SANS Offensive Operations West 2021 features 10+ Live Online courses, Core NetWars, and Coin-A-Palooza! Register now.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Vulnerability Practices of Tomorrow: Part 2 of the SANS Vulnerability Management Survey Results

  • Wednesday, April 10, 2019 at 1:00 PM EDT (2019-04-10 17:00:00 UTC)
  • Andrew Laman, David Hoelzer, Gaurav Banga, Nate Dyer


  • Balbix
  • Bromium
  • Tenable
  • Veracode

You can now attend the webcast using your mobile device!



More and more organizations are finding that they need more than scanning results to manage their vulnerabilities effectively. Attendees at this second part of a two-session webcast will learn about survey results that provide insight into the following key areas that influence vulnerability management priorities:

  • Risk-based vulnerability management practices
  • Management of cloud-based vulnerabilities
  • Management of vulnerabilities introduced by business partners

Register today to be among the first to receive the associated results whitepaper written by SANS Analyst Andrew Laman, with advice from David Hoelzer.

Part 1 of the Vulnerability Management Survey results webcast, held on Tuesday, April 9, 2019, at 1 PM Eastern, focuses on current practices in vulnerability management, including responsibility for vulnerability management, scanning and patching practices. Click here to register for that webcast.

Speaker Bios

Andrew Laman

Andrew Laman teaches SEC503 Intrusion Detection In-Depth, for the SANS Institute. With more than 25 years of IT and security experience in multiple industries, he holds multiple GIAC certifications, including the GIAC Security Expert (GSE) and key certifications in the cyber defense, digital forensics and incident response, and penetration testing certification tracks, as well as the CISSP and a variety of other industry certifications. Andy is the founder and principal consultant at A4 InfoSec, an independent consulting firm with services focused on monitoring, detection and incident response. He previously held lead security positions in Fortune 500 and global companies.

David Hoelzer

David Hoelzer is a SANS fellow instructor, courseware author and dean of faculty for the SANS Technology Institute. In addition to bringing the GIAC Security Expert certification to life, he has held practically every IT and security role during his career. David is a research fellow in the Center for Cybermedia Research, the Identity Theft and Financial Fraud Research Operations Center (ITFF/ROC), and the Internet Forensics Lab. Currently, David serves as the principal examiner and director of research for a New York/Las Vegas-based incident response and forensics company and is the chief information security officer for an open source security software solution provider.

Gaurav Banga

Gaurav Banga is the founder and CEO of Balbix, and he also serves on the boards of several companies. Before founding Balbix, Gaurav was the co-founder and CEO of Bromium and led the company for more than five years. Earlier, Gaurav served in various executive roles at Phoenix Technologies and Intellisync Corporation. He was also co-founder and CEO of PDAapps, which was acquired by Intellisync in 2005. Gaurav started his industry career at NetApp. He has a doctoral degree in computer science from Rice University, and he is a prolific inventor with more than 60 patents.

Nate Dyer

Nate Dyer is a senior product marketing manager responsible for the platform. He helps cybersecurity and DevOps leaders secure and protect their modern attack surfaces spanning traditional IT, cloud, containers and code. Nate has extensive experience in information technology, holding a variety of roles in marketing, strategy and market research. Most recently, Nate led the portfolio marketing strategy at IBM, where he helped CIOs and CTOs capture new market opportunities with IT infrastructure.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.