Spring Cyber Solutions Fest 2025: Attack Surface & Vulnerability Management Track

  • Thursday, 20 Mar 2025 8:30AM EDT (20 Mar 2025 12:30 UTC)
  • Speaker: Kevin Garvey

Join us for the Attack Surface and Vulnerability Track at SANS Spring Cyber Solutions Fest 2025! This track focuses on understanding and mitigating vulnerabilities across your organization’s attack surface.

Engage with industry experts as they discuss the latest techniques for identifying, assessing, and managing vulnerabilities. This one-day track will feature a variety of presentations, case studies, and practical insights tailored for cybersecurity professionals dedicated to strengthening their security defenses.

How to Register:

Login and click the Register button below. If you don’t have a SANS account, you’ll be prompted to create one—it’s free and easy. FAQs available at the bottom of this page.

What to Expect:

  1. Insights into Current Attack Surface Management Strategies
  2. Techniques for Effective Vulnerability Assessment and Management
  3. Case Studies on Successful Vulnerability Remediation
  4. Best Practices for Continuous Security Improvement

Additional Spring Cyber Solutions Fest Tracks:

Why Register?

  • It's Free! ✅
  • Earn CPE Credits ✅
  • Learn from Industry Experts ✅
  • Flexible Access (Join live and watch on your own time!) ✅
  • Network with Cybersecurity Leaders ✅

SANS Slack:

  • Connect with our event chairs, speakers, and fellow participants on SANS Slack for real-time discussions and networking opportunities.

Click the button below to register now and secure your spot!

470x382-ASVM_CyberSolutionsFest-25.jpg

Thank You To Our Sponsors!

Censys_Logo_Black_Text.pngDefectDojo_Logo_Color.pngEclypsium_Logo_Full_Color.pngeSentire_Logo_2021_Blue.pngfullcolor-logo (2).pngIonix- Sponsor Logos - 370x200.jpgPentera Logorapid7.pngNew_Logo_Blue.png

This webinar is offered free of charge through collaboration between SANS and its sponsor(s). If you prefer not to share your registration details with sponsor(s), a recorded webinar will be available approximately 30 days after its initial release through the SANS archive. To access the recording, you will need to create a SANS account, but your information will not be shared with the sponsor(s).

Agenda | March 20, 2025 | 8:30AM - 3:20PM EDT

Timeline (EDT)
Session Details

8:30 AM

Welcome & Opening Remarks

Kevin Garvey, Event Chair, SANS Certified Instructor

8:45 AM

Session One | Total Visibility, Total Control: Using Censys ASM to Reduce Cyber Risk

Do you really know what’s exposed on your attack surface? Without full visibility, security is just guesswork—leaving organizations vulnerable to ransomware and other threats.

Join Censys expert Shunta Sanders for a deep dive into Censys’ Attack Surface Management (ASM) platform and learn how to:

✔️ Discover unknown assets before attackers do

✔️ Continuously monitor exposure and reduce risk

✔️ Defend against ransomware with proactive intelligence

Don’t miss this chance to see how Censys ASM helps security teams take control of their attack surface.

Shunta Sharod Sanders, Team Lead, Sales Engineering, Censys

9:25 AM

Session Two | Vulnerability Intel During Uncertain Times: CVE Enrichment Using AI and OSINT

Staying on top of vulnerabilities is challenging. With the National Vulnerability Database (NVD) backlog and unpredictable current affairs, it’s even trickier. What if CVE enrichment delays could spark innovation? While NIST and NVD work hard to address the backlog, there are methods to conduct your own CVE enrichment using OSINT and machine learning (ML) tools.

Join us to see how Feedly enables in-house CVE enrichment and prioritization using ML models to gather vulnerability intel from the open web.

Bonus: Attendees will leave with two free resources Feedly created to help the community with CVEs tracking and Patch Tuesdays.

Josh Darby MacLellan, Staff Threat Intelligence Advisor, Customer Success, Feedly

10:05 AM

Break

10:20 AM

Session Three | Pentera 101: Build Up Your Security Readiness

This session will walk through a demonstration of Pentera: The Automated Security Validation solution. Security professionals have been following a defense in depth model for years. The ongoing challenge however, is the dynamic nature of the attack surface. Security teams are now overwhelmed with the the variables of changing internal, external, and cloud workload infrastructure. While toolsets are deployed to help mitigate some of this, process and controls need to be validated in order to understand true risk as well as whether the strategies architected are working effectively and as intended. Join Jay Mar-Tang, Field CISO, Pentera as he demonstrates how to leverage Pentera to give you the attacker’s viewpoint to validate your people, processes, and technology. Leave assumptions behind, and start validating!

Jay Mar-Tang, Field CISO, Pentera

10:50 AM

Session Four | Demystifying Exposure Management

In today’s rapidly evolving digital landscape, organizations face an unprecedented level of exposure to cyber threats. Traditional approaches to vulnerability management often fall short, focusing solely on critical vulnerabilities while ignoring context and neglected assets. This presentation explores the "Dark Side of the Cloud" and highlights the risks posed by forgotten assets, mismanaged cloud configurations, and legacy systems that attackers actively exploit.

