diff --git a/app/controllers/admin/user_controller.rb b/app/controllers/admin/user_controller.rb
index d8ab69a..ead944c 100644
--- a/app/controllers/admin/user_controller.rb
+++ b/app/controllers/admin/user_controller.rb
@@ -2,7 +2,8 @@
 module Admin
   class UserController < AdminController
     def index
-      @users = policy_scope User.order(:name)
+      @users = policy_scope User.order("#{sort_column} #{sort_direction}")
+               .page(params[:page])
     end
 
     def new
@@ -52,5 +53,9 @@ module Admin
       def user_params
         params.require(:user).permit(policy(User).permitted_attributes)
       end
+
+      def sort_column
+        User.column_names.include?(params[:sort]) ? params[:sort] : 'name'
+      end
   end
 end
diff --git a/app/views/admin/user/_table_list.html.erb b/app/views/admin/user/_table_list.html.erb
index 9b8ef8f..63204eb 100644
--- a/app/views/admin/user/_table_list.html.erb
+++ b/app/views/admin/user/_table_list.html.erb
@@ -1,8 +1,8 @@
 <table cellspacing="0" cellpadding="0">
   <tr>
-    <th>User</th>
-    <th>Email</th>
-    <th>Role</th>
+    <th><%= sortable "name", "User" %></th>
+    <th><%= sortable "email" %></th>
+    <th><%= sortable "role" %></th>
     <th></th>
   </tr>
 
diff --git a/config/brakeman.ignore b/config/brakeman.ignore
index ff0142e..e869cec 100644
--- a/config/brakeman.ignore
+++ b/config/brakeman.ignore
@@ -6,7 +6,7 @@
       "fingerprint": "6f3216446dca0fa79e96267eb0323d50cc59e7bc1e1529fd160cd5beb185e2f2",
       "message": "Possible SQL injection",
       "file": "app/controllers/admin/candidate_controller.rb",
-      "line": 9,
+      "line": 7,
       "link": "http://brakemanscanner.org/docs/warning_types/sql_injection/",
       "code": "Candidate.order(\"#{sort_column} #{sort_direction}\")",
       "render_path": null,
@@ -22,12 +22,31 @@
     {
       "warning_type": "SQL Injection",
       "warning_code": 0,
-      "fingerprint": "7b53c580318f2405b59e3332311533ed2d3b395020107634b5362462896dcc1a",
+      "fingerprint": "9e802ac2067c1ee551f97c1f37816b585451abc42b6a2c7903c6d97aa042da61",
+      "message": "Possible SQL injection",
+      "file": "app/controllers/admin/user_controller.rb",
+      "line": 5,
+      "link": "http://brakemanscanner.org/docs/warning_types/sql_injection/",
+      "code": "User.order(\"#{sort_column} #{sort_direction}\")",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "Admin::UserController",
+        "method": "index"
+      },
+      "user_input": "sort_column",
+      "confidence": "Medium",
+      "note": ""
+    },
+    {
+      "warning_type": "SQL Injection",
+      "warning_code": 0,
+      "fingerprint": "a65b53d63f1d43cb831947d0693d2d1b8819e21aec5ee18bf09b577ade02a0ee",
       "message": "Possible SQL injection",
       "file": "app/controllers/admin/result_controller.rb",
       "line": 16,
       "link": "http://brakemanscanner.org/docs/warning_types/sql_injection/",
-      "code": "Candidate.where(:completed => true).includes(:recruiter).order(\"#{sort_column} #{sort_direction}\")",
+      "code": "Candidate.where(:completed => true).includes(:recruiter).order(\"#{(\"(case when review_status = 0 then '' else name end)\" or sort_column)} #{sort_direction}\")",
       "render_path": null,
       "location": {
         "type": "method",
@@ -57,6 +76,6 @@
       "note": "false positive"
     }
   ],
-  "updated": "2017-02-27 11:16:00 -0600",
+  "updated": "2017-03-06 12:16:23 -0600",
   "brakeman_version": "3.4.1"
 }