Back by Popular Demand: MacBook Air, $400 Amazon Gift Card, or $400 off with OnDemand Courses


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Security Vulnerability Prioritization: Managing Millions of Vulns

  • Friday, November 22, 2019 at 3:30 PM EST (2019-11-22 20:30:00 UTC)
  • Jonathan Risto

You can now attend the webcast using your mobile device!



Do you feel that your vulnerability management program is overwhelmed with repots of problems that need to be fixed? Does it feel like the program is chasing its tail and not getting ahead? Within vulnerability management, vulnerability prioritization is a key aspect of any program, by helping us understand what vulnerability needs to be actioned before others. Whether you are using CVSS or leveraging threat intelligence, prioritization methods help wade through the noise and understand what is important within our environment.

Based on material in the SANS MGT516 class, this webcast will detail the different methods that can be used for prioritization: vulnerability centric, asset centric and threat centric prioritization and present a 5 level maturity model for vulnerability prioritization.

Speaker Bio

Jonathan Risto

With a career spanning over 20 years that has included working in network design, IP telephony, service development, security and project management, Jonathan has a deep technical background that provides a wealth of information he draws upon when teaching. Currently, Jonathan works for the Canadian Government conducting cyber security research in the areas of vulnerability management and automated remediation. He is also an independent security consultant. Jonathan is a co-author and instructor for SANS MGT516: Managing Security Vulnerabilities – Enterprise and Cloud, and has been an instructor for both SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling and SEC440: Critical Security Controls: Planning, Implementing, and Auditing. Read more about Jonathan here.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.