We challenge the critical/high-only mindset by demonstrating how context transforms vulnerability urgency. For example, the same CVE can represent vastly different levels of risk depending on exposure and compensating controls. The session will discuss practical strategies to shift from vulnerability-centric management to exposure-based prioritization, focusing on actionable insights derived from real-world scenarios.

We’ll also explore the pivotal role of External Attack Surface Management (EASM) in creating a comprehensive inventory of internet-facing assets, IoT, OT, and cloud environments. This new inventory approach provides the visibility organizations need to identify and mitigate risks proactively. Join us to learn how to navigate the complexities of a reactive world with a proactive strategy that addresses today’s most pressing cybersecurity challenges.

Amit Sheps, Director of Product Marketing, IONIX

11:20 AM

Session Five | Building a Continuous Threat Exposure Management (CTEM) Program

As organizations struggle to keep pace with an expanding attack surface, adopting a Continuous Threat Exposure Management (CTEM) program is essential for identifying, prioritizing, and mitigating risks effectively. CTEM is more than just a technology—it’s a proactive approach that integrates people, processes, and tools to continuously assess security gaps, prioritize vulnerabilities, and reduce exposure to cyber threats.

Join Rapid7’s panel of experts to explore how to implement a structured CTEM program and ensure full-spectrum visibility, risk-based prioritization, and automation-driven remediation. We’ll cover critical CTEM-driven use cases, including:

- Identifying security coverage gaps and ensuring compliance.

- Detecting and managing Shadow IT and ungoverned assets.

- Prioritizing vulnerabilities using risk intelligence and business context.

- Enhancing Incident Response with enriched exposure insights.

Learn how Rapid7 provides the foundation for a mature, risk-driven security program, helping organizations anticipate, pinpoint, and act on threats before they escalate.

Craig Roberts, Principal Software Engineer, Rapid7

Jamie Cowper, Director of Product Marketing, Rapid7

11:50 AM

Break

12:05 PM

Session Six | Be the First to Know About Threats With Feedly Threat Intelligence

Feedly Threat Intelligence helps cybersecurity teams collect, analyze, and share actionable open-source intelligence faster.

How? Feedly scans millions of open sources for threat intelligence content, enriches the data to extract objects and entities, and helps teams prepare and share reports with their stakeholders and tools.

Learn how Feedly Threat Intelligence can help you monitor changes to vulnerabilities, cyber-attacks, and threat actor TTPs. Feedly reduces the time spent collecting and reading reports, allowing you to prioritize vulnerabilities and threats faster.

* Vulnerability dashboard with context including exploits, threat actors

* Customized AI Feeds tailored to your risk needs

* AI-powered analysis and report generation with citations

* Newsletters and integrations for automated dissemination

Aaron O'Maley, Customer Success Manager, Feedly

12:25 PM

Session Seven | Censys ASM Uncovered: The Smarter Way to Manage Cyber Risk

Censys Attack Surface Management (ASM) provides unmatched visibility into your external attack surface—helping you identify, monitor, and mitigate risks before attackers exploit them.

Join us for this 20-minute live demo to see Censys ASM in action. Our expert, Shunta Sharod Sanders will showcase how Censys continuously discovers unmanaged assets, prioritizes risk based on real-world threat intelligence, and empowers security teams to take proactive action. Whether you're struggling with asset inventory, misconfigurations, or unauthorized exposures, this session will highlight how Censys ASM delivers the insights you need to stay ahead of cyber threats.

Shunta Sharod Sanders, Team Lead, Sales Engineering, Censys

12:45 PM

Session Eight | Taking Your DevSecOps to 11

You’ve been tasked with ‘doing DevSecOps’ for your company and you’ve got more apps and issues than you know how to deal with. How do you make sense of the different tools' and their outputs from all your different apps?

In this webinar, we’ll discuss some strategies for taking control of your vulnerability management and how you can use a tool like DefectDojo to optimize your AppSec program.

Join us as we cover:

-Best practices to consolidating vulnerability findings across your security tech stack

-How to build automation and deduplicate repetitive findings from scans

-How to use a tool like DefectDojo to take your program to the next level

Matt Tesauro, CTO & Co-Founder, DefectDojo

1:15 PM

Break

1:30 PM

Session Nine | Strengthening Cyber Resilience with Continuous Threat Exposure Management (CTEM)

As the cyber threat landscape evolves, organizations must move beyond traditional vulnerability and risk management programs to a more dynamic, continuous approach to risk reduction. CTEM is a structured methodology that enables security teams to identify, prioritize, and mitigate exposures before they can be exploited.

In this 30-minute session, Tia Hopkins, Chief Cyber Resilience Officer & Field CTO at eSentire, will break down the five stages of the CTEM framework and demonstrate why CTEM is a critical component of a modern cybersecurity strategy. You’ll gain insights into the key challenges CTEM solves, including how it can help your team cut through alert fatigue, prioritize remediation efforts based on business impact, and close visibility gaps across cloud, SaaS, and on-prem environments.

