homepage
Open menu
Talk with an expert

SANS Challenge Coins: The Ultimate Recognition to Elite Cybersecurity Professionals

Cyber Defense CurriculumOffensive Operations CurriculumDigital Forensics & Incident Response CurriculumIndustrial Control Systems SecurityCybersecurity LeadershipCloud Security Curriculum

The coins - more precisely, Round Metal Objects (RMO) - were initially created to recognize students who demonstrate exceptional talent and significantly contribute to, and lead, the cybersecurity profession and community. The coins are meant to be an honor; they're also intended to be rare. SANS Institute uses the coins to identify and honor those who excel at detecting and eradicating threats, those who understand the critical importance of cybersecurity and continually strive to further not only their own knowledge, but the knowledge of the entire cybersecurity field. These students actively share their experiences and encourage learning through participation in the community; they're typically leaders in the community.

The challenges through which students can earn a coin are typically held on the last day of class for a SANS course. Students compete in a Capture-the-Flag (CTF) or Capstone Challenge and must successfully overcome a number of obstacles to prove their proficiency during timed, hands-on incidents. The CTFs and Capstone Challenges are created by SANS' top instructors - each one a cybersecurity practitioner, subject-matter expert, experienced teacher, and professional leader in their own right.

Each SANS Institute Curriculum features different coins.

Those who are awarded SANS Challenge coins are also bestowed special privileges and recognition, including participation in the well-regarded "coin check" challenge and response.

A coin check typically begins by a challenger holding his or her coin in the air or slamming it on a table and yelling "coin check!" All those within earshot must respond by showing their coins to the challenger within 10 seconds. Anyone who fails to do so must buy those who successfully returned the coin check a round of drinks. If all the challenged coin holders produce their coin, the challenger must buy the round of drinks. (Also, if anyone accidentally drops their coin and it makes an audible sound on impact, they have "accidentally" initiated a coin check. There are no exceptions to the rules - get those coins out or you're buying!)

SANS Cyber Defense Curriculum

SANS Cyber Defense equips professionals with state-of-the-art defensive strategies and practical skills in cybersecurity. With a focus on real-world applications, our courses range from foundational defense principles to advanced techniques in network monitoring, security architecture, automation, and security operations. Our objective is to prepare security professionals to effectively protect and defend networks and systems against sophisticated cyber threats, ensuring they can quickly identify, respond to, and recover from incidents.
SEC401 Challenge Coin SEC401 Challenge Coin
SEC401: Security Essentials - Network, Endpoint, and Cloud
View Course
SEC450 Challenge Coin SEC450 Challenge Coin
SEC450: Blue Team Fundamentals: Security Operations and Analysis
View Course
SEC497 Challenge Coin SEC497 Challenge Coin
SEC497: Practical Open-Source Intelligence (OSINT)
View Course
SEC501 Challenge Coin SEC501 Challenge Coin
SEC501: Advanced Security Essentials - Enterprise Defender
View Course
SEC503 Challenge Coin SEC503 Challenge Coin
SEC503: Network Monitoring and Threat Detection In-Depth
View Course
SEC505 Challenge Coin SEC505 Challenge Coin
SEC505: Securing Windows and PowerShell Automation
View Course
SEC511 Challenge Coin SEC511 Challenge Coin
SEC511: Continuous Monitoring and Security Operations
View Course
SEC530 Challenge Coin SEC530 Challenge Coin
SEC530: Defensible Security Architecture and Engineering: Implementing Zero Trust for the Hybrid Enterprise
View Course
SEC555 Challenge Coin SEC555 Challenge Coin
SEC555: SIEM with Tactical Analysis
View Course
SEC573 Challenge Coin SEC573 Challenge Coin
SEC573: Automating Information Security with Python
View Course
SEC587 Challenge Coin SEC587 Challenge Coin
SEC587: Advanced Open-Source Intelligence (OSINT) Gathering and Analysis
View Course
SEC673 Challenge Coin SEC673 Challenge Coin
SEC673: Advanced Information Security Automation with Python
View Course

Offensive Operations Curriculum

SANS Offensive Operations leverages the vast experience of our esteemed faculty to produce the most thorough, cutting-edge offensive cyber security training content in the world. Our goal is to continually broaden the scope of our offensive-related course offerings to cover every possible attack vector. SANS Offensive Operations Curriculum offers courses spanning topics ranging from introductory penetration testing and hardware hacking, all the way to advanced exploit writing and red teaming, as well as specialized training such as purple teaming, wireless or mobile device security, and more.
SEC504 Challenge Coin SEC504 Challenge Coin
SEC504: Hacker Tools, Techniques, and Incident Handling
View Course
SEC542 Challenge Coin SEC542 Challenge Coin
SEC542: Web App Penetration Testing and Ethical Hacking
View Course
SEC560 Challenge Coin SEC560 Challenge Coin
SEC560: Enterprise Penetration Testing
View Course
SEC565 Challenge Coin SEC565 Challenge Coin
SEC565: Red Team Operations and Adversary Emulation
View Course
SEC568 Challenge Coin SEC568 Challenge Coin
SEC568: Combating Supply Chain Attacks with Product Security Testing
View Course
SEC575 Challenge Coin SEC575 Challenge Coin
SEC575: iOS and Android Application Security Analysis and Penetration Testing
View Course
SEC588 Challenge Coin SEC588 Challenge Coin
SEC588: Cloud Penetration Testing
View Course
SEC598 Challenge Coin SEC598 Challenge Coin
SEC598: Security Automation for Offense, Defense, and Cloud
View Course
SEC599 Challenge Coin SEC599 Challenge Coin
SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses
View Course
SEC617 Challenge Coin SEC617 Challenge Coin
SEC617: Wireless Penetration Testing and Ethical Hacking
View Course
SEC660 Challenge Coin SEC660 Challenge Coin
SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
View Course
SEC670 Challenge Coin SEC670 Challenge Coin
SEC670: Red Teaming Tools - Developing Windows Implants, Shellcode, Command and Control
View Course
SEC699 Challenge Coin SEC699 Challenge Coin
SEC699: Advanced Purple Teaming - Adversary Emulation & Detection Engineering
View Course
SEC760 Challenge Coin SEC760 Challenge Coin
SEC760: Advanced Exploit Development for Penetration Testers
View Course

