Final days to save $150 off practical cyber security training during SANSFIRE 2021 in Washington, DC! Register now.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Vulnerability Management Metrics Part 2 – 3 Advanced Metrics for your Vulnerability Management Program

  • Tuesday, June 15, 2021 at 10:30 AM EDT (2021-06-15 14:30:00 UTC)
  • Jonathan Risto

You can now attend the webcast using your mobile device!



In Part 1 of this series, MGT516 course author Jonathan Risto discussed what makes a good metric and provided 5 metrics to start measuring within your vulnerability management program, regardless of your program maturity. In this second part of the Vulnerability Management series, MGT516 course author Jonathan Risto will discuss the following metrics:

  • Mean Time to Resolve
  • Average Exposure Window
  • Vulnerability Reopen Rate

and why these advanced metrics matter to your vulnerability management program. Jonathan will also offer suggestions on how we can further refine/tailor our metrics to our specific audiences to ensure they are providing meaningful information for the target audience.

If you missed Part 1, you can register for the recording and slides here:

Vulnerability Management Metrics Part 1: 5 Metrics to Start Measuring in Your Vulnerability Management Program

Speaker Bio

Jonathan Risto

With a career spanning over 20 years that has included working in network design, IP telephony, service development, security and project management, Jonathan has a deep technical background that provides a wealth of information he draws upon when teaching. Currently, Jonathan works for the Canadian Government conducting cyber security research in the areas of vulnerability management and automated remediation. He is also an independent security consultant. Jonathan is a co-author and instructor for SANS MGT516: Managing Security Vulnerabilities – Enterprise and Cloud, and has been an instructor for both SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling and SEC440: Critical Security Controls: Planning, Implementing, and Auditing. Read more about Jonathan here.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.