SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
Major updates
LDR516: Strategic Vulnerability and Threat Management
LDR516Cybersecurity Leadership
- 5 Days (Instructor-Led)
- 30 Hours (Self-Paced)
Course authored by:
Jonathan Risto
Course authored by:Jonathan Risto
- 30 CPEs
Apply your credits to renew your certifications
- In-Person, Virtual or Self-Paced
Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months
- 11 Hands-On Lab(s)
Apply what you learn with hands-on exercises and labs
Integrate strategic and tactical approaches to level up enterprise vulnerability management programs while addressing infrastructure and cloud environment challenges.
Featured Quote
Excellent labs. More fun than I thought possible with vulnerability management.
Course Overview
This course equips security leaders with the strategies, tools, and insights needed to build and mature vulnerability management (VM) programs that reduce real-world risk. With a strong emphasis on business alignment, risk-based prioritization, and modern threat modeling, you’ll develop the skills to lead VM initiatives across traditional, cloud, and hybrid environments.
Through 11 artificial intelligence (AI)-powered labs and the Cyber42 simulation game, you’ll gain the hands-on and strategic experience needed to make vulnerability management work—at scale, and with impact.
What You'll Learn
- Build and evolve vulnerability management programs across traditional, cloud, IoT, and hybrid environments
- Prioritize vulnerabilities using business-aligned context and threat intelligence
- Develop and apply VM metrics to measure program maturity, demonstrate risk reduction, and drive stakeholder support
- Design remediation strategies that include patching, compensating controls, and automated tools to minimize exposure
- Communicate vulnerability risk effectively to executives, IT, and business units using tailored reporting and dashboards
- Align VM with regulatory frameworks (e.g., NIS2, NIST, HIPAA, GDPR, CRA) and board-level governance for sustainable compliance
Business Takeaways
- Assess organizational strengths, weaknesses, and maturity in vulnerability management programs
- Prepare for and respond to critical vulnerabilities and zero-day issues
- Prioritize security investments using data-driven decision-making and contextual risk models
- Translate technical VM findings into business impact to improve executive understanding and buy-in
- Uncover hidden obstacles by grouping and analyzing vulnerabilities
- Use program metrics and reporting to improve compliance posture and guide continuous improvement
- Implement proactive remediation capabilities
Meet Your Author
Jonathan Risto
Principal InstructorWith a career spanning 20+ years and has included working in-network design, IP telephony, service development, security and project management, Jonathan has a deep technical background that provides a wealth of knowledge he draws upon when teaching.
Read more about Jonathan RistoCourse Syllabus
Explore the course syllabus below to view the full range of topics covered in LDR516: Strategic Vulnerability and Threat Management.
Section 1Vulnerability Management Design and Planning
This section introduces the strategic role of vulnerability management and lays the foundation for building effective, business-aligned programs. You’ll explore how asset inventory, contextual data, and cloud architecture influence risk visibility and program design.
Topics covered
- Foundation of vulnerability management (VM)
- Asset management and attack surface understanding
- Assessment techniques
- Common challenges and pitfalls
- Responding to evolving threats
Labs
- Defining VM Value
- Communicating Critical Flaws
- VM Alignment
- Cyber42 Game Round 1
Section 2Vulnerability Identification
This section addresses the technical and organizational challenges of identifying vulnerabilities across infrastructure, applications, and cloud-native services. You’ll examine discovery architecture, scan methods, and third-party coordination for responsible disclosure.
Topics covered
- Prioritization strategies
- Remediation approaches
- Measuring and tracking success
- Risk management and documentation
- Governance and stakeholder engagement
Labs
- Scanning Techniques
- Scan Validation
- Pipeline Integration Demo
- Cyber42 Game Round 2
Section 3Vulnerability Analysis, Metrics, and Communication
This section focuses on interpreting vulnerability data, correcting inaccuracies, and turning technical risk into actionable insights. You’ll learn to prioritize vulnerabilities, measure program maturity, and communicate risk effectively across the business.
