Risk-Based Vulnerability Management – Workshop

This workshop will introduce a framework for truly risk-based vulnerability management, moving beyond simple compliance and severity scores. We will discuss how to prioritize and remediate the vulnerabilities that genuinely pose the highest operational threat, focusing on context and business impact. The session will feature a demonstration of practical application using tools like Centraleyezer to transform unmanageable vulnerability lists into focused, actionable security roadmaps.

Speaker
Radu Stănescu is the CEO and founder of Sandline, a cybersecurity and risk-management company built around one core principle: security must be actionable, contextual, and grounded in real operational risk. With a background rooted in hands-on technical work, Radu has spent his career inside complex enterprise and public-sector environments, working across vulnerability management, DevSecOps, compliance, and large-scale security operations. His experience spans the full lifecycle of security—from architecture and assessment to executive decision support—allowing him to bridge the gap between engineering teams and senior leadership. He founded Sandline to address a recurring problem he observed across organizations: an overreliance on tools and compliance checklists, with too little focus on prioritization, accountability, and business impact. Under his leadership, Sandline has grown into a trusted partner for organizations seeking clarity in their security posture, particularly within regulated and high-risk environments. Radu remains deeply involved in both strategy and execution, maintaining a practitioner’s mindset while shaping long-term vision. His work emphasizes risk-based decision-making, pragmatic security architectures, and sustainable security programs that go beyond compliance and deliver measurable value.

Moderator
Dragos Ionică is a Senior Manager in Deloitte Risk Advisory with more than seven years of experience in the cyber security field working for national security institutions. Before Deloitte, Dragos held a technical security-related position within the Romanian National “CYBERINT” Center which is part of the Romanian Intelligence Service. He is specialized in penetration testing services and tactical red-team operations. For one year, he was the team-leader of the Red-Team Operations department.” Relevant Academic Background and Certifications: PhD in Computer Science – Cybersecurity, Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP), Offensive Security Certified Expert (OSCE), Offensive Security Web Expert (OSWE), GIAC Web Application Penetration Tester (GWAPT), GIAC Certified Penetration Tester (GPEN), GIAC Exploit Researcher and Advanced Penetration Tester (GXPN).

Zoom link: https://zoom.us/j/95706534643?pwd=vFijaYcA7q5dUxGtRas2BMqokomGFT.1