Get an iPad mini, ASUS ZenScreen LED Monitor, or $350 Off with OnDemand Training thru 5/19


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

How to Communicate about Security Vulnerabilities

  • Thursday, January 16, 2020 at 3:30 PM EST (2020-01-16 20:30:00 UTC)
  • Jonathan Risto

You can now attend the webcast using your mobile device!



Most organizations know they have problems within their environments. Yet week after week, month after month, we end up with the same items being found, and remediation work not completed. At times we feel like we are herding cats (conducting a lot of work with minimal fruitful results). 

The challenge is that we are often causing our own failures, not by what we are asking our operation partners to do, but how we are communicating with them. Overloading our partners with what is often perceived as a set of non-achievable tasks to complete only sets us up for failure. In this webcast I will contrast different communication methods, highlighting what works and why they are effective in dealing with the different target audiences (executives, management and peers).

Speaker Bio

Jonathan Risto

With a career spanning over 20 years that has included working in network design, IP telephony, service development, security and project management, Jonathan has a deep technical background that provides a wealth of information he draws upon when teaching. Currently, Jonathan works for the Canadian Government conducting cyber security research in the areas of vulnerability management and automated remediation. He is also an independent security consultant. Jonathan is a co-author and instructor for SANS MGT516: Managing Security Vulnerabilities – Enterprise and Cloud, and has been an instructor for both SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling and SEC440: Critical Security Controls: Planning, Implementing, and Auditing. Read more about Jonathan here.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.