Stop Treating Symptoms. Cure The Disease. Vulnerability, patch, and configuration management are not new security topics. In fact, they are some of the oldest security functions. Yet, we still struggle to manage these capabilities effectively. The quantity of outstanding vulnerabilities for most large organizations is overwhelming, and all organizations struggle to keep up with the never-ending onslaught of new vulnerabilities in their infrastructure and applications. When you add in the cloud and the increasing speed with which all organizations must deliver systems, applications, and features to both their internal and external customers, security may seem unachievable. This course will show you the most effective ways to mature your vulnerability management program and move from identifying vulnerabilities to successfully treating them. Business Takeaways ▐ Assess maturity and gaps in your organization’s VM program ▐ Prepare for critical vulnerabilities and zero-day exposures ▐ Prioritize security investments using contextual risk models ▐ Translate technical findings into executive-level insights ▐ Use vulnerability grouping to uncover hidden risks and blockers ▐ Implement metrics and dashboards to drive compliance and performance ▐ Design proactive remediation workflows and future-ready programs Syllabus Summary SECTION 1: Building the Blueprint for VM Success SECTION 2: Mastering the Art of Prioritization and Remediation SECTION 3: Communicating Risk and Driving Action in VM SECTION 4: Navigating Compliance, Crisis, and Governance in VM SECTION 5: The Future of VM – Proactive Defense and CTEM CURRICULUM: Cybersecurity Leadership LDR516: Strategic Vulnerability and Threat Management™ MAJOR UPDATE You Will Be Able To ▐ Build and evolve vulnerability management programs across traditional, cloud, IoT, and hybrid environments ▐ Prioritize vulnerabilities using business-aligned context and threat intelligence ▐ Develop and apply VM metrics to measure program maturity, demonstrate risk reduction, and drive stakeholder support ▐ Design remediation strategies that include patching, compensating controls, and automation ▐ Communicate vulnerability risk effectively to executives, technology, security and other business units ▐ Align VM with frameworks like NIS2, NIST, HIPAA, GDPR, and CRA for sustainable governance Who Should Attend LDR516 is designed for both technical practitioners and strategic leaders responsible for managing vulnerabilities across enterprise, cloud, and hybrid environments. Ideal participants include: ▐ Vulnerability analysts, engineers, and program managers ▐ Security architects, SOC leads, and CISOs ▐ IT operations, DevOps, and cloud platform professionals ▐ Risk, compliance, and governance officers ▐ Business continuity and disaster recovery planners ▐ Government and critical infrastructure cybersecurity teams (e.g., FedRAMP, NIST CSF) NICE Framework Work Roles ▐ Security Control Assessor (OPM 612) ▐ Vulnerability Assessment Analyst (OPM 541) “ This course should be required by every VM team member. The insights provided will be helpful immediately in any organization.” —Brandi Loveday-Chesley 5 Day Program 30 CPEs 24 Labs For detailed course description, visit SANS.ORG/LDR516 Jonathan Risto Course Author WAYS TO TAKE LDR516 Live Online In-Person OnDemand