Digital Forensics & Incident Response Curriculum

Whether you're seeking to maintain a trail of evidence on host or network systems or hunting for threats using similar techniques, larger organizations are in need of specialized professionals who can move beyond first-response incident handling to analyze an attack and develop an appropriate remediation and recovery plan. The DFIR curriculum will teach you how to detect compromised systems, identify how and when a breach occurred, understand what attackers took or changed, and successfully contain and remediate incidents.
FOR498 Challenge Coin FOR498 Challenge Coin
FOR498: Digital Acquisition and Rapid Triage
View Course
FOR500 Challenge Coin FOR500 Challenge Coin
FOR500: Windows Forensic Analysis
View Course
FOR508 Challenge Coin FOR508 Challenge Coin
FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
View Course
FOR509 Challenge Coin FOR509 Challenge Coin
FOR509: Enterprise Cloud Forensics and Incident Response
View Course
FOR518 Challenge Coin FOR518 Challenge Coin
FOR518: Mac and iOS Forensic Analysis and Incident Response
View Course
FOR528 Challenge Coin FOR528 Challenge Coin
FOR528: Ransomware and Cyber Extortion
View Course
FOR572 Challenge Coin FOR572 Challenge Coin
FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response
View Course
FOR577 Challenge Coin FOR577 Challenge Coin
FOR577: LINUX Incident Response and Threat Hunting
View Course
FOR578 Challenge Coin FOR578 Challenge Coin
FOR578: Cyber Threat Intelligence
View Course
FOR585 Challenge Coin FOR585 Challenge Coin
FOR585: Smartphone Forensic Analysis In-Depth
View Course
FOR589 Challenge Coin FOR589 Challenge Coin
FOR589: Cybercrime Intelligence
View Course
FOR608 Challenge Coin FOR608 Challenge Coin
FOR608: Enterprise-Class Incident Response & Threat Hunting
View Course
FOR610 Challenge Coin FOR610 Challenge Coin
FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
View Course
FOR710 Challenge Coin FOR710 Challenge Coin
FOR710: Reverse-Engineering Malware: Advanced Code Analysis
View Course

Industrial Control Systems Security

The SANS ICS curriculum provides hands-on training courses focused on attacking and defending ICS environments. These courses equip both security professionals and control system engineers with the knowledge and skills they need to safeguard our critical infrastructures.

Cybersecurity Leadership

Security leaders need both technical knowledge and management skills to gain the respect of technical team members, understand what technical staff are actually doing, and appropriately plan and manage security projects and initiatives. This is a big and important job that requires an understanding of a wide array of security topics. The SANS Cybersecurity Leadership curriculum develops cyber leaders who have the practical skills to build and lead security teams, communicate with technical and business leaders alike, and develop capabilities that build your organization's success.

Cloud Security Curriculum

SANS Cloud Security curriculum ingrains security into the minds of cloud, architecture, operations, and software engineers by providing world-class educational resources to design, develop, build, deploy, and monitor cloud resources.
Operation Challenge Coins Triad

Operational Triad Coin

An Operational Cybersecurity Leader will be able to:

  • Grow and sharpen their cyber defense team
  • Understand purpose of critical security controls
  • Implement a prioritized, risk-based approach to controls
  • Create and mature a vulnerability management program
  • Strategically identify vulnerability priorities
  • Align SOC efforts to track and organize defensive capabilities
  • Drive, verify, and communicate SOC improvements
  • Decrease a company's risk profile
  • Increase ROI on cybersecurity
List of Professionals Diego Mendoza's Story
Transformational Challenge Coins Triad

Transformational Triad Coin

A Transformational Cybersecurity Leader will be able to:

  • Lead security initiatives in line with business goals
  • Apply cybersecurity concepts to overall business strategy
  • Implement cybersecurity tools and methodologies
  • Analyze current state of information risk
  • Identify target state
  • Perform a gap analysis
  • Develop a comprehensive cybersecurity roadmap
  • Include employees at all levels of the org in every type of job role
  • Build, measure and manage a strong security culture
  • Decrease a company's risk profile
  • Increase ROI on cybersecurity

List of Professionals
470x382_DFIR-Coins_Updated.jpg

Lethal Forensicator Coin Holders

Already been awarded a coin in the Digital Forensics & Incident Response Curriculum? Find your name on our list of winners.

View Coin Holders