Jonathan Risto

With a career spanning over 20 years that has included working in network design, IP telephony, service development, security and project management, Jonathan has a deep technical background that provides a wealth of information he draws upon when teaching. Currently, Jonathan works for the Canadian Government conducting cyber security research in the areas of vulnerability management and automated remediation. He is also an independent security consultant. Jonathan is a co-author and instructor for SANS LDR516: Building and Leading Vulnerability Management Programs.

More About Jonathan


Starting with his first Commodore 64, Jonathan has always loved computers. Fresh out of school, he designed and implemented networks for a wide variety of businesses – both in size and industry - which helped solidify his understanding of how networks function. Additional work on email system design, and Voice over IP system design, installation and support gave him more experience higher up the stack and understanding of how all these components interrelate. Capitalizing on this background, Jonathan moved into security and security research work, specifically vulnerability management and remediation. Understanding the different layers of environments, from networks through the applications and how these components all interact, helps inform all of the different facets needed to effectively manage and deal with networks from a vulnerability management perspective.

Over a decade ago, Jonathan was an operations prime when he took his first SANS courses, FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics, and, two weeks later, SEC617: Wireless Penetration Testing and Ethical Hacking. His mind was blown by the quality and quantity of the information presented, as well as the caliber and experience of the instructors. In less than a year, Jonathan himself was engaging with SANS as a mentor instructor and has been teaching with SANS ever since.

Jonathan loves teaching so much that he often keeps in touch with many students for years afterwards. He thoroughly enjoys learning from them as much as they learn from him. Giving back to the community and sharing the information is very important to Jonathan. He believes one thing “the bad guys” do quite well is to share information, and he feels strongly that teaching allows him do this for those trying to win the battle on the right side. Seeing the heads nodding, the "lights going on", or after teaching a section having students come and state that this was the exact problem they had at work and now they know how to tackle it, reaffirms his choice to be an author and instructor.

Vulnerability management spans the entire spectrum of IT, requiring practitioners to interface with the system and network administrators, IT architects, operations teams, and the change management group, to name but a few. It takes a lot of understanding to be able to work in this space, so Jonathan’s diverse background has provided him with knowledge that he leverages in vulnerability management. He’s able to talk IP and routers as needed, get into Linux specifics, discuss architecture challenges, and even dig into root causes and incident handling. Helping people unscramble the puzzle that is before them into manageable pieces to create a successful Vulnerability Management Program - and not just a collection of parts - is truly rewarding for Jonathan. Vulnerability management can be overwhelming, but can be guided by the same principle as “How do you eat an elephant?” “One bite at a time.”

After one of his classes last year, Jonathan was talking with a student, asking for feedback on how he may be able to improve the course based on her experience and background. She looked him right in the eyes and said that this was exactly the course she was looking for. Her company, a large international organization, needed to implement a more robust program than their current one. She said that Jonathan’s teaching had given her a roadmap, and because of that, she knew exactly what she needed to do and had already started a plan to do it. Additionally, she said, because of what she had learned in class, she would end up being promoted and her career would continue to advance and even accelerate, as she could clearly see how to resolve issues that had been causing problems for the organization. That impact is why Jonathan loves teaching.

Jonathan holds a Master's Degree in Information Security Management from the SANS Technology Institute, a Bachelor's Degree in Electrical Engineering from Queen’s University in Kingston Ontario, and is a Licensed Professional Engineer (P.Eng.). He holds 11 different GIAC Certifications, including GSNA, GCCC, GWAPT, GLEG, GCPM, GSEC, GPEN, GSLC, GCIH, GAWN, and GCFA. For more than seven years, Jonathan has sat on the Board of Directors for a local charity and is involved with the judging of the local high school science fairs.

When not researching, teaching, or doing good in other ways, Jonathan is kept busy by his three daughters, but when possible, he enjoys the outdoors, astronomy, and photography.

Listen to Jonathan presenting about the SANS Vulnerability Management Maturity Model in this webcast:


Key Metrics: Cloud and Enterprise | Vulnerability Management Maturity Model (VMMM)

WEBCASTS - Recent & Upcoming



  • The Cyber Capability Development Centre (CCDC) Concept, May 2019
  • Auditing Windows Installed Software Through Command Line Scripts, Nov 2016
  • Windows Installed Software Inventory; Gathering the Information Needed For the 20 Critical Controls, Sept 2016
  • Polymorphic, Multi-lingual Websites: A Theoretical Approach for Improved Website Security, July 2016
  • Endpoint Security Through Device Configuration, Policy and Network Isolation, July 2016
  • Success Rates for Client Side Vulnerabilities, June 2016
  • Reliability of Exploits and Consequences for Decision Support, August 2015
  • Exercise: It’s Not Just for Your Body Anymore; A Comparative Examination of the Types of Cyber Exercises Possible, Feb 2015
  • Wireless Networks and the Windows Registry - Just Where Has Your Computer Been?, May 2011