In this on-demand webinar, SANS instructor Matt Bromiley explains and defines the various levels of compliance, outlines how risk management and compliance work together, and looks at existing gaps in implementation. The session then addresses how to automate compliance and risk management, including with cloud security controls, to help you answer questions such as: What is the provider’s role and what is the cloud user’s role? Why do you need risk management, and how do you use vulnerability monitoring?

Attendees will learn:

  • When and how to implement compliance and risk management
  • Effective strategies for compliance and risk management deployment
  • Tips for what NOT to do when implementing cloud services with compliance and risk considerations


About the SANS presenter:


Matt Bromiley is a SANS Certified Digital Forensics and Incident Response instructor, teaching Advanced Digital Forensics, Incident Response, and Threat Hunting (FOR508) and Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response (FOR572), and a GIAC Advisory Board member. He is also a principal incident response consultant at a major incident response and forensic analysis company, combining experience in digital forensics, incident response/triage, and log analytics. His skills include disk, database, memory, and network forensics, as well as network security monitoring. Matt has worked with clients of all types and sizes, from multinational conglomerates to small, regional shops. He is passionate about learning, teaching, and working on open source tools.

About the SANS Institute:

The SANS Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals around the world—from auditors and network administrators, to chief information security officers—sharing the lessons they learn and jointly finding solutions to the challenges they face.

 About the AWS presenter:


David Aiken is a Solutions Architect Manager at AWS covering AWS Marketplace, Service Catalog, Migration Services and Control Tower. He leads a team of specialist AWS SA’s that help customers implement security and governance best practices using native AWS Services and Partner products. He is an AWS Certified Solutions Architect and his skills include cloud computing, enterprise architecture, agile methodologies, web services, and software design and development. David has also worked as a product manager, technical specialist, and architect evangelist.


About AWS Marketplace:

AWS Marketplace is a digital software catalog that makes it easy to find, try, buy, deploy, and manage software that runs on AWS. AWS Marketplace has a broad and deep selection of security solutions offered by hundreds of independent software vendors, spanning infrastructure security, logging and monitoring, identity and access control, data protection, and more. These products can be integrated with AWS Services and other existing technologies, enabling you to deploy a comprehensive security architecture across your AWS and on-premises environments. Visit -to learn more.

*The views and opinions of the SANS Institute and their presenter, Matt Bromiley, are their own, and do not necessarily reflect the positions of AWS.