Live, interactive cybersecurity training available through SANS Live Online. View upcoming events.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Dont risk it - Using a risk-based approach to increase the security of web apps and other IT assets.

  • Thursday, May 28, 2015 at 3:00 PM EDT (2015-05-28 19:00:00 UTC)
  • Demetrios Lazarikos (Laz) , John Pescatore


  • WhiteHat Security

You can now attend the webcast using your mobile device!




  • The risk-based approach to understanding and reducing the risk of security breaches is key to: Knowing which application security vulnerabilities leave the business most exposed to breaches and why.
  • Gaining visibility into your application security risks and the optimal approach to reducing those risks?
  • Determining and quantifying the level of risk you are willing to accept for breaches that occur in your externally facing web applications.

While many organizations understand the value of the risk-based approach, they need guidance on best practices for implementation. In this webinar, we will discuss how to transform application security with a business-focused approach to managing risk. This will be relevant to Chief Information Security Officers (CISOs) and security managers who are looking to establish proven processes for identifying, reducing and communicating application security risk levels.

In this webinar, participants will be informed about implementing risk-based approaches used by leading industry practitioners to secure their web application and IT assets. Topics to be discussed include industry best practices used to:

  • Align application security projects and deliverables with business drivers
  • Select the most meaningful metrics for tracking application security and driving higher levels of resiliency
  • Create dashboards that track key metrics, highlight key trends quantify the potential application risks identified

Speaker Bios

John Pescatore

John Pescatore joined SANS as director of emerging security trends in January 2013, bringing with him over 35 years of experience in computer, network and information security. Prior to SANS, he was Gartner's lead security analyst for more than 13 years, working with Global 5000 corporations, government agencies and major technology and service providers. In 2008, John was named one of the top 15 most influential people in security and has frequently testified before Congress on issues relating to cybersecurity.

Demetrios Lazarikos (Laz)

Demetrios Lazarikos (Laz), a recognized visionary for building Information Security, fraud, and big data analytics solutions, is the vArmour Chief Information Security Officer (CISO). Laz has more than 30 years experience in building and supporting some of the largest InfoSec programs for Financial Services, Retail, Hospitality, and Transportation verticals. Laz's past roles include: IT Security Researcher and Strategist at Blue Lava Consulting, CISO at Sears, CISO at Silver Tail Systems (acquired by RSA/EMC), VP of Strategic Initiatives at ReddShell Corporation (acquired by TrustWave), and a former PCI QSA. Laz is a Professor at Pepperdine University's Graziadio School of Business and Management, holds a Master's in Computer Information Security from the University of Denver, an MBA from Pepperdine University, and has earned several security and compliance certifications.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.