Get an iPad mini, ASUS ZenScreen LED Monitor, or $350 Off with OnDemand Training thru 5/19


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Cloud Security Vulnerabilities, Management, and Communication

  • Wednesday, December 18, 2019 at 3:30 PM EST (2019-12-18 20:30:00 UTC)
  • David Hazar

You can now attend the webcast using your mobile device!



While many organizations are still struggling to manage vulnerabilities on-premise, there are many that now have to deal with vulnerabilities in the Cloud as well. If this is not the case for your organization today, it may be in the very near future. How does Cloud affect vulnerability management (VM)? Do we need to do anything differently to account for cloud workloads? Is moving to the Cloud going to help or hurt our vulnerability management efforts? What are the options for finding and treating vulnerabilities in the Cloud? Does my reporting and communication need to change? These are common questions I hear as I discuss this important topic with others.

Cloud and development methodologies commonly used in the Cloud definitely require us to adapt some of our processes and technology. However, they also present some unique opportunities to lighten our VM workload and leverage cloud capabilities and services to streamline our treatment processes and procedures. This presentation will provide answers to these questions and highlight some of the impacts and benefits of Cloud on managing security vulnerabilities.

Speaker Bio

David Hazar

David is a security consultant based in Salt Lake City, Utah focused on vulnerability management, application security, cloud security, and DevOps. David has 20+ years of broad, deep technical experience gained from a wide variety of IT functions held throughout his career, including: Developer, Server Admin, Network Admin, Domain Admin, Telephony Admin, Database Admin/Developer, Security Engineer, Risk Manager, and AppSec Engineer. David is a co-author and instructor for MGT516: Managing Security Vulnerabilities: Enterprise and Cloud, an instructor for and contributor to SEC540: Cloud Security and DevOps Automation, and has also developed and led technical security training initiatives at many of the companies for which he has worked. Read more about David here.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.