Final Week to Get a MacBook Air or Surface Pro 7 with Online Training - Best Offers of the Year!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Securing SSH Itself with the Critical Security Controls

  • Wednesday, November 18, 2015 at 1:00 PM EST (2015-11-18 18:00:00 UTC)
  • Gavin Hill, Barbara Filkins, David Hoelzer


  • Venafi, Inc

You can now attend the webcast using your mobile device!



SSH is a de facto standard in securing communications through an encrypted link and elevating privileges, but what happens when SSH is itself not properly secured? What vulnerabilities are inherent in the protocol and how do organizations remediate them? Does the protection of the keys used by SSH affect the trust placed in this protocol? Despite the importance of SSH, organizations often neglect to pay attention to best practices related to configuration, especially in the area of adequate controls over SSH keys and key associations. One way to address this is through the Critical Security Controls.

Sign up for this webcast and be among the first to receive an advance copy of a SANS whitepaper discussing the vulnerabilities of SSH and how the Critical Security Controls provide a roadmap to remediating those flaws.

Please send questions about this webcast to

View the associated whitepaper here.

Speaker Bios

Barbara Filkins

Barbara Filkins, SANS Analyst Program Research Director, holds several SANS certifications, including the GSEC, GCIH, GCPM, GLEG and GICSP, the CISSP, and an MS in information security management from the SANS Technology Institute. She has done extensive work in system procurement, vendor selection and vendor negotiations as a systems engineering and infrastructure design consultant. Barbara focuses on issues related to automation—privacy, identity theft and exposure to fraud, plus the legal aspects of enforcing information security in today’s mobile and cloud environments, particularly in the health and human services industry, with clients ranging from federal agencies to municipalities and commercial businesses.

Gavin Hill

With over a 15 years of experience in product development and product marketing in the cyber security space, Gavin Hill has been responsible for helping enterprises identify where they are at risk and leading the strategy for products that mitigate the risks related to evolving cyber threats. At Venafi he is responsible for the threat intelligence, focusing on Next-Generation Trust Protection and product marketing.

David Hoelzer

David Hoelzer is a SANS fellow instructor, courseware author and dean of faculty for the SANS Technology Institute. In addition to bringing the GIAC Security Expert certification to life, he has held practically every IT and security role during his career. David is a research fellow in the Center for Cybermedia Research, the Identity Theft and Financial Fraud Research Operations Center (ITFF/ROC), and the Internet Forensics Lab. Currently, David serves as the principal examiner and director of research for a New York/Las Vegas-based incident response and forensics company and is the chief information security officer for an open source security software solution provider.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.