Two Days Left to Get a Free GIAC Certification Attempt or Take $350 Off with OnDemand or vLive Training!


Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

SANS to Debut New Vulnerability Management Course at 2020 New Orleans Cyber Security Training Event

Identify and Solve Problems Across On-Premise and Cloud Environments

  • Bethesda, MD
  • November 4, 2019

SANS Institute, the global leader in cyber security training and certifications, today announced SANS Security East 2020 (#SANSSecEast), which will take place February 1-8 in New Orleans.The event features more than 25 cutting-edge courses and evening talks to help InfoSec professionals build the vital skills needed to more effectively combat the growing wave of breaches and cyber attacks. Included among the course line-up is the new SANS course, MGT516: Managing Security Vulnerabilities: Enterprise and Cloud, which presents a holistic view of vulnerability management (VM) across infrastructure and applications and across on-premise and cloud environments.

MGT516 course co-author and instructor, David Hazar (@HazarDSec), explains that he finds many VM programs to be hyper-focused on activities that security can exclusively control—like governance, identification, and prioritization. "At times, these programs are also fractured between different groups who specialize in different areas such as infrastructure versus applications or on-premise versus cloud. If this approach to vulnerability management was successful", says Hazar "we wouldn't still be struggling with identifying vulnerabilities more than 20 years after the first tools were released to enable automated identification."

MGT516 covers all aspects of the VM lifecycle, from identification to treatment across both infrastructure and applications, and builds upon best practices while challenging some of the preconceptions about which activities are most important. It also provides guidance on how VM is evolving as organizations move to the cloud and implement DevOps practices in their environments and how to respond to these changes. "Join me in New Orleans to learn strategies to solve the seemingly unsolvable problem that still plagues many organizations and is the underlying reason for many of the other security activities and processes we have put in place over the years," concludes Hazar.

SANS Security East 2020 provides attendees the opportunity to learn new aspects of information security from industry experts. With the skills learned, InfoSec professionals can improve their organization’s security posture. Additional course offerings include SEC301: Introduction to Cyber Security, SEC455: SIEM Design & Implementation, SEC450: Blue Team Fundamentals: Security Operations and Analysis, SEC503: Intrusion Detection In-Depth, SEC564: Red Team Exercises & Adversary Emulation, and more. Attendees can test their security skills at the Core NetWars Tournament, DFIR NetWars Tournament, and the Cyber Defense NetWars Tournament.

For a complete list of courses and evening talks, or to register for SANS Security East 2020, visit:

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 60 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates a practitioner's qualifications via over 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system—the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (