News of the Log4j vulnerability first emerged two months ago, and many organizations still struggle to identify and mitigate the risk. Now, amid threats of Russian cyberattacks resulting from the Ukraine standoff, the universal message is to patch all vulnerabilities. So how exposed does Log4j leave the United States’ most critical industries? SC Media spoke to Jon France, the new chief information security officer for cyber training and certification organization (ISC)², to get his perspective.