Security auditors should update risk driven methodologies says Hoelzer

London, UK – SANS Spring London 2016 will welcome a growing community of security auditors set to refresh skills on the recently updated AUD507: Auditing & Monitoring Networks, Perimeters & Systems course which is one of eight security training tracks in London in February.

According to course author and industry expert David Hoelzer, "One of the struggles that IT auditors face today is assisting management to understand the relationship between the technical controls and the risks to the business that these affect. This track is organised specifically to provide a risk driven method for tackling the enormous task of designing an enterprise security validation program."

Hoelzer, a SANS Fellow instructor and author of more than twenty sections of SANS courseware, is an expert in a variety of information security fields and was recently called upon to serve as an expert witness for the Federal Trade Commission for ground-breaking GLBA Privacy Rule litigation. Over a 25 year career, Hoelzer has also written and contributed to more than 15 peer reviewed books, publications, and journal articles on all manner of security topics including extensive works on audit.

"In today's information security world, most enterprises are either already moving toward or seriously considering moving toward compliance with any number of a variety of security standards that represent best practice.," says Hoelzer, "One of the key topics covered in this material is an effective risk based method for the specification or selection of controls. This skill set allows you to analyse an existing set of controls, a business process, an audit exception or a security incident, identifying any missing or ineffective controls. More importantly, perhaps, you will be able to easily identify what corrective actions will eliminate the problem in the future."

As a SANS instructor, Hoelzer has trained security professionals from organisations including NSA, DHHS, Fortune 500 security engineers and managers. In his view, "Auditors, Administrators and Security Managers alike walk away with a 'To-Do' list far longer than the one that they arrive with. The aim is to align your security operations and auditing with business operations in a way that delivers the biggest return on investment."

SANS London Spring runs from February the 29th to 5th March with all classes taking place in the Grand Connaught Rooms in the heart of London's West End. Many courses at SANS London Spring have an associated GIAC examination and certification attempts are available at a reduced rate when bundled with training. SANS are also offering an OnDemand version of courses at a discounted rate to assist with exam preparation. The full list of courses includes:

  • SEC560: Network Penetration Testing and Ethical Hacking with Erik Van Buggenhout
  • SEC401: Security Essentials Bootcamp Style with Dr. Eric Cole
  • SEC504: Hacker Tools, Techniques, Exploits and Incident Handling
  • SEC542: Web App Penetration Testing and Ethical Hacking with Pieter Danhieux
  • SEC760: Advanced Exploit Development for Penetration Testers with Jake Williams
  • FOR508: Advanced Digital Forensics and Incident Response with Jess Garcia
  • FOR526: Memory Forensics In-Depth with Alissa Torres
  • AUD507: Auditing & Monitoring Networks, Perimeters & Systems with David Hoelzer

The event also offers evening socialising and networking opportunities involving SANS Instructors and fellow industry peers. Demand for places at SANS London events have always been high so attendees are recommended to register online as soon as possible. For more information please visit

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions world-wide. Renowned SANS instructors teach more than 60 courses at in-person and virtual cyber security training events and on demand. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (