MGT516: SANS Cloud Security London 2023

Provided by

Enquire about this course

What You Will Learn

IMPORTANT NOTICE: SANS is in process of changing course prefixes from “MGT” to “LDR”. There is no change in course content or pricing. MGT516 will run through December 31, 2023, then LDR516 will run thereafter. Course books may reflect the “MGT” prefix even for "LDR" classes of the course during the transition. If you would like to take the course after December 31, 2023, please visit the LDR516 course page.

Stop Treating Symptoms. Cure The Disease.

Whether your vulnerability management program is well established, or you are just getting started, this course will help you think differently about vulnerability management. You will learn how to move past the hype to successfully prioritize the security vulnerabilities that are not blocked, then clearly and effectively communicate the risk associated with the rest of the vulnerabilities in your backlog that, for a variety of reasons, cannot currently be remediated. You'll also learn what mature organizations are doing to ease the burden associated with security vulnerability management across both infrastructure and applications as well as across both their cloud and non-cloud environments. MGT516 is based on the Prepare, Identify, Analyze, Communicate, and Treat (PIACT) Model.

MGT516 helps you think strategically about vulnerability management in order to mature your enterprise security’s program, but it also provides tactical guidance to help you overcome common challenges. By understanding and discussing solutions to typical issues that many organizations face across both traditional and cloud operating environments, you will be better prepared to meet the challenges of today and tomorrow. Knowing that many organizations are adopting cloud services in addition to continuing to manage their more traditional operating environments, we'll also look at different cloud service types throughout the course and how they impact the program both positively and negatively. We will highlight some of the tools and processes that can be leveraged in each of these environments and present new and emerging trends.

"This course is essential for both well-established and developing vulnerability management teams." - Robert Adams, CBC

"A great course to utilize if new to cloud vulnerability management." - Amaan Mughal

Business TakeawaysThis course will help your organization:
  • Understand what is working and what is not working in modern day vulnerability programs
  • Anticipate and plan for the impacts related to cloud operating environments
  • Realize why context matters and how to gather, store, maintain, and utilize contextual data effectively
  • Effectively and efficiently communicate vulnerability data and its associate risk to key stakeholders
  • Determine how to group vulnerabilities meaningfully to identify current obstacles or deficiencies
  • Know which metrics will drive greater adoption and change within the organization
  • Understand what remediation capabilities are available to assist technology teams in resolving vulnerabilities and proactively
Skills Learned
  • Steps to create, implement, or mature your vulnerability management program and receive buy-in from your stakeholders
  • Techniques for building and maintaining an accurate and useful inventory of IT assets in the enterprise and the cloud
  • What identification processes and technologies are effective across both infrastructure and applications and how to configure them appropriately
  • Which common false positives or false negatives to be aware of in your identification arsenal
  • How to prioritize unblocked vulnerabilities for treatment based on a variety of techniques
  • Effectively report and communicate vulnerability data within your organization
  • Ability to identify and report on the risk associated with vulnerabilities that are blocked and cannot currently be prioritized for remediation
  • A better understanding of modern treatment capabilities and how to better engage with treatment teams
  • Talent for making vulnerability management more fun and engaging for all those involved
  • Differentiating how to deal with application layer vulnerabilities versus infrastructure vulnerabilities
  • An understanding of how our strategies and techniques might change as we move to the cloud, implement private cloud, or roll out DevOps within our organizations
Collaborative Training

MGT516 uses the Cyber42 leadership simulation game, critical thinking labs based on outlined scenarios, and demonstrations to provide you with the information you need to skillfully fight the VM battle. Cyber42 helps students absorb and apply the content throughout the course. In this web-based continuous tabletop exercise, students play to improve security culture, manage budget and schedule, and improve specific vulnerability management capabilities at the fictional organization, The "Everything Corporation" or "E Corp". This puts you in real-world scenarios that require you to think through various options for improving the organization's maturity by responding to specific events.

The following is a brief description of the different game components and other labs by section:
  • Section 1: The Everything Corporation Company Overview, Round 1 Initiative Selection, Practice Event: Improve VM Program Image, and Events 1 - 3: Audit Action Item - VM Policy & Standards, Shadow Cloud Usage, and Asset Inventory; Policy & Standards Review, Moving to the Cloud, Asset Management - Critical Attributes, Leveraging Asset Context Domo & Azure Data Explorer Demonstrations.
  • Section 2: Round 2 Initiative Selection; Events 4-6: Gap in Coverage, Space Race, Misconfigured Blob Storage, and; Scanning Techniques, Scan Validation, Pipeline Integration
  • Section 3: Events 7-9: Healthcare Threat Intelligence Sharing, Error - Does Not Compute, and Inaccurate Report; Round 3 Initiative Selection; Contextual Prioritization, Adding Solution Groups and Types ServiceNow Demonstration
  • Section 4: Events 10-12: Can’t Patch or Won’t Patch, Problems with Aging, Third-Party App Downloads; Round 4 Initiative Selection; Changing Culture, Gold Image Pipeline Demo, Remediation Effectiveness
  • Section 5: Events 13-17: Support for the Program, E-commerce Oops, Legacy Systems, Code Coverage Challenge, and Space Race Part 2-The Board Meeting; Vulnerability Management Buy-In
"Excellent labs. More fun than I thought possible with vulnerability management." - Page Jeffery, Newmont

"I have really enjoyed the discussions around these labs and hearing similarities from other users. I think this format for labs is fun." - Isaac Philbrook, Premera

"Great experience with Cyber42!!" - Yann Esclanguin, Caterpillar

Syllabus Summary
  • Section 1: Course overview, policies and standards, cloud design considerations, and cyber asset attack surface management
  • Section 2: Identification challenges, processes, and technology across both infrastructure and applications
  • Section 3: Analysis, metrics, and communication techniques for effectively influencing action
  • Section 4: Common treatment or remediation processes and technologies
  • Section 5: Getting buy-in and advancing your program
Additional Free Resources
  • Key Metrics & Vulnerability Management Maturity Model Poster
  • CISO Scorecard and Cloud Security Maturity Model Poster
  • Operational Cybersecurity Executive Triad
  • Rekt Casino Hack Assessment Operational Series: Vulnerability Management Gone Wrong Webcast
  • Rekt Casino Revisited: Operational Series, Part 1 Blog

What you will Receive
  • Student manuals containing the entire course content and lab introductions and debriefs
  • Access to lab materials and bonus content and videos on the class website
  • Access to the Cyber42 security leadership simulation game
  • MP3 audio files of the complete course lecture

What Comes Next
  • SEC566: Implementing and Auditing Security Frameworks and Conrols
  • MGT551: Building and Leading Security Operations Center
  • MGT520: Leading Cloud Security Design and Implementation
NOTE: SANS offers two courses with a focus on vulnerability management. MGT516 helps you think strategically about vulnerability management in order to mature your organization's program, but it also provides tactical guidance to help you overcome common challenges. SEC460: Enterprise and Cloud | Threat Vulnerability Assessment helps you build your technical vulnerability assessment skills and techniques using time-tested, practical approaches to ensure true value across the enterprise. Review the full comparison here.


Start date Location / delivery
04 Sep 2023 London Book now

Related article

At GIAC, we believe that hands-on testing is the future of cybersecurity certification. With five certification exams featuring CyberLive , and thr...