Topics covered
- Risk-based and strategic metrics
- Effective reporting and communication
- Automation and efficiency
- Driving culture change and executive engagement
- Integration with incident response
Labs
- Contextual Prioritization
- Board Briefing
- Translate for Your Audience
- Cyber42 Game Round 3
Section 4Driving Remediation and Automation
This section explores how organizations treat vulnerabilities effectively across hybrid environments. You’ll examine patching, compensating controls, automation techniques, and how to align remediation with change and configuration management.
Topics covered
- Compliance and regulatory alignment
- Preparedness and response
- Post-incident and continuous improvement
- Roles, responsibilities, and risk ownership
- Evolving VM with technology
Labs
- Changing Culture
- Gold Image Pipeline
- Remediation Effectiveness
- Cyber42 Game Round 4
Section 5Collaboration and Continuous Improvement
This final section synthesizes course themes and focuses on advancing vulnerability management maturity. You'll explore stakeholder mapping, continuous improvement strategies, and program design aligned with business goals and future-readiness.
Topics covered
- Proactive VM
- CTEM (Continuous Threat Exposure Management)
- Adoption challenges and solutions
- Emerging risks and technology
- Future-ready governance
Labs
- VM Buy-In
- Attack Path Analysis
- CTEM Program Design
- Cyber42 Game Final Round
Things You Need To Know
Relevant Job Roles
Operational Leader
Cybersecurity LeadershipOperate from the point of view of an adversary in order to protect you most sensitive assets.
Explore learning pathSecurity Manager
Cybersecurity LeadershipDaily focus is on the leadership of technical teams. Includes titles such as Technical Director, Manager, and Team Lead.
Explore learning pathSenior Security Leader
Cybersecurity LeadershipDaily focus is on the leadership of technical teams. Includes titles such as Technical Director, Manager, and Team Lead.
Explore learning pathVulnerability Analysis (OPM 541)
NICE: Protection and DefenseResponsible for assessing systems and networks to identify deviations from acceptable configurations, enclave policy, or local policy. Measure effectiveness of defense-in-depth architecture against known vulnerabilities.
Explore learning pathCybersecurity Researcher
European Cybersecurity Skills FrameworkResearch the cybersecurity domain and incorporate results in cybersecurity solutions.
Explore learning pathCourse Schedule & Pricing
Looking for Group Purchasing Options?Contact Us
OnDemand Bundle
When purchasing a live, instructor-led course, add 4 months of online access. View price in the info icons below.
SANS Skills Quest by NetWars Core Edition
Add 6 months of hands-on skills practice. Add to your cart when purchasing your course.
Filter by:
Location & instructorDate & TimeCourse priceRegistration Options
- Location & instructor
Virtual (OnDemand)
Instructed by Jonathan RistoDate & TimeOnDemand (Anytime)Self-Paced, 4 months accessCourse price$8,260 USD*Prices exclude applicable local taxesRegistration Options - Location & instructor
Las Vegas, NV, US & Virtual (live)
Instructed by Jonathan RistoDate & TimeFetching schedule..View event detailsCourse price$8,260 USD*Prices exclude applicable local taxes - Location & instructor
Virtual (live)
Instructed by Jonathan RistoDate & TimeFetching schedule..View event detailsCourse price$8,260 USD*Prices exclude applicable local taxesRegistration Options - Location & instructor
Washington, DC, US & Virtual (live)
Instructed by Jonathan RistoDate & TimeFetching schedule..View event detailsCourse price$8,260 USD*Prices exclude applicable local taxes - Location & instructor
Amsterdam, NL & Virtual (live)
Instructed by Kevin GarveyDate & TimeFetching schedule..View event detailsCourse price€7,715 EUR*Prices exclude applicable local taxes
Showing 5 of 5
Learn Alongside Leading Cybersecurity Professionals From Around The World
- Slide 1 of 3It is excellent for people who are creating and implementing their VMP. The course is detailed, thorough, and sets clear expectations for a successful program.
- Slide 2 of 3Great class full of new info for beginners and experienced VM folks. Thank you!
- Slide 3 of 3I have really enjoyed the discussions around these labs and hearing similarities from other users. I think this format for labs is fun.
Slide 1 of 0
(1/0)
Benefits of Learning with SANS
Get feedback from the world’s best cybersecurity experts and instructors
Choose how you want to learn - online, on demand, or at our live in-person training events
Get access to our range of industry-leading courses and resources