One More Week for MacBook Air, $400 Amazon Gift Card, or Take $400 Off with OnDemand Training


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

SANS Vulnerability Management Maturity Model

  • Thursday, August 20, 2020 at 3:30 PM EDT (2020-08-20 19:30:00 UTC)
  • Jonathan Risto

You can now attend the webcast using your mobile device!



Learn about two vulnerability management challenges that organizations have - prioritization and reporting - and how the new SANS Vulnerability Management Maturity Model provides a roadmap for managing these areas of concern.

The SANS Vulnerability Management Maturity Model describes the characteristics of a comprehensive VM program, and emphasizes how you can advance each focus area. Leveraging the material in MGT516: Managing Security Vulnerabilities: Enterprise and Cloud course, the model provides both a guide for organizations to self-assess their program and a blueprint for how to progress your VM program.

Come join MGT516 co-author Jonathan Risto as he walks through the model and corresponding poster, the background and thinking on the maturity model, and highlights key action items. 

Speaker Bio

Jonathan Risto

With a career spanning over 20 years that has included working in network design, IP telephony, service development, security and project management, Jonathan has a deep technical background that provides a wealth of information he draws upon when teaching. Currently, Jonathan works for the Canadian Government conducting cyber security research in the areas of vulnerability management and automated remediation. He is also an independent security consultant. Jonathan is a co-author and instructor for SANS MGT516: Managing Security Vulnerabilities – Enterprise and Cloud, and has been an instructor for both SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling and SEC440: Critical Security Controls: Planning, Implementing, and Auditing. Read more about Jonathan here.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.