Join us for the FREE Cyber Defense Forum | Live Online on October 9

Security East 2020

New Orleans, LA | Sat, Feb 1 - Sat, Feb 8, 2020
This event is over,
but there are more training opportunities.

Top 5 Vulnerability Management Failures (and Best Practices)

  • David Hazar
  • Tuesday, February 4th, 8:15pm - 9:15pm

We have had tools and technology to help us identify vulnerabilities for over 20 years. The Nessus project began in 1998. Qualys and Rapid7 released products shortly thereafter. Tools for identifying vulnerabilities in code were made available around the same time with AppScan, Fortify, WebInspect, and Acunetix being just a handful of early options. The number of identification mechanisms and the maturity of tools has greatly increased over the years, yet we still struggle to eliminate vulnerabilities in our environments. Why can't we solve this seemingly simple problem?

Obviously, identification is not the key to effective vulnerability management. So, what should we be doing and what are some of the reasons we are failing? Join me as I share examples of the struggles many of my clients are facing and discuss the best practices that can help organizations avoid these failures.

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
  • Lunch & Learn: Short presentations given during the lunch break.
Sunday, February 2
Session Speaker Time Type
Pre-Event Registration Sunday, February 2nd, 4:00pm - 6:00pm Special Events
Security East 2020 Welcome Reception at Fulton Alley Sunday, February 2nd, 6:00pm - 9:00pm Special Events
Monday, February 3
Session Speaker Time Type
General Session - Welcome to SANS Bryan Simon Monday, February 3rd, 8:00am - 8:30am Special Events
Everything You Ever Learned About Passwords Is Wrong Keith Palmgren Monday, February 3rd, 7:15pm - 9:15pm Keynote
Tuesday, February 4
Session Speaker Time Type
Coffee & Donuts with the College Students Tuesday, February 4th, 7:30am - 9:00am Special Events
Securing Modern Software Mark-Christian Reid, Application Security Architect Tuesday, February 4th, 12:30pm - 1:15pm Lunch and Learn
Community CONNECT: Cyber Information Session Tuesday, February 4th, 6:30pm - 7:30pm Special Events
Who's in your wallet? Capital One Debrief & Post Mortem Eric Johnson Tuesday, February 4th, 7:15pm - 8:15pm SANS@Night
Enterprise Security Architecture - It may not be what you think! Mark Williams Tuesday, February 4th, 7:15pm - 8:15pm SANS@Night
Virtuous Cycles: Rethinking the SOC for Long-Term Success John Hubbard Tuesday, February 4th, 8:15pm - 9:15pm SANS@Night
Top 5 Vulnerability Management Failures (and Best Practices) David Hazar Tuesday, February 4th, 8:15pm - 9:15pm SANS@Night
Wednesday, February 5
Session Speaker Time Type
Machine Learning and Network Monitoring: Welcome to the Machine David Hoelzer Wednesday, February 5th, 7:15pm - 8:15pm SANS@Night
What is New with Volatility 3.0: Memory Forensics on the Rails Alissa Torres Wednesday, February 5th, 7:15pm - 8:15pm SANS@Night
Web Apps Dripping with Honey Mick Douglas Wednesday, February 5th, 8:15pm - 9:15pm SANS@Night