Hands-on, immersive CTI courses at the Cyber Threat Intelligence Summit & Training in January! Register for the free Summit!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Risky Business: Evaluating the True Risk to your Security Program

  • Monday, February 08, 2016 at 1:00 PM EST (2016-02-08 18:00:00 UTC)
  • Jenna McAuley, Mike Goldgof, Demetrios Lazarikos (Laz) , Johannes Ullrich, PhD


  • WhiteHat Security

You can now attend the webcast using your mobile device!



In today's increasingly complex threat landscape, it is impossible to achieve 100% security protection. In a situation where you have more vulnerabilities than resources to fix them, how do you protect your enterprise? Risk assessment is key to prioritization and effective security coverage. This webinar will focus on business risk assessment and measurement, the relationship between business risk and vulnerability remediation, and the role of risk in the development of an effective application security program. We will also discuss the importance of benchmarking your risk and security posture versus the rest of your industry.

Speaker Bios

Johannes Ullrich, PhD

As chief research officer for the SANS Institute, Johannes is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. He founded DShield.org in 2000, which is now the data collection engine behind the ISC. His work with the ISC has been widely recognized, and in 2004, Network World named him one of the 50 most powerful people in the networking industry. Prior to working for SANS, Johannes worked as a lead support engineer for a Web development company and as a research physicist. Johannes holds a PhD in Physics from SUNY Albany and is located in Jacksonville, Florida. He also enjoys blogging about application security tips.

Demetrios Lazarikos (Laz)

Demetrios Lazarikos (Laz), a recognized visionary for building Information Security, fraud, and big data analytics solutions, is the vArmour Chief Information Security Officer (CISO). Laz has more than 30 years experience in building and supporting some of the largest InfoSec programs for Financial Services, Retail, Hospitality, and Transportation verticals. Laz's past roles include: IT Security Researcher and Strategist at Blue Lava Consulting, CISO at Sears, CISO at Silver Tail Systems (acquired by RSA/EMC), VP of Strategic Initiatives at ReddShell Corporation (acquired by TrustWave), and a former PCI QSA. Laz is a Professor at Pepperdine University's Graziadio School of Business and Management, holds a Master's in Computer Information Security from the University of Denver, an MBA from Pepperdine University, and has earned several security and compliance certifications.

Mike Goldgof

Mike Goldgof brings over 20 years of executive experience in marketing and product management to WhiteHat where he is responsible for all product marketing activities. His previous experience includes senior roles in marketing, product management and business development with information security, software and telecommunications companies, including Juniper Networks, Hifn, Phoenix Technologies and Lucent. At WhiteHat Security, Mike is responsible for product messaging, solutions content, sales enablement and go-to-market strategies. He holds an MBA in Marketing from Columbia Business School and an MS in Electrical Engineering from Cornell University.

Jenna McAuley

Jenna McAuley currently serves as Mercer's Chief Information Security Officer. She is responsible for establishing, executing and maintaining the enterprise vision, strategy and program to ensure that Mercer's physical and digital information assets and technologies are adequately protected.

Prior to joining Mercer in June 2015, Jenna served as the Northeast Regional Lead for Ernst & Young's Cyber Threat Management practice. In that role, Jenna delivered comprehensive security solutions for a wide cross-section of industries. Jenna has designed and delivered security monitoring and operations functions, secure application development and lifecycle programs, penetration testing and vulnerability assessments, incident response programs and integrated threat intelligence capabilities.

Jenna has been a featured speaker for several conferences, including the 2016 LegalTech Women in eDiscovery panel, the 2013 North America Information Security Risk Management ISACA Conference, where she spoke on the topic of Responding to Cyber Attacks and the 2012 Annual Information Systems Security Association (ISSA) Conference, where she delivered a presentation entitled "Active Defense-- is the best defense a good offense?" She is an active participant in several industry associations, including Infragard and the Executive Women's Forum.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.