Final Week to Get an iPad mini, Surface Go 2, or Take $300 Off with OnDemand Training!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

How to Show Business Benefit by Moving to Risk-Based Vulnerability Management

  • Tuesday, August 11, 2020 at 2:00 PM EDT (2020-08-11 18:00:00 UTC)
  • John Pescatore, Nathan Wenzler


  • Tenable

You can now attend the webcast using your mobile device!



Vulnerabilities are relentless and exploited by targeted attacks faster than ever with damaging results to business. Study after study shows that most successful attacks exploit well known vulnerabilities with existing patches. Most businesses already do some form of vulnerability scanning but for many, time to remediate has not gone down. Yet some organization have broken out of this patternhow have they done it?

One of the key difference makers has been evolving to risk-based vulnerability management. IT operations resources and change windows are scarce resources. Mature, risk-based vulnerability management incorporates fresh and accurate asset inventory and criticality identification, active threat intelligence and automation support to prioritize the most business-critical risks and focus resources on fixing the most business-damaging exposures first.

This webcast will help security managers determine their current vulnerability management baseline using a SANS-developed set of RBVM patterns. From there, SANS Director of Emerging Trends John Pescatore and a representative from Tenable will explore:

  • How to do a gap analysis to choose proven approaches for moving to RBVM
  • Selection criteria for evaluating products and vendor
  • Lessons learned for reducing time to mitigate and showing business benefit

Register today and be among the first to receive the associated whitepaper written by John Pescatore.

Speaker Bios

John Pescatore

John Pescatore joined SANS as director of emerging security trends in January 2013 after more than 13 years as lead security analyst for Gartner, running consulting groups at Trusted Information Systems and Entrust, 11 years with GTE, and service with both the National Security Agency, where he designed secure voice systems, and the U.S. Secret Service, where he developed secure communications and surveillance systems and "the occasional ballistic armor installation." John has testified before Congress about cybersecurity, was named one of the 15 most-influential people in security in 2008 and is an NSA-certified cryptologic engineer.

Nathan Wenzler

Tenable Chief Security Strategist Nathan Wenzler has more than two decades of experience designing, implementing and managing both technical and non-technical security solutions for IT and information security organizations. He has helped government agencies and Fortune 1000 companies alike build new information security programs from scratch, as well as improve and broaden existing programs with a focus on process, workflow and risk management.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.