3. FIRSTdotorg/epss-vendors FIRSTdotorg/epss-vendors Public

    14 39

  4. threatcon1-lab threatcon1-lab Public

    ThreatCon1 Lab

    Python 1

  5. vulncheck-oss/vulnerability-research vulncheck-oss/vulnerability-research Public

    Jupyter Notebook 5 1

  6. vulnerability-scoring-systems vulnerability-scoring-systems Public

    25 6