The Secret to Vulnerability Management

Vulnerability management can at times seem like a problem with no solution. While there is no simple solution to vulnerability management and our work will never be done, there are solutions, and we can successfully reduce the vulnerabilities in our environment to a much more manageable level. Every week will bring new vulnerabilities, but with the right processes and procedures, out technology and development organizations will know how to respond. The biggest secret to vulnerability management is recognizing that vulnerability management isn’t the problem. Join us to discover the secret to vulnerability management.
About the Speaker
David Hazar is a security consultant based in Salt Lake City, Utah focused on vulnerability management, application security, cloud security, and DevOps. David has 20+ years of broad, deep technical experience gained from a wide variety of IT functions held throughout his career, including: Developer, Server Admin, Network Admin, Domain Admin, Telephony Admin, Database Admin/Developer, Security Engineer, Risk Manager, and AppSec Engineer. David is a co-author and instructor for MGT516: Managing Security Vulnerabilities: Enterprise and Cloud, an instructor for and contributor to SEC540: Cloud Security and DevOps Automation, and has also developed and led technical security training initiatives at many of the companies for which he has worked. Read more about David at www.sans.org/profiles/david-h...
MGT516: Building and Leading Vulnerability Management Programs
www.sans.org/cyber-security-c...
Learn more about SANS Cybersecurity Leadership Curriculum at www.sans.org/cybersercurity-leadership
Connect with us on social:
LinkedIn - SANS Security Leadership
Twitter - @secleadership
KZhead - SANS Institute - Cybersecurity Leadership playlist
Discord - www.sansurl.com/leadership-discord
SANS is the most trusted and by far the largest source for information security training and security certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - the Internet Storm Center.