We’ll also explore how CTEM and Managed Detection and Response (MDR) work together to drive stronger security outcomes. By integrating CTEM with MDR, organizations can not only detect and respond to threats but also proactively reduce their attack surface, leading to greater cyber resilience.

Key takeaways include:

- Understanding why CTEM is a game-changer for modern cybersecurity strategies.

- Learning how the CTEM framework’s five stages help organizations continuously assess and mitigate risk.

- Discovering how to transition from vulnerability management to exposure management and CTEM.

- Exploring how CTEM enhances MDR to create a more comprehensive security posture.

- Gaining actionable insights on how to build a resilient security program that anticipates, withstands, and recovers from threats effectively.

Tia Hopkins, Chief Cyber Resilience Officer & Field CTO, eSentire

2:00 PM

Session Ten | Firmware Attacks Uncovered: The Silent Threat Expanding Your Attack Surface

Firmware presents real threats to the enterprise, and an attack surface enticing to threat actors. Cyberattackers use firmware vulnerabilities to break in and achieve persistence inside target environments, leading to repeated data breaches. In this webinar we’ll discuss how firmware vulnerabilities make their way through the IT infrastructure supply chain, and how to protect your enterprise from this growing category of threat.

We’ll cover:

*Where firmware comes from, and how it brings vulnerabilities in the enterprise’s front door.

*Backdoors, malware, and firmware tampering for persistence

*Mis-Configured or Missing Security Controls - UEFI, missing or misconfigured Secure Boot, Intel Bootguard, and more

*Recently disclosed vulnerabilities and research in firmware threats

Paul Asadoorian, Principal Security Researcher, Eclypsium

2:30 PM

Session Eleven | Panel Discussion

Kevin Garvey, Event Chair, SANS Certified Instructor

Shunta Sharod Sanders, Team Lead, Sales Engineering, Censys

Josh Darby MacLellan, Staff Threat Intelligence Advisor, Customer Success, Feedly

Andrew Castro, Sr. Threat Intelligence Advisor, Feedly

3:15 PM

Closing Remarks

Kevin Garvey, Event Chair, SANS Certified Instructor

Frequently Asked Questions (FAQs)

Q: What is Spring Cyber Fest?

A: Spring Cyber Fest is a multi-day virtual event hosted by SANS, bringing together cybersecurity experts and practitioners to share insights, best practices, and actionable strategies across various tracks like threat hunting, cloud security, ransomware, and more. Attendees can expect expert-led sessions, hands-on demos, emerging threat insights, and networking opportunities—all at no cost.

Q: How many CPE credits can I earn?

A: You will earn 1 CPE credit for every hour you attend live or watch the recordings. For example, a 120-minute session earns you 2 CPE credits. This is a great opportunity to advance your professional development while learning from industry leaders.

Q: Do I need a SANS account to register?

A: Yes, a free SANS account is required to register. If you don’t already have one, creating an account is quick and easy during the registration process.

Q: What can I expect from the event if I’m new to SANS?

A: Expect high-quality, expert-led content tailored for cybersecurity professionals. Each track features sessions designed to provide practical knowledge, innovative solutions, and insights into the latest threats. You’ll also have the opportunity to ask questions and interact with presenters during live sessions.

Q: Do I need to register for reach track separately?

A: Yes, registration is required for each track you’d like to attend. With five distinct tracks, you can customize your experience by choosing the topics most relevant to you. Don’t worry—registering for multiple tracks is quick and easy!

Q: When will more details about the event be available?

A: Detailed agendas and speaker lineups will be released closer to the event date. By registering, you’ll receive updates and announcements directly in your inbox, so you’re always in the loop.

Q: Can I attend if I have a busy schedule?

A: Absolutely! Sessions are designed to be flexible, and recordings will be available after the event to those who are registered. You can attend live sessions whenever possible and catch up on the rest at your convenience.

Q: Is Spring Cyber Fest free to attend?

A: Yes, Spring Cyber Fest is completely free! There’s no cost to register or attend any of the sessions.

Q: Who should attend Spring Cyber Fest?

A: Spring Cyber Fest is designed for both cybersecurity practitioners and executives. The event offers a variety of sessions covering an array of topics, ensuring relevant insights for professionals across different roles, industries, and experience levels.

Q: Is the event global?

A: Yes! Spring Cyber Fest is a global event, accessible to attendees worldwide. The virtual format ensures you can join from anywhere to explore cutting-edge content and connect with the cybersecurity community.

Q: Will recordings be available?

A: Absolutely. All sessions will be recorded and made available for registered attendees. You’ll have the flexibility to revisit sessions at your convenience or catch up on those you couldn’t attend live.

Q: Will there be opportunities for networking?

A: Yes, Spring Cyber Fest includes opportunities to engage with fellow attendees and speakers through live Q&A sessions and interactive chats.

Q: How do I ask questions during sessions?

A: During live sessions, you’ll have access to a Q&A chat feature where you can submit questions directly to the speakers.

Q: I’ve registered—what happens next?

A: Once registered, you’ll receive email updates with details about the event agenda, session links, and any additional information you need to make the most of Spring Cyber Fest.