SANS Rocky Mountain Fall is Live Online! Join us Nov 2-7 MT for 17 interactive courses + NetWars. Save $300 thru 10/7.


Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

SANS to Debut New Vulnerability Management Course at 2020 New Orleans Cyber Security Training Event

Identify and Solve Problems Across On-Premise and Cloud Environments

  • Bethesda, MD
  • November 4, 2019

SANS Institute, the global leader in cyber security training and certifications, today announced SANS Security East 2020 (#SANSSecEast), which will take place February 1-8 in New Orleans.The event features more than 25 cutting-edge courses and evening talks to help InfoSec professionals build the vital skills needed to more effectively combat the growing wave of breaches and cyber attacks. Included among the course line-up is the new SANS course, MGT516: Managing Security Vulnerabilities: Enterprise and Cloud, which presents a holistic view of vulnerability management (VM) across infrastructure and applications and across on-premise and cloud environments.

MGT516 course co-author and instructor, David Hazar (@HazarDSec), explains that he finds many VM programs to be hyper-focused on activities that security can exclusively control—like governance, identification, and prioritization. "At times, these programs are also fractured between different groups who specialize in different areas such as infrastructure versus applications or on-premise versus cloud. If this approach to vulnerability management was successful", says Hazar "we wouldn't still be struggling with identifying vulnerabilities more than 20 years after the first tools were released to enable automated identification."

MGT516 covers all aspects of the VM lifecycle, from identification to treatment across both infrastructure and applications, and builds upon best practices while challenging some of the preconceptions about which activities are most important. It also provides guidance on how VM is evolving as organizations move to the cloud and implement DevOps practices in their environments and how to respond to these changes. "Join me in New Orleans to learn strategies to solve the seemingly unsolvable problem that still plagues many organizations and is the underlying reason for many of the other security activities and processes we have put in place over the years," concludes Hazar.

SANS Security East 2020 provides attendees the opportunity to learn new aspects of information security from industry experts. With the skills learned, InfoSec professionals can improve their organization’s security posture. Additional course offerings include SEC301: Introduction to Cyber Security, SEC455: SIEM Design & Implementation, SEC450: Blue Team Fundamentals: Security Operations and Analysis, SEC503: Intrusion Detection In-Depth, SEC564: Red Team Exercises & Adversary Emulation, and more. Attendees can test their security skills at the Core NetWars Tournament, DFIR NetWars Tournament, and the Cyber Defense NetWars Tournament.

For a complete list of courses and evening talks, or to register for SANS Security East 2020, visit:

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions worldwide. Renowned SANS instructors teach more than 60 courses at In-Person and Live Online cyber security training events, and more than 50 courses are available anytime, anywhere with our OnDemand platform. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system – the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (