Got GIAC? Free GIAC Cert Attempt Included with OnDemand 5 or 6 Day Training thru July 7


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Current State of Vulnerability Management: Part 1 of the SANS Vulnerability Management Survey Results

  • Tuesday, April 09, 2019 at 1:00 PM EDT (2019-04-09 17:00:00 UTC)
  • Andrew Laman, David Hoelzer, RJ Gazarek, Michael Rosen


  • Balbix
  • Bromium
  • Tenable
  • Veracode

You can now attend the webcast using your mobile device!



Challenged with rapidly changing computing platforms and a growing threat landscape, organizations are struggling to manage their vulnerabilities. This SANS survey investigates how organizations are managing vulnerabilities across their endpoints, applications, cloud services and business partners.

Attendees at this first part of a two-session webcast will gain insight into survey results with specific emphasis on:

  • Current status of vulnerability management programs
  • Where responsibility for vulnerability management lies
  • Vulnerability scanning practices
  • Patching practices

The second session, on Wednesday, April 10, 2019, at 1 PM Eastern, will focus on the vulnerability practices of tomorrow. Click here to register for that webcast.

Register today to be among the first to receive the associated results whitepaper written by SANS Analyst Andrew Laman, with advice from David Hoelzer.

Speaker Bios

Andrew Laman

Andrew Laman teaches SEC503 Intrusion Detection In-Depth, for the SANS Institute. With more than 25 years of IT and security experience in multiple industries, he holds multiple GIAC certifications, including the GIAC Security Expert (GSE) and key certifications in the cyber defense, digital forensics and incident response, and penetration testing certification tracks, as well as the CISSP and a variety of other industry certifications. Andy is the founder and principal consultant at A4 InfoSec, an independent consulting firm with services focused on monitoring, detection and incident response. He previously held lead security positions in Fortune 500 and global companies.

David Hoelzer

David Hoelzer is a SANS fellow instructor, courseware author and dean of faculty for the SANS Technology Institute. In addition to bringing the GIAC Security Expert certification to life, he has held practically every IT and security role during his career. David is a research fellow in the Center for Cybermedia Research, the Identity Theft and Financial Fraud Research Operations Center (ITFF/ROC), and the Internet Forensics Lab. Currently, David serves as the principal examiner and director of research for a New York/Las Vegas-based incident response and forensics company and is the chief information security officer for an open source security software solution provider.

RJ Gazarek

RJ Gazarek is a senior product marketing manager at Veracode, working as part of the product strategy team on the Software Composition Analysis and Greenlight product lines. Combining 10 years of marketing experience, an education in psychology and a personal background in IT, RJ brings a unique perspective to the cybersecurity market. His job is to be the voice of Veracode's customers, while keeping his finger on the pulse of the rapidly changing market for application security.

Michael Rosen

As Senior Product Manager, Threat Intelligence and Technical Marketing at Bromium, Michael Rosen brings an extensive track record in security product management and technical product marketing, making complex concepts readily accessible to general audiences. He has an MBA in Information Systems and a Juris Doctor degree in law, along with a hands-on technical background in malware analysis, encryption products and multi-vector advanced threat defense. He is passionate about spreading the gospel of safe computing.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.