The coins - more precisely, Round Metal Objects (RMO) - were initially created to recognize students who demonstrate exceptional talent and significantly contribute to, and lead, the cybersecurity profession and community. The coins are meant to be an honor; they're also intended to be rare. SANS Institute uses the coins to identify and honor those who excel at detecting and eradicating threats, those who understand the critical importance of cybersecurity and continually strive to further not only their own knowledge, but the knowledge of the entire cybersecurity field. These students actively share their experiences and encourage learning through participation in the community; they're typically leaders in the community.

The challenges through which students can earn a coin are typically held on the last day of class for a SANS course. Students compete in a Capture-the-Flag (CTF) or Capstone Challenge and must successfully overcome a number of obstacles to prove their proficiency during timed, hands-on incidents. The CTFs and Capstone Challenges are created by SANS' top instructors - each one a cybersecurity practitioner, subject-matter expert, experienced teacher, and professional leader in their own right.

Each SANS Institute Curriculum features different coins.

Those who are awarded SANS Challenge coins are also bestowed special privileges and recognition, including participation in the well-regarded "coin check" challenge and response.

A coin check typically begins by a challenger holding his or her coin in the air or slamming it on a table and yelling "coin check!" All those within earshot must respond by showing their coins to the challenger within 10 seconds. Anyone who fails to do so must buy those who successfully returned the coin check a round of drinks. If all the challenged coin holders produce their coin, the challenger must buy the round of drinks. (Also, if anyone accidentally drops their coin and it makes an audible sound on impact, they have "accidentally" initiated a coin check. There are no exceptions to the rules - get those coins out or you're buying!)

SANS Cyber Defense Curriculum

SANS Cyber Defense equips professionals with state-of-the-art defensive strategies and practical skills in cybersecurity. With a focus on real-world applications, our courses range from foundational defense principles to advanced techniques in network monitoring, security architecture, automation, and security operations. Our objective is to prepare security professionals to effectively protect and defend networks and systems against sophisticated cyber threats, ensuring they can quickly identify, respond to, and recover from incidents.

Offensive Operations Curriculum

SANS Offensive Operations leverages the vast experience of our esteemed faculty to produce the most thorough, cutting-edge offensive cyber security training content in the world. Our goal is to continually broaden the scope of our offensive-related course offerings to cover every possible attack vector. SANS Offensive Operations Curriculum offers courses spanning topics ranging from introductory penetration testing and hardware hacking, all the way to advanced exploit writing and red teaming, as well as specialized training such as purple teaming, wireless or mobile device security, and more.

Industrial Control Systems Security

The SANS ICS curriculum provides hands-on training courses focused on attacking and defending ICS environments. These courses equip both security professionals and control system engineers with the knowledge and skills they need to safeguard our critical infrastructures.

Cybersecurity Leadership

Security leaders need both technical knowledge and management skills to gain the respect of technical team members, understand what technical staff are actually doing, and appropriately plan and manage security projects and initiatives. This is a big and important job that requires an understanding of a wide array of security topics. The SANS Cybersecurity Leadership curriculum develops cyber leaders who have the practical skills to build and lead security teams, communicate with technical and business leaders alike, and develop capabilities that build your organization's success.
Operation Challenge Coins Triad

Operational Triad Coin

An Operational Cybersecurity Leader will be able to:

  • Grow and sharpen their cyber defense team
  • Understand purpose of critical security controls
  • Implement a prioritized, risk-based approach to controls
  • Create and mature a vulnerability management program
  • Strategically identify vulnerability priorities
  • Align SOC efforts to track and organize defensive capabilities
  • Drive, verify, and communicate SOC improvements
  • Decrease a company's risk profile
  • Increase ROI on cybersecurity
Transformational Challenge Coins Triad

Transformational Triad Coin

A Transformational Cybersecurity Leader will be able to:

  • Lead security initiatives in line with business goals
  • Apply cybersecurity concepts to overall business strategy
  • Implement cybersecurity tools and methodologies
  • Analyze current state of information risk
  • Identify target state
  • Perform a gap analysis
  • Develop a comprehensive cybersecurity roadmap
  • Include employees at all levels of the org in every type of job role
  • Build, measure and manage a strong security culture
  • Decrease a company's risk profile
  • Increase ROI on cybersecurity

470x382_DFIR-Coins_Updated.jpg

Lethal Forensicator Coin Holders

Already been awarded a coin in the Digital Forensics & Incident Response Curriculum? Find your name on our list of winners.