Flexible Training for Today's Critical Cyber Skills - Available Now with Best Specials of the Year - Learn More


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Top Five Vulnerability Management Failures (and Best Practices)

  • Tuesday, February 11, 2020 at 3:30 PM EST (2020-02-11 20:30:00 UTC)
  • David Hazar

You can now attend the webcast using your mobile device!



We have had tools and technology to help us identify vulnerabilities for over 20 years. The Nessus project began in 1998. Qualys and Rapid7 released products shortly thereafter. Tools for identifying vulnerabilities in code were made available around the same time with AppScan, Fortify, WebInspect, and Acunetix being just a handful of early options. The number of identification mechanisms and the maturity of tools has greatly increased over the years, yet we still struggle to eliminate vulnerabilities in our environments. Why can't we solve this seemingly simple problem?

Obviously, identification is not the key to effective vulnerability management. So, what should we be doing and what are some of the reasons we are failing? Join me as I share examples of the struggles many of my clients are facing and discuss the best practices that can help organizations avoid these failures.

Speaker Bio

David Hazar

David is a security consultant based in Salt Lake City, Utah focused on vulnerability management, application security, cloud security, and DevOps. David has 20+ years of broad, deep technical experience gained from a wide variety of IT functions held throughout his career, including: Developer, Server Admin, Network Admin, Domain Admin, Telephony Admin, Database Admin/Developer, Security Engineer, Risk Manager, and AppSec Engineer. David is a co-author and instructor for MGT516: Managing Security Vulnerabilities: Enterprise and Cloud, an instructor for and contributor to SEC540: Cloud Security and DevOps Automation, and has also developed and led technical security training initiatives at many of the companies for which he has worked. Read more about David here.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.