How would you conduct regular vulnerability assessments across internal networks and external-facing applications?