SANS Rocky Mountain Fall is Live Online! Join us Nov 2-7 MT for 17 interactive courses + NetWars. Save $300 thru 10/7.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Cloud Security Vulnerabilities, Management, and Communication

  • Wednesday, December 18, 2019 at 3:30 PM EST (2019-12-18 20:30:00 UTC)
  • David Hazar

You can now attend the webcast using your mobile device!



While many organizations are still struggling to manage vulnerabilities on-premise, there are many that now have to deal with vulnerabilities in the Cloud as well. If this is not the case for your organization today, it may be in the very near future. How does Cloud affect vulnerability management (VM)? Do we need to do anything differently to account for cloud workloads? Is moving to the Cloud going to help or hurt our vulnerability management efforts? What are the options for finding and treating vulnerabilities in the Cloud? Does my reporting and communication need to change? These are common questions I hear as I discuss this important topic with others.

Cloud and development methodologies commonly used in the Cloud definitely require us to adapt some of our processes and technology. However, they also present some unique opportunities to lighten our VM workload and leverage cloud capabilities and services to streamline our treatment processes and procedures. This presentation will provide answers to these questions and highlight some of the impacts and benefits of Cloud on managing security vulnerabilities.

Speaker Bio

David Hazar

David Hazar is a SANS analyst, instructor and co-author of SANS MGT516: Managing Security Vulnerabilities: Enterprise and Cloud. He also is an instructor for SANS SEC540: Cloud Security and DevOps Automation. With close to 20 years of broad, deep technical experience gained from a variety of hands-on roles serving the financial, healthcare and technology industries, his current areas of focus include vulnerability management, application security, cloud security and secure DevOps. He holds the CISSP, GWAPT, GWEB, GMOB, GCIA, GCIH, GCUX, GCWN, GSSP-.NET and GSTRT certifications.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.