Two More Days to Get a $400 Amazon Gift Card with qualifying OnDemand course purchase! Don't Miss Out!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Vulnerabilities, Controls and Continuous Monitoring: The SANS 2016 Continuous Monitoring Survey

  • Tuesday, November 15, 2016 at 1:00 PM EST (2016-11-15 18:00:00 UTC)
  • Barbara Filkins, Scott Gordon, Dan Lamorena, Patrick Vowles, Martin Walker


  • Forescout Technologies BV
  • IBM
  • Qualys
  • RiskIQ

You can now attend the webcast using your mobile device!



Building on the results of the 2015 vulnerabilities and continuous monitoring survey, the primary focus of this year's survey is to determine how organizations conduct continuous vulnerability assessment and remediation related to the CIS Critical Security Controls 6.0. This includes inventories of software and hardware, secure configurations for these systems, continuous monitoring assessment and remediation, and limitation and control of network ports, protocols and services.

Attendees at this webcast will learn about:
  • Drivers behind organizational use of continuous monitoring
  • Classes and categories of information assets included in assessments
  • Maturity of continuous monitoring efforts
  • Types of vulnerabilities most commonly discovered
  • Difficulties and best practices in remediation and workflow
  • Impact of continuous monitoring on security posture

You can view the associated whitepaper written by SANS Analyst Program Research Director, Barbara Filkins with input from last year's survey author, SANS Fellow and Dean of Instruction, Dave Hoelzer here:

Speaker Bios

Barbara Filkins

Barbara Filkins, SANS Analyst Program Research Director, holds several SANS certifications, including the GSEC, GCIH, GCPM, GLEG and GICSP, the CISSP, and an MS in information security management from the SANS Technology Institute. She has done extensive work in system procurement, vendor selection and vendor negotiations as a systems engineering and infrastructure design consultant. Barbara focuses on issues related to automation—privacy, identity theft and exposure to fraud, plus the legal aspects of enforcing information security in today’s mobile and cloud environments, particularly in the health and human services industry, with clients ranging from federal agencies to municipalities and commercial businesses.

Scott Gordon

Scott Gordon is the chief marketing officer at RiskIQ, responsible for global market strategy, operations and sales enablement. He has 20 years' experience contributing to security management, network, endpoint and data security, and risk assessment technologies at innovative startups and large organizations. Prior to RiskIQ, Scott held management positions at ForeScout, Protego Networks (acq. Cisco), Axent and McAfee. Scott is CISSP certified and has authored "Operationalizing Security" and co-authored the "Definitive Guide to NAC."

Dan Lamorena

Dan Lamorena, CISSP and Vice President, Global Marketing for ForeScout Technologies, puts his more than 15 yearsí of industry experience into action leading ForeScoutís global marketing team. Prior to joining ForeScout, Dan led product and services marketing for HPís Enterprise Security products group and held product marketing, business development and strategy management roles with Symantec, Cisco Systems, Electronic Arts, and Ernst and Young.†Dan holds a bachelorís degree from the Ohio State University and an MBA from the Haas School of Business at the University of California, Berkeley.

Patrick Vowles

Patrick Vowles, Endpoint Protection Marketing Manager at IBM Security, has many years of hands-on technical, product and marketing management experience, creating enterprise class networking, security and compliance solutions. After supporting LAN/WAN deployments in Europe, he moved to support large network infrastructure sales in New York City. As a product manager at Global Crossing, Patrick created an entire suite of managed security and VPN services. At RSA/VCE he created cloud, virtualization, compliance and security offerings while contributing to the Cloud Security Alliance Consensus Assessment Initiative. Patrick then directed the content for a series of international Cyber Attack and Fraud summits before moving to IBM.

Martin Walker

Martin Walker, Solution Architect and Vulnerability Management SME at Qualys, has 30 years of experience in IT, with 25 years of experience in InfoSec-focused roles. For the past decade he has been providing professional services focused on incident response and forensics and vulnerability management. Martin is the Qualys SME for vulnerability management and cloud agents. In his spare time he is an avid SCUBA diver, Arduino hacker, and airshow pilot.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.