Vulnerability Management: Is the Program Effective: Part 3 of 3

So you have a vulnerability management program. Great. Excellent. But are you able to let the management team know if it is being effective or not?

In this final Vulnerability Management series webcast, join Jonathan (MGT516 co-author and SANS certified Instructor) as he discusses how to show your program is being effective through metrics and measures. He will discuss metrics that a new program can start creating and generating on day 1 as well as metrics that a mature program should be leveraging, and how to create them.

Part 1: Finding Context

Part 2: Leveraging Context

About the Speaker - Jonathan Risto
With a career spanning over 20 years that has included working in network design, IP telephony, service development, security and project management, Jonathan has a deep technical background that provides a wealth of information he draws upon when teaching. Currently, Jonathan works for the Canadian Government conducting cyber security research in the areas of vulnerability management and automated remediation. He is also an independent security consultant. Jonathan is a co-author and instructor for SANS MGT516: Managing Security Vulnerabilities – Enterprise and Cloud. Read more about Jonathan at

MGT516: Managing Security Vulnerabilities: Enterprise and Cloud -

Learn more about SANS Cybersecurity Leadership Curriculum at

Connect with us on social:
LinkedIn - SANS Security Leadership
Twitter - @secleadership
YouTube - SANS Institute - Cybersecurity Leadership playlist
Discord -

SANS is the most trusted and by far the largest source for information security training and security certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - the Internet Storm Center.
Be the first to comment